[Owasp-leaders] Why it's ok to pay leaders

Arturo 'Buanzo' Busleiman buanzo at buanzo.com.ar
Fri Apr 13 19:59:33 UTC 2012


Hell, I'll contribute a % out of my own pocket.

On Fri, Apr 13, 2012 at 4:05 PM, Eoin <eoin.keary at owasp.org> wrote:

> Hey jeff, see inline.
>
>
> Eoin Keary
> BCC Risk Advisory
> Owasp Global Board
> +353 87 977 2988
>
>
> On 13 Apr 2012, at 15:02, Jeff Williams <jeff.williams at owasp.org> wrote:
>
> Hi everyone,
>
> There’s some right on both sides of this argument actually.  The problem
> is that we’re not clear the desired outcome, and it’s making the right
> strategy hard to see.
>
> Desired outcome is defined in the proposal. It's simple. Reboot older
> projects, market and get adoption for active projects.
>
>
> There are those among us who want OWASP to become yet another security
> organization, deliver a few cool projects and deliverables, have chapters,
> host conferences, and have a CEO.
>
>
> Who are these people?
> It's not about that for me. It's about people using owasp and appointing
> value to the foundation. This gives rise to adoption and hence more secure
> software.
>
> We could easily do this.  In fact, we mostly have.  It’s a safe strategy,
> but it won’t result in any meaningful change in the world.  It’s design by
> committee.  It will never scale to the size and influence necessary to
> effect real change.  And frankly, it’s boring.
>
>
> Reading 70 emails on spending a few dollars is equally boring. Can we not
> just go and do it. Owasp has lots of red tape compared to 5 years ago.
>
>
>
> And then there are those of us (myself included) that are shooting for
> something extraordinary.  This is not about OWASP.  It’s about changing the
> way the world creates software.
>
>
> Agreed so let's just go and do it.
> Current model does not work. Very little project activity. We are turning
> into a conference event organisation.
>
> We know that OWASP can’t fund every good idea – it can’t even know what
> the good ideas are.  But we can use our time and money to create a platform
> that will support and encourage a ton of ideas – and maybe if we are lucky
> one will actually work.
>
> Agreed. Reboot is open for project submissions.
>
>
> I urge you to abandon the idea of paying leaders.  Invest in the platform
> and great things will happen.
>
> People are the platform. What else is there? A wiki? Let's invest in the
> people.
>
>  If projects need funds then they should use the OWASP Project Partnership
> Model <
> https://docs.google.com/document/d/1ea4jWVDziLcZMTJUC5qW5psWYROpB-oPlqyl4Ei2xHA/edit?hl=en_US&authkey=CKycuTY>
> .
>
>
> That model was announced last September, how is it going? Is it getting
> much traction. What projects are under this model?
>
>  I am and it works.  Encourage crazy experiments.  Figure out a way to get
> appsec to go viral.  Give a little support to a thousand appsec projects to
> help them bloom and grow, not just a chosen few.
>
> No projects will be chosen. We had a rough leadership vote a few weeks
> back but individuals need to propose projects.
>
> --Jeff
>
>
>
> On Apr 13, 2012, at 7:44 AM, Eoin <eoin.keary at owasp.org> wrote:
>
> Hi,
>
> The wiki page is here:
> https://www.owasp.org/index.php/Projects_Reboot_2012
>
> I think we have debated this enough, written blogs and had phone
> conversations.
> I hope for the board to ratify, or not the proposal today.
>
>
> Eoin
>
>
>
>
>
>
> On 13 April 2012 11:10, John Wilander <john.wilander at owasp.org> wrote:
>
>>  I would prefer a referendum among leaders preceded by both sides
>> presenting their side of the matter on a wiki tab each. We would also need
>> a info page what is actually proposed. "Pay" is too vague. This is an
>> important question for the foundation. If a majority of leaders vote the
>> community will have a much easier time accepting the outcome than if the
>> board decides.
>>
>> If the board doesn't want a referendum I assume you will not take part in
>> the discussion nor the vote, Eoin, since it's your proposal.
>>
>>    Regards, John
>>
>> --
>> My music http://www.johnwilander.com
>> Twitter https://twitter.com/johnwilander
>> CV or Résumé http://johnwilander.se
>>
>> 13 apr 2012 kl. 11:33 skrev Eoin <eoin.keary at owasp.org>:
>>
>>    Im afraid that is not true.....
>> The 2008 summer of code, leaders were paid.
>> Great projects were delivered.... check the wiki.
>>
>> Can we let the board decide this matter? It is what the board is for.
>>
>> On 12 April 2012 16:05, Dennis Groves <dennis.groves at owasp.org> wrote:
>>
>>> Its not open to all, OWASP leaders must not be paid by OWASP. Did you
>>> not read Dinis's message? You seem to fail to understand that OWASP has
>>> been down this route of paying its leaders at least twice and it failed
>>> both times.
>>>
>>> Once you go down that route you destroy OWASP's meritocracy and cease to
>>> be the an open social organization.
>>>
>>> You create a corporation; and corporations are closed not open. You
>>> don't for example share openly the salaries of all the different paid
>>> employees with each other. Why? Did you watch the TED talk about morality
>>> in animals? Even monkeys refuse to work under such conditions. So, you must
>>> start closing OWASP. This is no longer OWASP its CWASP.
>>>
>>> You are right this shouldn't need to be up for discussion, but clearly
>>> some of members still fail to understand that this is the very fabric of
>>> OWASP and that we not only is paying OWASP leaders verboten; it is
>>> tantamount destroying OWASP, and I know you are not advocating this! :-)
>>>
>>> *I have choose just a single problem,that would result - Dinis has
>>> identified over 15 in his email that would require resolutions to make it
>>> work*
>>>
>>>
>>>
>>>
>>>
>>> --
>>> Dennis Groves <http://about.me/dennis.groves>, MSc
>>> dennis.groves at owasp.org
>>>
>>>  <http://www.owasp.org/>
>>>
>>> *This work is licensed under the Creative Commons
>>> Attribution-NonCommercial-NoDerivs 3.0 Unported License. To view a copy of
>>> this license, visit http://creativecommons.org/licenses/by-nc-nd/3.0/or send a letter to Creative Commons, 444 Castro Street, Suite 900,
>>> Mountain View, California, 94041, USA.*
>>>
>>>
>>>
>>>  On Thu, Apr 12, 2012 at 15:08, Kenneth Van Wyk <ken at krvw.com> wrote:
>>>
>>>>  OK, gotta chime in. I've followed this thread, and frankly, I can't
>>>> even imagine why it's up for discussion.
>>>>
>>>> If OWASP has money to fund a project/event/whatever, AND
>>>>
>>>> Bidding on that funded effort is open to all, AND
>>>>
>>>> There is a fair and equitable selection process, with appropriate
>>>> checks and balances, removal of conflicts of interest, AND
>>>>
>>>> An OWASP Leader happens to be selected, THEN
>>>>
>>>> It's a win for everyone.
>>>>
>>>> OWASP gets the effort from the person(s) selected.
>>>>
>>>> The selected person(s) gets revenue for his/her efforts.
>>>>
>>>> I mean, DUH! Why aren't we all doing a face-palm over this non-issue?
>>>>
>>>> Please explain what I'm missing here.
>>>>
>>>> Cheers,
>>>>
>>>> Ken van Wyk
>>>>
>>>>
>>>>
>>>> _______________________________________________
>>>> OWASP-Leaders mailing list
>>>> OWASP-Leaders at lists.owasp.org
>>>> https://lists.owasp.org/mailman/listinfo/owasp-leaders
>>>>
>>>>
>>>
>>> _______________________________________________
>>> OWASP-Leaders mailing list
>>> OWASP-Leaders at lists.owasp.org
>>> https://lists.owasp.org/mailman/listinfo/owasp-leaders
>>>
>>>
>>
>>
>> --
>> Eoin Keary
>> OWASP Global Board Member (Vice Chair)
>>
>> https://twitter.com/EoinKeary
>>
>>
>>  _______________________________________________
>> OWASP-Leaders mailing list
>> OWASP-Leaders at lists.owasp.org
>> https://lists.owasp.org/mailman/listinfo/owasp-leaders
>>
>>
>
>
> --
> Eoin Keary
> OWASP Global Board Member (Vice Chair)
>
> https://twitter.com/EoinKeary
>
>
> _______________________________________________
> OWASP-Leaders mailing list
> OWASP-Leaders at lists.owasp.org
> https://lists.owasp.org/mailman/listinfo/owasp-leaders
>
>
> _______________________________________________
> OWASP-Leaders mailing list
> OWASP-Leaders at lists.owasp.org
> https://lists.owasp.org/mailman/listinfo/owasp-leaders
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/owasp-leaders/attachments/20120413/bb112420/attachment-0001.html>


More information about the OWASP-Leaders mailing list