[Owasp-leaders] Why it's ok to pay leaders

Paolo Perego thesp0nge at owasp.org
Sun Apr 15 10:33:20 UTC 2012


Guys I want to spend my 0.02 cents on this topic.
I'm not sure paying leaders to work on open source projects is a good idea,
and it's not in the open source DNA itself.
Consider projects like Rails, Linux Kernel... a lot of people contribute
because:
* projects are cool
* they can spend the experience with recruiters or with they job bosses.

People don't ask for money... they ask for cool high visibility projects to
work into.

So, in my opinion it's better to save money for summits, to appsec
conferences or to finance local chapters to spread the voice... to make
awareness.

Paying people to work for an open source projects is not in the open source
DNA, is in the software factory one.
IMHO it's best to invest in infrastructure to be used, nor in financial
support for developers.

Paolo


On Fri, Apr 13, 2012 at 9:59 PM, Arturo 'Buanzo' Busleiman <
buanzo at buanzo.com.ar> wrote:

> Hell, I'll contribute a % out of my own pocket.
>
>
> On Fri, Apr 13, 2012 at 4:05 PM, Eoin <eoin.keary at owasp.org> wrote:
>
>> Hey jeff, see inline.
>>
>>
>> Eoin Keary
>> BCC Risk Advisory
>> Owasp Global Board
>> +353 87 977 2988
>>
>>
>> On 13 Apr 2012, at 15:02, Jeff Williams <jeff.williams at owasp.org> wrote:
>>
>> Hi everyone,
>>
>> There’s some right on both sides of this argument actually.  The problem
>> is that we’re not clear the desired outcome, and it’s making the right
>> strategy hard to see.
>>
>> Desired outcome is defined in the proposal. It's simple. Reboot older
>> projects, market and get adoption for active projects.
>>
>>
>> There are those among us who want OWASP to become yet another security
>> organization, deliver a few cool projects and deliverables, have chapters,
>> host conferences, and have a CEO.
>>
>>
>> Who are these people?
>> It's not about that for me. It's about people using owasp and appointing
>> value to the foundation. This gives rise to adoption and hence more secure
>> software.
>>
>> We could easily do this.  In fact, we mostly have.  It’s a safe strategy,
>> but it won’t result in any meaningful change in the world.  It’s design by
>> committee.  It will never scale to the size and influence necessary to
>> effect real change.  And frankly, it’s boring.
>>
>>
>> Reading 70 emails on spending a few dollars is equally boring. Can we not
>> just go and do it. Owasp has lots of red tape compared to 5 years ago.
>>
>>
>>
>> And then there are those of us (myself included) that are shooting for
>> something extraordinary.  This is not about OWASP.  It’s about changing the
>> way the world creates software.
>>
>>
>> Agreed so let's just go and do it.
>> Current model does not work. Very little project activity. We are turning
>> into a conference event organisation.
>>
>> We know that OWASP can’t fund every good idea – it can’t even know what
>> the good ideas are.  But we can use our time and money to create a platform
>> that will support and encourage a ton of ideas – and maybe if we are lucky
>> one will actually work.
>>
>> Agreed. Reboot is open for project submissions.
>>
>>
>> I urge you to abandon the idea of paying leaders.  Invest in the platform
>> and great things will happen.
>>
>> People are the platform. What else is there? A wiki? Let's invest in the
>> people.
>>
>>  If projects need funds then they should use the OWASP Project
>> Partnership Model <
>> https://docs.google.com/document/d/1ea4jWVDziLcZMTJUC5qW5psWYROpB-oPlqyl4Ei2xHA/edit?hl=en_US&authkey=CKycuTY>
>> .
>>
>>
>> That model was announced last September, how is it going? Is it getting
>> much traction. What projects are under this model?
>>
>>  I am and it works.  Encourage crazy experiments.  Figure out a way to
>> get appsec to go viral.  Give a little support to a thousand appsec
>> projects to help them bloom and grow, not just a chosen few.
>>
>> No projects will be chosen. We had a rough leadership vote a few weeks
>> back but individuals need to propose projects.
>>
>> --Jeff
>>
>>
>>
>> On Apr 13, 2012, at 7:44 AM, Eoin <eoin.keary at owasp.org> wrote:
>>
>> Hi,
>>
>> The wiki page is here:
>> https://www.owasp.org/index.php/Projects_Reboot_2012
>>
>> I think we have debated this enough, written blogs and had phone
>> conversations.
>> I hope for the board to ratify, or not the proposal today.
>>
>>
>> Eoin
>>
>>
>>
>>
>>
>>
>> On 13 April 2012 11:10, John Wilander <john.wilander at owasp.org> wrote:
>>
>>>  I would prefer a referendum among leaders preceded by both sides
>>> presenting their side of the matter on a wiki tab each. We would also need
>>> a info page what is actually proposed. "Pay" is too vague. This is an
>>> important question for the foundation. If a majority of leaders vote the
>>> community will have a much easier time accepting the outcome than if the
>>> board decides.
>>>
>>> If the board doesn't want a referendum I assume you will not take part
>>> in the discussion nor the vote, Eoin, since it's your proposal.
>>>
>>>    Regards, John
>>>
>>> --
>>> My music http://www.johnwilander.com
>>> Twitter https://twitter.com/johnwilander
>>> CV or Résumé http://johnwilander.se
>>>
>>> 13 apr 2012 kl. 11:33 skrev Eoin <eoin.keary at owasp.org>:
>>>
>>>    Im afraid that is not true.....
>>> The 2008 summer of code, leaders were paid.
>>> Great projects were delivered.... check the wiki.
>>>
>>> Can we let the board decide this matter? It is what the board is for.
>>>
>>> On 12 April 2012 16:05, Dennis Groves <dennis.groves at owasp.org> wrote:
>>>
>>>> Its not open to all, OWASP leaders must not be paid by OWASP. Did you
>>>> not read Dinis's message? You seem to fail to understand that OWASP has
>>>> been down this route of paying its leaders at least twice and it failed
>>>> both times.
>>>>
>>>> Once you go down that route you destroy OWASP's meritocracy and cease
>>>> to be the an open social organization.
>>>>
>>>> You create a corporation; and corporations are closed not open. You
>>>> don't for example share openly the salaries of all the different paid
>>>> employees with each other. Why? Did you watch the TED talk about morality
>>>> in animals? Even monkeys refuse to work under such conditions. So, you must
>>>> start closing OWASP. This is no longer OWASP its CWASP.
>>>>
>>>> You are right this shouldn't need to be up for discussion, but clearly
>>>> some of members still fail to understand that this is the very fabric of
>>>> OWASP and that we not only is paying OWASP leaders verboten; it is
>>>> tantamount destroying OWASP, and I know you are not advocating this! :-)
>>>>
>>>> *I have choose just a single problem,that would result - Dinis has
>>>> identified over 15 in his email that would require resolutions to make it
>>>> work*
>>>>
>>>>
>>>>
>>>>
>>>>
>>>> --
>>>> Dennis Groves <http://about.me/dennis.groves>, MSc
>>>> dennis.groves at owasp.org
>>>>
>>>>  <http://www.owasp.org/>
>>>>
>>>> *This work is licensed under the Creative Commons
>>>> Attribution-NonCommercial-NoDerivs 3.0 Unported License. To view a copy of
>>>> this license, visit http://creativecommons.org/licenses/by-nc-nd/3.0/or send a letter to Creative Commons, 444 Castro Street, Suite 900,
>>>> Mountain View, California, 94041, USA.*
>>>>
>>>>
>>>>
>>>>  On Thu, Apr 12, 2012 at 15:08, Kenneth Van Wyk <ken at krvw.com> wrote:
>>>>
>>>>>  OK, gotta chime in. I've followed this thread, and frankly, I can't
>>>>> even imagine why it's up for discussion.
>>>>>
>>>>> If OWASP has money to fund a project/event/whatever, AND
>>>>>
>>>>> Bidding on that funded effort is open to all, AND
>>>>>
>>>>> There is a fair and equitable selection process, with appropriate
>>>>> checks and balances, removal of conflicts of interest, AND
>>>>>
>>>>> An OWASP Leader happens to be selected, THEN
>>>>>
>>>>> It's a win for everyone.
>>>>>
>>>>> OWASP gets the effort from the person(s) selected.
>>>>>
>>>>> The selected person(s) gets revenue for his/her efforts.
>>>>>
>>>>> I mean, DUH! Why aren't we all doing a face-palm over this non-issue?
>>>>>
>>>>> Please explain what I'm missing here.
>>>>>
>>>>> Cheers,
>>>>>
>>>>> Ken van Wyk
>>>>>
>>>>>
>>>>>
>>>>> _______________________________________________
>>>>> OWASP-Leaders mailing list
>>>>> OWASP-Leaders at lists.owasp.org
>>>>> https://lists.owasp.org/mailman/listinfo/owasp-leaders
>>>>>
>>>>>
>>>>
>>>> _______________________________________________
>>>> OWASP-Leaders mailing list
>>>> OWASP-Leaders at lists.owasp.org
>>>> https://lists.owasp.org/mailman/listinfo/owasp-leaders
>>>>
>>>>
>>>
>>>
>>> --
>>> Eoin Keary
>>> OWASP Global Board Member (Vice Chair)
>>>
>>> https://twitter.com/EoinKeary
>>>
>>>
>>>  _______________________________________________
>>> OWASP-Leaders mailing list
>>> OWASP-Leaders at lists.owasp.org
>>> https://lists.owasp.org/mailman/listinfo/owasp-leaders
>>>
>>>
>>
>>
>> --
>> Eoin Keary
>> OWASP Global Board Member (Vice Chair)
>>
>> https://twitter.com/EoinKeary
>>
>>
>> _______________________________________________
>> OWASP-Leaders mailing list
>> OWASP-Leaders at lists.owasp.org
>> https://lists.owasp.org/mailman/listinfo/owasp-leaders
>>
>>
>> _______________________________________________
>> OWASP-Leaders mailing list
>> OWASP-Leaders at lists.owasp.org
>> https://lists.owasp.org/mailman/listinfo/owasp-leaders
>>
>>
>
> _______________________________________________
> OWASP-Leaders mailing list
> OWASP-Leaders at lists.owasp.org
> https://lists.owasp.org/mailman/listinfo/owasp-leaders
>
>


-- 
"... static analysis is fun, again!"

OWASP Orizon project leader, http://github.com/thesp0nge/owasp-orizon
OWASP Esapi Ruby project leader,
https://github.com/thesp0nge/owasp-esapi-ruby
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/owasp-leaders/attachments/20120415/1c06cd49/attachment.html>


More information about the OWASP-Leaders mailing list