[Owasp-leaders] Why it's ok to pay leaders

Arturo 'Buanzo' Busleiman buanzo at buanzo.com.ar
Sun Apr 15 13:21:01 UTC 2012


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

I consider paying hotel, trips, food and a cold one a great coding motivator :)

On 04/15/2012 07:33 AM, Paolo Perego wrote:
> Guys I want to spend my 0.02 cents on this topic. I'm not sure paying leaders to work on open
> source projects is a good idea, and it's not in the open source DNA itself. Consider projects
> like Rails, Linux Kernel... a lot of people contribute because: * projects are cool * they can
> spend the experience with recruiters or with they job bosses.
> 
> People don't ask for money... they ask for cool high visibility projects to work into.
> 
> So, in my opinion it's better to save money for summits, to appsec conferences or to finance
> local chapters to spread the voice... to make awareness.
> 
> Paying people to work for an open source projects is not in the open source DNA, is in the
> software factory one. IMHO it's best to invest in infrastructure to be used, nor in financial
> support for developers.
> 
> Paolo
> 
> 
> On Fri, Apr 13, 2012 at 9:59 PM, Arturo 'Buanzo' Busleiman <buanzo at buanzo.com.ar 
> <mailto:buanzo at buanzo.com.ar>> wrote:
> 
> Hell, I'll contribute a % out of my own pocket.
> 
> 
> On Fri, Apr 13, 2012 at 4:05 PM, Eoin <eoin.keary at owasp.org <mailto:eoin.keary at owasp.org>>
> wrote:
> 
> Hey jeff, see inline.
> 
> 
> Eoin Keary BCC Risk Advisory Owasp Global Board +353 87 977 2988
> <tel:%2B353%2087%20977%202988>
> 
> 
> On 13 Apr 2012, at 15:02, Jeff Williams <jeff.williams at owasp.org 
> <mailto:jeff.williams at owasp.org>> wrote:
> 
>> Hi everyone,
>> 
>> There?s some right on both sides of this argument actually.  The problem is that we?re not 
>> clear the desired outcome, and it?s making the right strategy hard to see.
> Desired outcome is defined in the proposal. It's simple. Reboot older projects, market and get
> adoption for active projects.
> 
>> 
>> There are those among us who want OWASP to become yet another security organization, deliver
>> a few cool projects and deliverables, have chapters, host conferences, and have a CEO.
> 
> Who are these people? It's not about that for me. It's about people using owasp and appointing
> value to the foundation. This gives rise to adoption and hence more secure software.
> 
>> We could easily do this.  In fact, we mostly have.  It?s a safe strategy, but it won?t result
>> in any meaningful change in the world.  It?s design by committee.  It will never scale to the
>> size and influence necessary to effect real change.  And frankly, it?s boring.
> 
> Reading 70 emails on spending a few dollars is equally boring. Can we not just go and do it. 
> Owasp has lots of red tape compared to 5 years ago.
> 
> 
>> 
>> And then there are those of us (myself included) that are shooting for something 
>> extraordinary.  This is not about OWASP.  It?s about changing the way the world creates 
>> software.
> 
> Agreed so let's just go and do it. Current model does not work. Very little project activity.
> We are turning into a conference event organisation.
> 
>> We know that OWASP can?t fund every good idea ? it can?t even know what the good ideas are.
>> But we can use our time and money to create a platform that will support and encourage a ton
>> of ideas ? and maybe if we are lucky one will actually work.
> Agreed. Reboot is open for project submissions.
> 
>> 
>> I urge you to abandon the idea of paying leaders.  Invest in the platform and great things 
>> will happen.
> People are the platform. What else is there? A wiki? Let's invest in the people.
> 
>> If projects need funds then they should use the OWASP Project Partnership Model 
>> <https://docs.google.com/document/d/1ea4jWVDziLcZMTJUC5qW5psWYROpB-oPlqyl4Ei2xHA/edit?hl=en_US&authkey=CKycuTY
>>
>> 
<https://docs.google.com/document/d/1ea4jWVDziLcZMTJUC5qW5psWYROpB-oPlqyl4Ei2xHA/edit?hl=en_US&authkey=CKycuTY>>
>> .
> 
> That model was announced last September, how is it going? Is it getting much traction. What 
> projects are under this model?
> 
>> I am and it works.  Encourage crazy experiments.  Figure out a way to get appsec to go viral.
>> Give a little support to a thousand appsec projects to help them bloom and grow, not just a
>> chosen few.
>> 
> No projects will be chosen. We had a rough leadership vote a few weeks back but individuals 
> need to propose projects.
> 
>> --Jeff
>> 
>> 
>> 
>> On Apr 13, 2012, at 7:44 AM, Eoin <eoin.keary at owasp.org <mailto:eoin.keary at owasp.org>>
>> wrote:
>> 
>>> Hi,
>>> 
>>> The wiki page is here: https://www.owasp.org/index.php/Projects_Reboot_2012
>>> 
>>> I think we have debated this enough, written blogs and had phone conversations. I hope for
>>> the board to ratify, or not the proposal today.
>>> 
>>> 
>>> Eoin
>>> 
>>> 
>>> 
>>> 
>>> 
>>> 
>>> On 13 April 2012 11:10, John Wilander <john.wilander at owasp.org 
>>> <mailto:john.wilander at owasp.org>> wrote:
>>> 
>>> I would prefer a referendum among leaders preceded by both sides presenting their side of
>>> the matter on a wiki tab each. We would also need a info page what is actually proposed.
>>> "Pay" is too vague. This is an important question for the foundation. If a majority of
>>> leaders vote the community will have a much easier time accepting the outcome than if the
>>> board decides.
>>> 
>>> If the board doesn't want a referendum I assume you will not take part in the discussion
>>> nor the vote, Eoin, since it's your proposal.
>>> 
>>> Regards, John
>>> 
>>> -- My music http://www.johnwilander.com <http://www.johnwilander.com/> Twitter
>>> https://twitter.com/johnwilander CV or Résumé http://johnwilander.se
>>> <http://johnwilander.se/>
>>> 
>>> 13 apr 2012 kl. 11:33 skrev Eoin <eoin.keary at owasp.org <mailto:eoin.keary at owasp.org>>:
>>> 
>>>> Im afraid that is not true..... The 2008 summer of code, leaders were paid. Great
>>>> projects were delivered.... check the wiki.
>>>> 
>>>> Can we let the board decide this matter? It is what the board is for.
>>>> 
>>>> On 12 April 2012 16:05, Dennis Groves <dennis.groves at owasp.org 
>>>> <mailto:dennis.groves at owasp.org>> wrote:
>>>> 
>>>> Its not open to all, OWASP leaders must not be paid by OWASP. Did you not read Dinis's
>>>> message? You seem to fail to understand that OWASP has been down this route of paying its
>>>> leaders at least twice and it failed both times.
>>>> 
>>>> Once you go down that route you destroy OWASP's meritocracy and cease to be the an open
>>>> social organization.
>>>> 
>>>> You create a corporation; and corporations are closed not open. You don't for example
>>>> share openly the salaries of all the different paid employees with each other. Why? Did
>>>> you watch the TED talk about morality in animals? Even monkeys refuse to work under such
>>>> conditions. So, you must start closing OWASP. This is no longer OWASP its CWASP.
>>>> 
>>>> You are right this shouldn't need to be up for discussion, but clearly some of members
>>>> still fail to understand that this is the very fabric of OWASP and that we not only is
>>>> paying OWASP leaders verboten; it is tantamount destroying OWASP, and I know you are not
>>>> advocating this! :-)
>>>> 
>>>> *I have choose just a single problem,that would result - Dinis has identified over 15 in
>>>> his email that would require resolutions to make it work*
>>>> 
>>>> 
>>>> 
>>>> 
>>>> 
>>>> -- Dennis Groves <http://about.me/dennis.groves>, MSc dennis.groves at owasp.org
>>>> <mailto:dennis.groves at owasp.org>
>>>> 
>>>> <http://www.owasp.org/>
>>>> 
>>>> /This work is licensed under the Creative Commons Attribution-NonCommercial-NoDerivs 3.0
>>>> Unported License. To view a copy of this license, visit
>>>> http://creativecommons.org/licenses/by-nc-nd/3.0/ or send a letter to Creative Commons,
>>>> 444 Castro Street, Suite 900, Mountain View, California, 94041, USA./
>>>> 
>>>> 
>>>> 
>>>> On Thu, Apr 12, 2012 at 15:08, Kenneth Van Wyk <ken at krvw.com <mailto:ken at krvw.com>>
>>>> wrote:
>>>> 
>>>> OK, gotta chime in. I've followed this thread, and frankly, I can't even imagine why it's
>>>> up for discussion.
>>>> 
>>>> If OWASP has money to fund a project/event/whatever, AND
>>>> 
>>>> Bidding on that funded effort is open to all, AND
>>>> 
>>>> There is a fair and equitable selection process, with appropriate checks and balances,
>>>> removal of conflicts of interest, AND
>>>> 
>>>> An OWASP Leader happens to be selected, THEN
>>>> 
>>>> It's a win for everyone.
>>>> 
>>>> OWASP gets the effort from the person(s) selected.
>>>> 
>>>> The selected person(s) gets revenue for his/her efforts.
>>>> 
>>>> I mean, DUH! Why aren't we all doing a face-palm over this non-issue?
>>>> 
>>>> Please explain what I'm missing here.
>>>> 
>>>> Cheers,
>>>> 
>>>> Ken van Wyk
>>>> 
>>>> 
>>>> 
>>>> _______________________________________________ OWASP-Leaders mailing list 
>>>> OWASP-Leaders at lists.owasp.org <mailto:OWASP-Leaders at lists.owasp.org> 
>>>> https://lists.owasp.org/mailman/listinfo/owasp-leaders
>>>> 
>>>> 
>>>> 
>>>> _______________________________________________ OWASP-Leaders mailing list 
>>>> OWASP-Leaders at lists.owasp.org <mailto:OWASP-Leaders at lists.owasp.org> 
>>>> https://lists.owasp.org/mailman/listinfo/owasp-leaders
>>>> 
>>>> 
>>>> 
>>>> 
>>>> -- Eoin Keary OWASP Global Board Member (Vice Chair)
>>>> 
>>>> https://twitter.com/EoinKeary
>>>> 
>>>> 
>>>> _______________________________________________ OWASP-Leaders mailing list 
>>>> OWASP-Leaders at lists.owasp.org <mailto:OWASP-Leaders at lists.owasp.org> 
>>>> https://lists.owasp.org/mailman/listinfo/owasp-leaders
>>> 
>>> 
>>> 
>>> 
>>> -- Eoin Keary OWASP Global Board Member (Vice Chair)
>>> 
>>> https://twitter.com/EoinKeary
>>> 
>>> 
>>> _______________________________________________ OWASP-Leaders mailing list 
>>> OWASP-Leaders at lists.owasp.org <mailto:OWASP-Leaders at lists.owasp.org> 
>>> https://lists.owasp.org/mailman/listinfo/owasp-leaders
> 
> _______________________________________________ OWASP-Leaders mailing list 
> OWASP-Leaders at lists.owasp.org <mailto:OWASP-Leaders at lists.owasp.org> 
> https://lists.owasp.org/mailman/listinfo/owasp-leaders
> 
> 
> 
> _______________________________________________ OWASP-Leaders mailing list 
> OWASP-Leaders at lists.owasp.org <mailto:OWASP-Leaders at lists.owasp.org> 
> https://lists.owasp.org/mailman/listinfo/owasp-leaders
> 
> 
> 
> 
> -- "... static analysis is fun, again!"
> 
> OWASP Orizon project leader, http://github.com/thesp0nge/owasp-orizon OWASP Esapi Ruby project
> leader, https://github.com/thesp0nge/owasp-esapi-ruby
> 
> 
> _______________________________________________ OWASP-Leaders mailing list 
> OWASP-Leaders at lists.owasp.org https://lists.owasp.org/mailman/listinfo/owasp-leaders


- -- 
? Arturo "Buanzo" Busleiman ? - MUSICA: soundcloud.com/no-carrier
Independent Linux and Security Consultant - 16+y of IT exp. at your service .
OWASPer - http://www.buanzo.com.ar/pro/eng.html                             ..:
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/

iEYEAREKAAYFAk+KyzkACgkQAlpOsGhXcE2EpACfbvFVciMkgISQaAyrmN0yh8O3
LHsAn3GG2HipxAfBVoKTCUVx+cyPbWtl
=v7iW
-----END PGP SIGNATURE-----


More information about the OWASP-Leaders mailing list