[Owasp-leaders] Why it's ok to pay leaders

Arturo 'Buanzo' Busleiman buanzo at buanzo.com.ar
Sun Apr 15 15:53:02 UTC 2012


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Yeah. I mean, don't give me money so I can spend it... spend it for me to have a good time with
fellow OWASPers, do networking, coding, discuss and publish results.

That's paying the leaders as well.

On 04/15/2012 12:39 PM, Paolo Perego wrote:
> My friend that's why I think conf meet up and hackathons would be a good investment :)
> 
> "static analysis is fun... again" Owasp Orizon project leader: http://orizon.sf.net Owasp Italy
> R&D director
> 
> On 15/apr/2012, at 15:21, "Arturo 'Buanzo' Busleiman" <buanzo at buanzo.com.ar> wrote:
> 
> I consider paying hotel, trips, food and a cold one a great coding motivator :)
> 
> On 04/15/2012 07:33 AM, Paolo Perego wrote:
>>>> Guys I want to spend my 0.02 cents on this topic. I'm not sure paying leaders to work on
>>>> open source projects is a good idea, and it's not in the open source DNA itself. Consider
>>>> projects like Rails, Linux Kernel... a lot of people contribute because: * projects are
>>>> cool * they can spend the experience with recruiters or with they job bosses.
>>>> 
>>>> People don't ask for money... they ask for cool high visibility projects to work into.
>>>> 
>>>> So, in my opinion it's better to save money for summits, to appsec conferences or to
>>>> finance local chapters to spread the voice... to make awareness.
>>>> 
>>>> Paying people to work for an open source projects is not in the open source DNA, is in
>>>> the software factory one. IMHO it's best to invest in infrastructure to be used, nor in
>>>> financial support for developers.
>>>> 
>>>> Paolo
>>>> 
>>>> 
>>>> On Fri, Apr 13, 2012 at 9:59 PM, Arturo 'Buanzo' Busleiman <buanzo at buanzo.com.ar 
>>>> <mailto:buanzo at buanzo.com.ar>> wrote:
>>>> 
>>>> Hell, I'll contribute a % out of my own pocket.
>>>> 
>>>> 
>>>> On Fri, Apr 13, 2012 at 4:05 PM, Eoin <eoin.keary at owasp.org
>>>> <mailto:eoin.keary at owasp.org>> wrote:
>>>> 
>>>> Hey jeff, see inline.
>>>> 
>>>> 
>>>> Eoin Keary BCC Risk Advisory Owasp Global Board +353 87 977 2988 
>>>> <tel:%2B353%2087%20977%202988>
>>>> 
>>>> 
>>>> On 13 Apr 2012, at 15:02, Jeff Williams <jeff.williams at owasp.org 
>>>> <mailto:jeff.williams at owasp.org>> wrote:
>>>> 
>>>>> Hi everyone,
>>>>> 
>>>>> There?s some right on both sides of this argument actually.  The problem is that we?re
>>>>> not clear the desired outcome, and it?s making the right strategy hard to see.
>>>> Desired outcome is defined in the proposal. It's simple. Reboot older projects, market
>>>> and get adoption for active projects.
>>>> 
>>>>> 
>>>>> There are those among us who want OWASP to become yet another security organization,
>>>>> deliver a few cool projects and deliverables, have chapters, host conferences, and have
>>>>> a CEO.
>>>> 
>>>> Who are these people? It's not about that for me. It's about people using owasp and
>>>> appointing value to the foundation. This gives rise to adoption and hence more secure
>>>> software.
>>>> 
>>>>> We could easily do this.  In fact, we mostly have.  It?s a safe strategy, but it won?t
>>>>> result in any meaningful change in the world.  It?s design by committee.  It will never
>>>>> scale to the size and influence necessary to effect real change.  And frankly, it?s
>>>>> boring.
>>>> 
>>>> Reading 70 emails on spending a few dollars is equally boring. Can we not just go and do
>>>> it. Owasp has lots of red tape compared to 5 years ago.
>>>> 
>>>> 
>>>>> 
>>>>> And then there are those of us (myself included) that are shooting for something 
>>>>> extraordinary.  This is not about OWASP.  It?s about changing the way the world creates
>>>>>  software.
>>>> 
>>>> Agreed so let's just go and do it. Current model does not work. Very little project
>>>> activity. We are turning into a conference event organisation.
>>>> 
>>>>> We know that OWASP can?t fund every good idea ? it can?t even know what the good ideas
>>>>> are. But we can use our time and money to create a platform that will support and
>>>>> encourage a ton of ideas ? and maybe if we are lucky one will actually work.
>>>> Agreed. Reboot is open for project submissions.
>>>> 
>>>>> 
>>>>> I urge you to abandon the idea of paying leaders.  Invest in the platform and great
>>>>> things will happen.
>>>> People are the platform. What else is there? A wiki? Let's invest in the people.
>>>> 
>>>>> If projects need funds then they should use the OWASP Project Partnership Model 
>>>>> <https://docs.google.com/document/d/1ea4jWVDziLcZMTJUC5qW5psWYROpB-oPlqyl4Ei2xHA/edit?hl=en_US&authkey=CKycuTY
>>>>>
>>>>>
>
>>>>> 
<https://docs.google.com/document/d/1ea4jWVDziLcZMTJUC5qW5psWYROpB-oPlqyl4Ei2xHA/edit?hl=en_US&authkey=CKycuTY>>
>>>>> .
>>>> 
>>>> That model was announced last September, how is it going? Is it getting much traction.
>>>> What projects are under this model?
>>>> 
>>>>> I am and it works.  Encourage crazy experiments.  Figure out a way to get appsec to go
>>>>> viral. Give a little support to a thousand appsec projects to help them bloom and grow,
>>>>> not just a chosen few.
>>>>> 
>>>> No projects will be chosen. We had a rough leadership vote a few weeks back but
>>>> individuals need to propose projects.
>>>> 
>>>>> --Jeff
>>>>> 
>>>>> 
>>>>> 
>>>>> On Apr 13, 2012, at 7:44 AM, Eoin <eoin.keary at owasp.org <mailto:eoin.keary at owasp.org>> 
>>>>> wrote:
>>>>> 
>>>>>> Hi,
>>>>>> 
>>>>>> The wiki page is here: https://www.owasp.org/index.php/Projects_Reboot_2012
>>>>>> 
>>>>>> I think we have debated this enough, written blogs and had phone conversations. I
>>>>>> hope for the board to ratify, or not the proposal today.
>>>>>> 
>>>>>> 
>>>>>> Eoin
>>>>>> 
>>>>>> 
>>>>>> 
>>>>>> 
>>>>>> 
>>>>>> 
>>>>>> On 13 April 2012 11:10, John Wilander <john.wilander at owasp.org 
>>>>>> <mailto:john.wilander at owasp.org>> wrote:
>>>>>> 
>>>>>> I would prefer a referendum among leaders preceded by both sides presenting their
>>>>>> side of the matter on a wiki tab each. We would also need a info page what is
>>>>>> actually proposed. "Pay" is too vague. This is an important question for the
>>>>>> foundation. If a majority of leaders vote the community will have a much easier time
>>>>>> accepting the outcome than if the board decides.
>>>>>> 
>>>>>> If the board doesn't want a referendum I assume you will not take part in the
>>>>>> discussion nor the vote, Eoin, since it's your proposal.
>>>>>> 
>>>>>> Regards, John
>>>>>> 
>>>>>> -- My music http://www.johnwilander.com <http://www.johnwilander.com/> Twitter 
>>>>>> https://twitter.com/johnwilander CV or Résumé http://johnwilander.se 
>>>>>> <http://johnwilander.se/>
>>>>>> 
>>>>>> 13 apr 2012 kl. 11:33 skrev Eoin <eoin.keary at owasp.org
>>>>>> <mailto:eoin.keary at owasp.org>>:
>>>>>> 
>>>>>>> Im afraid that is not true..... The 2008 summer of code, leaders were paid. Great 
>>>>>>> projects were delivered.... check the wiki.
>>>>>>> 
>>>>>>> Can we let the board decide this matter? It is what the board is for.
>>>>>>> 
>>>>>>> On 12 April 2012 16:05, Dennis Groves <dennis.groves at owasp.org 
>>>>>>> <mailto:dennis.groves at owasp.org>> wrote:
>>>>>>> 
>>>>>>> Its not open to all, OWASP leaders must not be paid by OWASP. Did you not read
>>>>>>> Dinis's message? You seem to fail to understand that OWASP has been down this route
>>>>>>> of paying its leaders at least twice and it failed both times.
>>>>>>> 
>>>>>>> Once you go down that route you destroy OWASP's meritocracy and cease to be the an
>>>>>>> open social organization.
>>>>>>> 
>>>>>>> You create a corporation; and corporations are closed not open. You don't for
>>>>>>> example share openly the salaries of all the different paid employees with each
>>>>>>> other. Why? Did you watch the TED talk about morality in animals? Even monkeys
>>>>>>> refuse to work under such conditions. So, you must start closing OWASP. This is no
>>>>>>> longer OWASP its CWASP.
>>>>>>> 
>>>>>>> You are right this shouldn't need to be up for discussion, but clearly some of
>>>>>>> members still fail to understand that this is the very fabric of OWASP and that we
>>>>>>> not only is paying OWASP leaders verboten; it is tantamount destroying OWASP, and I
>>>>>>> know you are not advocating this! :-)
>>>>>>> 
>>>>>>> *I have choose just a single problem,that would result - Dinis has identified over
>>>>>>> 15 in his email that would require resolutions to make it work*
>>>>>>> 
>>>>>>> 
>>>>>>> 
>>>>>>> 
>>>>>>> 
>>>>>>> -- Dennis Groves <http://about.me/dennis.groves>, MSc dennis.groves at owasp.org 
>>>>>>> <mailto:dennis.groves at owasp.org>
>>>>>>> 
>>>>>>> <http://www.owasp.org/>
>>>>>>> 
>>>>>>> /This work is licensed under the Creative Commons
>>>>>>> Attribution-NonCommercial-NoDerivs 3.0 Unported License. To view a copy of this
>>>>>>> license, visit http://creativecommons.org/licenses/by-nc-nd/3.0/ or send a letter
>>>>>>> to Creative Commons, 444 Castro Street, Suite 900, Mountain View, California,
>>>>>>> 94041, USA./
>>>>>>> 
>>>>>>> 
>>>>>>> 
>>>>>>> On Thu, Apr 12, 2012 at 15:08, Kenneth Van Wyk <ken at krvw.com
>>>>>>> <mailto:ken at krvw.com>> wrote:
>>>>>>> 
>>>>>>> OK, gotta chime in. I've followed this thread, and frankly, I can't even imagine
>>>>>>> why it's up for discussion.
>>>>>>> 
>>>>>>> If OWASP has money to fund a project/event/whatever, AND
>>>>>>> 
>>>>>>> Bidding on that funded effort is open to all, AND
>>>>>>> 
>>>>>>> There is a fair and equitable selection process, with appropriate checks and
>>>>>>> balances, removal of conflicts of interest, AND
>>>>>>> 
>>>>>>> An OWASP Leader happens to be selected, THEN
>>>>>>> 
>>>>>>> It's a win for everyone.
>>>>>>> 
>>>>>>> OWASP gets the effort from the person(s) selected.
>>>>>>> 
>>>>>>> The selected person(s) gets revenue for his/her efforts.
>>>>>>> 
>>>>>>> I mean, DUH! Why aren't we all doing a face-palm over this non-issue?
>>>>>>> 
>>>>>>> Please explain what I'm missing here.
>>>>>>> 
>>>>>>> Cheers,
>>>>>>> 
>>>>>>> Ken van Wyk
>>>>>>> 
>>>>>>> 
>>>>>>> 
>>>>>>> _______________________________________________ OWASP-Leaders mailing list 
>>>>>>> OWASP-Leaders at lists.owasp.org <mailto:OWASP-Leaders at lists.owasp.org> 
>>>>>>> https://lists.owasp.org/mailman/listinfo/owasp-leaders
>>>>>>> 
>>>>>>> 
>>>>>>> 
>>>>>>> _______________________________________________ OWASP-Leaders mailing list 
>>>>>>> OWASP-Leaders at lists.owasp.org <mailto:OWASP-Leaders at lists.owasp.org> 
>>>>>>> https://lists.owasp.org/mailman/listinfo/owasp-leaders
>>>>>>> 
>>>>>>> 
>>>>>>> 
>>>>>>> 
>>>>>>> -- Eoin Keary OWASP Global Board Member (Vice Chair)
>>>>>>> 
>>>>>>> https://twitter.com/EoinKeary
>>>>>>> 
>>>>>>> 
>>>>>>> _______________________________________________ OWASP-Leaders mailing list 
>>>>>>> OWASP-Leaders at lists.owasp.org <mailto:OWASP-Leaders at lists.owasp.org> 
>>>>>>> https://lists.owasp.org/mailman/listinfo/owasp-leaders
>>>>>> 
>>>>>> 
>>>>>> 
>>>>>> 
>>>>>> -- Eoin Keary OWASP Global Board Member (Vice Chair)
>>>>>> 
>>>>>> https://twitter.com/EoinKeary
>>>>>> 
>>>>>> 
>>>>>> _______________________________________________ OWASP-Leaders mailing list 
>>>>>> OWASP-Leaders at lists.owasp.org <mailto:OWASP-Leaders at lists.owasp.org> 
>>>>>> https://lists.owasp.org/mailman/listinfo/owasp-leaders
>>>> 
>>>> _______________________________________________ OWASP-Leaders mailing list 
>>>> OWASP-Leaders at lists.owasp.org <mailto:OWASP-Leaders at lists.owasp.org> 
>>>> https://lists.owasp.org/mailman/listinfo/owasp-leaders
>>>> 
>>>> 
>>>> 
>>>> _______________________________________________ OWASP-Leaders mailing list 
>>>> OWASP-Leaders at lists.owasp.org <mailto:OWASP-Leaders at lists.owasp.org> 
>>>> https://lists.owasp.org/mailman/listinfo/owasp-leaders
>>>> 
>>>> 
>>>> 
>>>> 
>>>> -- "... static analysis is fun, again!"
>>>> 
>>>> OWASP Orizon project leader, http://github.com/thesp0nge/owasp-orizon OWASP Esapi Ruby
>>>> project leader, https://github.com/thesp0nge/owasp-esapi-ruby
>>>> 
>>>> 
>>>> _______________________________________________ OWASP-Leaders mailing list 
>>>> OWASP-Leaders at lists.owasp.org https://lists.owasp.org/mailman/listinfo/owasp-leaders
> 
> 
>> _______________________________________________ OWASP-Leaders mailing list 
>> OWASP-Leaders at lists.owasp.org https://lists.owasp.org/mailman/listinfo/owasp-leaders
> 

- -- 
⁂ Arturo "Buanzo" Busleiman ⁂ - MUSICA: soundcloud.com/no-carrier
Independent Linux and Security Consultant - 16+y of IT exp. at your service .
OWASPer - http://www.buanzo.com.ar/pro/eng.html                             ..:
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/

iEYEAREKAAYFAk+K7t4ACgkQAlpOsGhXcE2MygCfaj7ctqqESf3jNUtwTCVuN2aQ
I7oAnRoH7bLQZ+7YGIUCz6nFjC+Edl2X
=QHTs
-----END PGP SIGNATURE-----


More information about the OWASP-Leaders mailing list