[Owasp-leaders] Vendor Neutrality

Andy Lewis alewis at owasp.org
Tue Feb 19 22:51:57 UTC 2013


"How can we properly align incentives to help more individuals and
companies contribute with OWASP?"

Kudos to Victor for channeling the discussion.  I think that if we
Leaders pursue the answer to Victor's question we will arrive at an
outcome that allows us to quantify abuse.

Tom - I agree with the assertion that as a Board Member your standards
must be higher.  Unfortunately, I think that you and the other Board
Members must take the stance "if in doubt, stay away from the gray
areas".  You've done a LOT for this organization and it would be a
shame to tarnish your name and OWASP's name through continued
controversy.  I am very hopeful that you, Dennis, and the rest of this
list can answer Victor's question in a way that moves us forward as an
organization.

So, from my perspective, here's the start of the list of answers to
the question "How can we properly align incentives to help more
individuals and companies contribute with OWASP?"

1. Ensure Board Members' conduct is beyond reproach.
2. Ensure that Contributors (especially sponsors) receive value for
their efforts, time, or money.
3. Ensure that the OWASP "brand" maintains value so that members,
staff, and contributors desire to be associated with OWASP.  Currently
OWASP probably has more positive AppSec connotations than any other
organization.  We need to maintain and enhance that reputation/"brand
power."
4. Make it fun.  Keep it fun.  Make it cool and fun whenever possible.
 Make people WANT to join in our activities and community.
5. Feed people when they come to learn and have fun (personal preference :-)
6. Promote contributors in proportion to their contribution without
allowing gatherings to become infomercials.
7. Publish vendor-neutrality rules and incorporate special rules for
Board Members, Chapter Leaders, and anybody else who may need special
attention.
8. Define a process to deal with transgressions.  Openly.  With a
clear, published, outcome.
9. Put action behind great ideas answering the question "How can we
properly align incentives to help more individuals and companies
contribute with OWASP?"

Having said all that, it's great to belong to a relatively transparent
organization where I RARELY have to question the good intentions of
the Leadership team.  We've got a great group and there's no doubt in
my mind that we'll be better after this issue is resolved.
All the best,
Andy Lewis

On Tue, Feb 19, 2013 at 9:14 AM, Dennis Groves <dennis.groves at owasp.org> wrote:
> Wow, just wow - this is the most intelligent thing I have ever read on the
> leaders list. :-)
>
> This Victor, is the "million dollar question" as American's would say. "How
> can we properly align incentives to help more individuals and companies
> contribute with OWASP?"
>
> Just like security, 'It depends!' ;-) I think that is exactly what we are
> trying to figure out between the community and the board. We have a risk,
> and the question is how do we mitigate it…
>
> Dennis
>
> --
> [Dennis Groves](http://about.me/dennis.groves), MSc
> [Email me](mailto:dennis.groves at owasp.org) or [schedule a
> meeting](http://goo.gl/8sPIy).
>
> *This email is licensed under a [CC BY-ND
> 3.0](http://creativecommons.org/licenses/by-nd/3.0/deed.en_GB) license.*
>
> **Please do not send me Microsoft Office/Apple iWork documents.**
> Send [OpenDocument](http://fsf.org/campaigns/opendocument/) instead!
> Stand up for your freedom to install [free
> software](http://www.fsf.org/campaigns/secure-boot/statement).
>
>
>> The idea that some lives matter less is the root of all that’s wrong with
>> the world. -- Paul Farmer
>
> _______________________________________________
> OWASP-Leaders mailing list
> OWASP-Leaders at lists.owasp.org
> https://lists.owasp.org/mailman/listinfo/owasp-leaders


More information about the OWASP-Leaders mailing list