[Owasp-leaders] OWASP Top 10 - 2013 Release Candidate Now Available

vanderaj vanderaj vanderaj at owasp.org
Wed Feb 20 03:49:11 UTC 2013


I would like it very much if the main protagonists could calm down before
things are said that cannot be unsaid. We don't need the People's Front of
Judea and the Judean People's Front factions when we both hate the Romans.

Let's discuss things that need to be discussed, namely, in my view how did
this become a PDF delivered as a faît accompli and in a form that is
difficult to contribute to both before, during and after? I don't mind that
a project ends up being worked on by a team of folks who beaver away for
months and then asks for peer review near the end. In the real open source
world, including OWASP, I think projects should be written in the open in
tiny incremental changes that everyone can see, read, and contribute with
low barriers to entry. And for empirical pieces like the Top 10, it should
be repeatable - so open data sets and spreadsheets. I would reject data
that might be meaningful but has NDA's attached to it. We have enough open
anonymized data to make sense of the Top 10 without including tainted data
sets.

I'm less worried about logos as long as it's tasteful and agreed by all.
Dave's donation of time to the Top 10 is a sacrifice, either as a loss of
company time or family time. Our sacrifice as authors and project leads
should be "paid" in a way that makes sense to that contributor. I
personally do all of my OWASP work on *my* computer(s) in *my* time, and so
I've never asked for more than my name in the credits. But others might
need something different to allow them to contribute. Being "open" doesn't
mean being anti-commercial, it means being seen as independent and actually
being independent. Let's prove that by having a mature discussion about our
governance that allows commercial interaction whilst releasing worthwhile
IP to the community for all to benefit in a way that is inclusive and low
barrier to entry. This is how medical research occurs, particularly with
respect to open access journals.

This issue has been a thorny one for a long time, and really requires
compromise and consensus or else things will be kicked down the road and no
one is happy. We all hate closed IP, so let's work out the best alternative
without going to bush lawyer school, especially when some of us are
actually lawyers. We're all friends here more than mortal competitors,
let's keep it genial and concentrate on the issue.

thanks,
Andrew
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/owasp-leaders/attachments/20130220/11ae8681/attachment.html>


More information about the OWASP-Leaders mailing list