[Owasp-leaders] My views on Sarah's appointment

Jerry Hoff jerry at owasp.org
Thu May 30 14:45:51 UTC 2013

Hello OWASP leaders,

I am responding to this email a little late, but I definitely want to provide an different perspective on the treatise Dinis presented here.

Folks, OWASP is a completely volunteer organization for security enthusiasts to do good in the world by making application security more visible.  It is one of the most interesting organizations I've ever been a part of.

To that degree, when we all volunteer our time and energy, we want it to be as effective as it possibly can be.  OWASP is a platform, we provide the expertise, and the world benefits.  The effectiveness of OWASP as a platform directly impacts the effectiveness of every OWASP project and piece of output.

Recently, our democratically elected board decided to appoint an executive director for OWASP.  As a frequent OWASP contributor, I want to say THANK YOU BOARD.  This is a critical step is moving AWAY from being an "old boys club" towards a more polished and coherent group, and a great thing to make OWASP more effective as a platform.

OWASP is turning the corner.  I think the partially completed & sometimes outdated wiki pages, the abandoned projects, and communication issues have held OWASP back from achieving our full potential.  With someone as passionate about OWASP as Sarah Baso gently guiding the ship, allowing us to focus our efforts and magnifying the power of the platform, I believe OWASP is set to move to the next level.

Also, it gives me good feelings to see a board actually distributing power with the creation of new positions and roles instead of holding onto it.  Very cool guys.

Congratulations Sarah and way to go board! 

All the is just my opinion - I just didn't want Dinis's well-articulated opinion to be seen as the universal sentiment.  Disagreements and flames can be sent to me personally or we can move it over to the governance list.


Jerry Hoff
jerry at owasp.org

On May 24, 2013, at 9:05 AM, Dinis Cruz <dinis.cruz at owasp.org> wrote:

> Well I have written a model I like on An Idea of a new model for OWASP , which if you look at it is based on an OWASP structure:
> a) driven by the OWASP leaders energy, activities and actions
> b) supported by a strong, cohesive, motivated and empowered OpsTeams (i.e OWASP employees)
> c) kept in check by a group (which you can call a 'Board' if you want) that mainly deals with community/cultural issues
> And I quite like your reference of Ricardo Semmlers and its Industrial democracy , and if more organizations (like OWASP implement similar models, then it will stop becoming an outlier model :)  )
> I also agree that what is done is done and nothing can be done about it, which is why I proposed a number of solutions in my blog post specially the first two, which are aimed at fixing the new OpsTeam model that break the b) point made above
> My key problem with the current OWASP structure is that we evolved into a model where there is a huge amount of really talented OWASP leaders spent on 'organisational and political' stuff, which frankly should be handled and delegate to the OPsTeam. We need energy spent on getting stuff done and fixing application security challenges, not be involved in political fights.
> Dinis Cruz
> On 24 May 2013 16:17, David (dmalloc) <dmalloc at users.sourceforge.net> wrote:
> mparsons at parsonsisconsulting.com wrote:
> > +1 Dinis
> I do not get the point of this thread nor the blog entry. If I was to
> break out my Lean hat, I would consider this a waste.
> We can argue the moral implications of the selection process for the
> next few years and we would not find a consensus. As much as I think
> Dinis wants to create an organization in Ricardo Semmlers image, I also
> know that his success was probably a statistical outlier. Otherwise
> there would be thousands of organizations right now where everyone is
> equal and all is done by consent.
> I wish you luck in that endevour, Dinis I applaud your passion and vigour.
> _______________________________________________
> OWASP-Leaders mailing list
> OWASP-Leaders at lists.owasp.org
> https://lists.owasp.org/mailman/listinfo/owasp-leaders
> _______________________________________________
> OWASP-Leaders mailing list
> OWASP-Leaders at lists.owasp.org
> https://lists.owasp.org/mailman/listinfo/owasp-leaders

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/owasp-leaders/attachments/20130530/ac3baa26/attachment.html>

More information about the OWASP-Leaders mailing list