[Owasp-leaders] The Community Vote

Fabio Cerullo fcerullo at owasp.org
Tue Sep 3 15:59:45 UTC 2013

Dear all,

Thanks for the feedback. I would like to provide some answers to the
raised in bold*:


*- I like the concept, but what if, instead of giving one Board member a
community vote (ie. everyone summed up into 1/7th of the voting), we just
influenced the Board to put more of the decisions in the hands of the
members? *

FC: I think you nailed it there because I believe the Community Vote has
the power to influence the overall Board, not just 1/7th of the voting. If
the whole Community is strongly in favor/against something, it will be
difficult for the Board to turn heads and ignore the majority.

*- Maybe, for important issues that can change the course of the
organization, we add them to the vote at the same time of year when we
elect new Board members?  It would be like electing a President; as opposed
to electing a member of Congress.*

FC: I think we could implement a similar mechanism without having to wait
for a year. We could use Google Moderator or even the same tool as the
Board elections.

*- The idea that some group of individuals knows what the majority wants is
pretty comical.  As an example, the Board has made numerous decisions
affecting our Chapters with a minority of those voting even serving as
Chapter Leaders.  Never even consulting the current Chapter leaders on the
decision process or how their decision affects them.  I like your idea of
giving the power back to the people Fabio, but I'd like to see it go even
further than that.*

FC: We are on the same boat there, and that is why I'm thinking on ways to
provide decision power to the Community.


*- Are members only eligible to vote?*

FC: The intention of the Community Vote is to allow *anyone* at OWASP to
provide their view about a particular topic to be discussed at board level.

*- Is a majority turnout required?*

FC: By implementing a 'thumbs up/down' mechanism the board could see what
the majority of the OWASP community is willing to do and decide based on
that 'yardstick'.

*- How do you track fraud/police the voting process?*

FC: Regarding the tracking/fraud prevention in the voting process, if we
use Google Moderator you need to login with an @owasp.org account in order
to vote that uniquely identifies you, so that should prevent any
misbehavior (at
least in theory).
*- Would this slow down the decision process?*

FC: I don't believe the Community Vote will slow down in any way the
decision process, all OWASP members (paid or not) & staff could *optionally
*vote on a particular topic and then when decision time comes at board
level, it is just a matter of looking at the voting results from the
*- If this took hold would we even need a board?*

FC: We will definitely need a board. The sole purpose of the Community Vote
is to provide a voice to the OWASP community. Then the board could govern
the organisation in same way as always with the additional benefit of
having this invaluable information available.
*- Can staff vote?*

FC: As mentioned earlier, anyone should be able to vote.
*- What about conflict of interest controls?*

FC: Allowing the whole community to vote will effectively erode any
conflict of interest of a few parties.

*- When we elect leaders we elect them to make decisions on our behalf. Why
is this a better solution?
FC: I'm not suggesting to replace the elected leaders, only providing a
mechanism to hear the OWASP community.

*- I'm strongly against something like this. The whole purpose of a board
is to reduce the workload on leaders, and let them do the useful thing
rather than politics.*
FC: I agree with you that the board should govern the organisation. The
intention of the Community Vote is giving the leaders the *option *to get
more actively involved.
*- But, I think a leaders VETO is a good idea, in case the board decides
something and the majority of leaders are not happy with it. This is
important and we have seen how it could impact board decisions in the last

FC: A veto mechanism could also be explored. Again, it is all about getting
the OWASP Community more involved in the decision process.

Thanks again,


On Thu, Aug 29, 2013 at 11:31 PM, Dennis Groves <dennis.groves at owasp.org>wrote:

> Great Message!
> On 29 Aug 2013, at 3:59, martin.knobloch at owasp.org wrote:
>  My vision of OWASP in one sentence:  Community driven, board guided,
>> employees supported!
> [Dennis Groves](http://about.me/**dennis.groves<http://about.me/dennis.groves>),
> MSc
> [Email me](mailto:[email protected]**owasp.org <dennis.groves at owasp.org>) or
> [schedule a meeting](http://goo.gl/8sPIy).
>     Unless someone like you...cares a whole awful lot...
>     nothing is going to get better...It's not."
>                                             -- The Lorax
> ______________________________**_________________
> OWASP-Leaders mailing list
> OWASP-Leaders at lists.owasp.org
> https://lists.owasp.org/**mailman/listinfo/owasp-leaders<https://lists.owasp.org/mailman/listinfo/owasp-leaders>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/owasp-leaders/attachments/20130903/7b8e5d45/attachment.html>

More information about the OWASP-Leaders mailing list