[Owasp-leaders] Regular OWASP polls

tonyuv at owasp.org tonyuv at owasp.org
Tue Jan 7 13:57:16 UTC 2014

+1 with Fabio.

From: Fabio Cerullo
Sent: ‎Tuesday‎, ‎January‎ ‎7‎, ‎2014 ‎8‎:‎28‎ ‎AM
To: psiinon
Cc: Kanwal Singh (WebMentors), Ravdeep Sodhi, OWASP Leaders, Nishant Johar (EMOBX)


To my view the votes should only be casted by people with an owasp.org address.


El Tuesday, January 7, 2014, psiinon escribió:

I've started to get requests to share this poll with people without OWASP addresses.

My initial feeling is that I shouldn't - whoever creates an OWASP poll shouldn't be responsible for working out who is part of the OWASP community, and if people want to take part in an OWASP poll then they need to get an OWASP email address.

Is that a reasonable position?


On Tue, Jan 7, 2014 at 10:34 AM, psiinon <psiinon at gmail.com> wrote:

As per my comment on the RSA training thread I've created an OWASP Polls page on the wiki: https://www.owasp.org/index.php/Polls and added the first poll.

Anyone who can update the wiki can edit that page, but I think we should have some control over it, eg to make sure we have a regular drip feed of polls.

Right now I'm happy to act as the gatekeeper for this but I'm also happy for anyone else to help out with this - any volunteers?

Note that I'm not planning on creating all the polls, but they're easy to create via Google forms and I can help out with any questions.


On Mon, Jan 6, 2014 at 10:32 PM, Michael Coates <michael.coates at owasp.org> wrote:

On the implementation side - google forms may work well here. The owasp.org accounts are provided to members and we can limit votes and also track results.

Michael Coates

On Mon, Jan 6, 2014 at 2:08 PM, Konstantinos Papapanagiotou <konstantinos at owasp.org> wrote:

This sound good Simon, ie having polls in order to get the pulse rather than decide. 

For the record I strongly believe that threads like the previous one are extremely useful for OWASP and the community. My disagreement was on having what is practically a referendum for such issues. There are many issues that need to be taken in consideration if we go down that way (e.g. How many leaders will actually participate, how many votes do we need to have a binding decision, what if the outcome is close to 50-50, what constitutes a seriously enough issue to ask for the leaders' opinion, etc.). If we work on such issues, maybe direct democracy turns out to be a good idea, but meanwhile what Simon says sounds more realistic, even though in practice the above issues remain. 

I also support Dinis idea for open, public votes for such issues.


On 6 Ιαν 2014, at 11:07, psiinon <psiinon at gmail.com> wrote:

OK, this is in reply to Kostas' comment, but I've changed the title as I think it deserves a separate thread.

I agree that we have a CEO and BoD for these decisions, but clearly this is something people feel very strongly about.
Conversely we also often complain that it seems to be difficult to get OWASP volunteers engaged :)

So how about having regular polls for such questions?

(Note that this is not proposed as an alternative to the email threads, which are a great way of exploring the arguments and alternatives).

The polls should be restricted, eg to people with OWASP email addresses to prevent easy abuse.

They would not be 'binding' - they would be a way of getting the 'pulse' rather than the way we arrive at decisions.

The board (or whoever makes the final decision) should take into account the results, but 100% against a proposal isnt very definitive if only 5 people vote ;)

And they wouldnt have to be just for the 'big' questions, they could be for anything OWASP related.
e.g. "What is the most important feature missing from ZAP: A) ..."

It might take a bit of effort setting up the right infrastructure, but if that was in place then it would be much easier to find out how the OWASP community feels about things like participation in RSAC.

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/owasp-leaders/attachments/20140107/8c7cd61f/attachment.html>

More information about the OWASP-Leaders mailing list