[Owasp-leaders] Regular OWASP polls

Tobias tobias.gondrom at owasp.org
Wed Jan 8 15:13:50 UTC 2014


Dear Simon,

thank you so much for organising this and setting this up.
This is great and I will be looking forward to using this community poll
more in the future!

And I totally agree with your replies to requests from non-owasp email
holders.
Nothing is perfect and the tool is as it is and naturally has some
technical limitations. In case of public requests, it is fully
sufficient to make available simple summary results after the survey is
closed. We don't need to make huge investments just to publish partial
real-time preliminary update results for the public. In most normal
cases, surveys don't even have preliminary status updates at all.

All the best, Tobias


Ps.: on a technical term, one might also question the requesters
argument that an internal member poll for a decision would qualify as
"OWASP materials". However, personally I just love openness and
transparency and would encourage and embrace if we could post the end
summary results of our community surveys somewhere on our website after
they are finished. (Without publishing details how each single named
individual voted in the poll.)



On 08/01/14 14:40, psiinon wrote:
> And another problem...
>
> I've been receiving _lots_ of requests to access the form from non
> OWASP accounts.
> I have replied to all of them with a canned response of:
> I'm afraid this poll is currently only available to people with OWASP
> email accounts to ensure that only OWASP members / contributors take part.
>
> To get an OWASP email address follow the link on
> https://www.owasp.org/index.php/Owasp.org_email_address
>
> Cheers,
>
> Simon
>
> However I've just received a reply of:
> Dear Simon,
>
> the main page of the owasp website states "all of our materials are
> available under a free and open software license". Thus I again ask
> for these materials. 
>
> Best regards,
> a long-time owasp follower
>
> PS: Thanks, I don't need these information, but I am just surprised
> that being an all open and free project, you deny access to these
> informtion? Isn't that ignoring the foundaries of the project?
>
> For now I'm going to stick with the statement I put on
> https://www.owasp.org/index.php/Polls:
> Note that only OWASP members can see the 'live' results. A summary of
> the results will be made public when the poll closes, but the full
> details will stay restricted to OWASP members to prevent email
> harvesting.
>
> However I want to let anyone else have a say on this rather than it
> being just my decision.
>
> Simon
>
>
> On Wed, Jan 8, 2014 at 2:34 PM, psiinon <psiinon at gmail.com
> <mailto:psiinon at gmail.com>> wrote:
>
>     OK, it looks like Google Forms arent _quite_ as good as they
>     initially seem :(
>
>     For a start, there is no easy way to prevent anyone from voting
>     multiple times.
>     We can see if anyone does, but thats not always immediately
>     obvious if there are a lot of responses.
>
>     The poll owner can edit the spreadsheet to take out 'extra' votes,
>     but the totals in the summary are _not_ updated :(
>
>     This means that the summary for the 'RSA' poll is currently wrong
>     - I removed one 'extra' vote (which may of course have been
>     accidental) and then removed 2 extra votes that I made while
>     testing to see if I could easily prevent multiple votes :(
>
>     If anyone has any straightforward solutions to these 2 issues then
>     please let me know.
>
>     Simon
>
>
>     On Tue, Jan 7, 2014 at 9:16 PM, Dennis Groves
>     <dennis.groves at owasp.org <mailto:dennis.groves at owasp.org>> wrote:
>
>         I was one of the first to answer the survey, however, let me
>         publicly say that this is an awesome idea Psiinon!
>         We really should be involving the community much more, and
>         this is a great way to do that. 
>
>
>         On Tue, Jan 7, 2014 at 11:27 AM, Dinis Cruz
>         <dinis.cruz at owasp.org <mailto:dinis.cruz at owasp.org>> wrote:
>
>             yeah, keep it @owasp.org <http://owasp.org> domain only
>             since that is also a nice perk for having that email
>             address (and makes the whole process simpler)
>
>             Rock & Roll Simon, this is a great evolution :)
>
>             Dinis
>
>
>             On 7 January 2014 15:48, <nawaid.iqbal at owasp.org
>             <mailto:nawaid.iqbal at owasp.org>> wrote:
>
>                 I agree with Tobias. People with only owasp.org
>                 <http://owasp.org> should only be allowed to voice
>                 their opinion
>
>                 Regards
>
>                 Nawaid
>                 Sent from BlackBerry® on Airtel
>
>                 -----Original Message-----
>                 From: psiinon <psiinon at gmail.com
>                 <mailto:psiinon at gmail.com>>
>                 Sender: owasp-leaders-bounces at lists.owasp.org
>                 <mailto:owasp-leaders-bounces at lists.owasp.org>
>                 Date: Tue, 7 Jan 2014 11:55:11
>                 To: Michael Coates<michael.coates at owasp.org
>                 <mailto:michael.coates at owasp.org>>
>                 Cc: Kanwal Singh \(WebMentors\)<kanwalsb at gmail.com
>                 <mailto:kanwalsb at gmail.com>>; OWASP
>                 Leaders<owasp-leaders at lists.owasp.org
>                 <mailto:owasp-leaders at lists.owasp.org>>; Nishant Johar
>                 \(EMOBX\)<nj at emobx.com <mailto:nj at emobx.com>>; Ravdeep
>                 Sodhi<ravdeep.sodhi at ecoretechnos.com
>                 <mailto:ravdeep.sodhi at ecoretechnos.com>>
>                 Subject: Re: [Owasp-leaders] Regular OWASP polls
>
>                 _______________________________________________
>                 OWASP-Leaders mailing list
>                 OWASP-Leaders at lists.owasp.org
>                 <mailto:OWASP-Leaders at lists.owasp.org>
>                 https://lists.owasp.org/mailman/listinfo/owasp-leaders
>
>                 _______________________________________________
>                 OWASP-Leaders mailing list
>                 OWASP-Leaders at lists.owasp.org
>                 <mailto:OWASP-Leaders at lists.owasp.org>
>                 https://lists.owasp.org/mailman/listinfo/owasp-leaders
>
>
>
>             _______________________________________________
>             OWASP-Leaders mailing list
>             OWASP-Leaders at lists.owasp.org
>             <mailto:OWASP-Leaders at lists.owasp.org>
>             https://lists.owasp.org/mailman/listinfo/owasp-leaders
>
>
>
>
>         -- 
>         Dennis Groves <http://about.me/dennis.groves>, MSc
>         Email me, <mailto:dennis.groves at owasp.org> or schedule a
>         meeting <http://goo.gl/8sPIy>.
>         /This email is licensed under a CC BY-ND 3.0
>         <http://creativecommons.org/licenses/by-nd/3.0/deed.en_GB>
>         license./
>         Stand up for your freedom to install free software.
>         <http://www.fsf.org/campaigns/secure-boot/statement>
>         Please do not send me Microsoft Office/Apple iWork documents.
>         Send OpenDocument <http://fsf.org/campaigns/opendocument/>
>         instead!
>
>         <http://www.owasp.org/>
>
>         _______________________________________________
>         OWASP-Leaders mailing list
>         OWASP-Leaders at lists.owasp.org
>         <mailto:OWASP-Leaders at lists.owasp.org>
>         https://lists.owasp.org/mailman/listinfo/owasp-leaders
>
>
>
>
>     -- 
>     OWASP ZAP <https://www.owasp.org/index.php/ZAP> Project leader
>
>
>
>
> -- 
> OWASP ZAP <https://www.owasp.org/index.php/ZAP> Project leader
>
>
> _______________________________________________
> OWASP-Leaders mailing list
> OWASP-Leaders at lists.owasp.org
> https://lists.owasp.org/mailman/listinfo/owasp-leaders

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/owasp-leaders/attachments/20140108/368f98fe/attachment-0001.html>


More information about the OWASP-Leaders mailing list