[Owasp-leaders] My expectation is that nobody is reading my @owasp.org emails

Josh Sokol josh.sokol at owasp.org
Tue Jul 1 13:44:08 UTC 2014


To say that OWASP's Human Resources processes are immature is an
understatement.  But, to Eoin's point, HR is not the responsibility of the
Board of Directors, but rather, the Executive Director and the Operations
Team.  As with most things at OWASP, as a volunteer, if you see a problem
with the way things are done and have ideas for improvement, you are
welcome to put forth a plan to fix it.  I would recommend working with
Sarah in order to identify areas for improvement around access control and
putting your plan into action.  I, too, would love to see a day when an
employee can resign and have their sensitive access removed while still
having access to e-mail and other more basic abilities.  As it sits today,
however, this is not the case.  Actions speak louder than words, Dennis, so
please, instead of complaining about it, take the initiative to do
something about it instead.  My $0.02 on what I agree is an important issue
for us to consider addressing.

~josh


On Tue, Jul 1, 2014 at 4:53 AM, Eoin Keary <eoin.keary at owasp.org> wrote:

> I've never heard of board members being responsible for access control or
> any other operational control for that matter.
> If there are suggestions for improvement I'm sure they can be auctioned by
> our fabulous staff and volunteers.
>
> We don't have a full time IAM manager but if it is a big bone of
> contention I'd say it would be a great idea to address and I'd support such
> a move. I'd suggest we start with our tech hosting provider and go from
> there..
>
> -ek
>
>
> Eoin Keary
> Owasp Global Board
> +353 87 977 2988
>
>
> On 1 Jul 2014, at 12:43, Jim Manico <jim.manico at owasp.org> wrote:
>
> Dennis,
>
> I am not the leading expert on access control, for that I would read NIST
> special publication 800-162 on ABAC and similar documents.
>
> http://csrc.nist.gov/publications/drafts/800-162/sp800_162_draft.pdf
>
> If you have any questions about our technical policies, drop Matt Tesauro
> a note.
>
> Well wishes,
> --
> Jim Manico
> @Manicode
> (808) 652-3805
>
> On Jul 1, 2014, at 5:05 PM, Dennis Groves <dennis.groves at owasp.org> wrote:
>
> Hey Jim,
>
> I know you have no access, by design (good security!)
>
> What I am questioning - is how can an organization not follow the world
> leading experts advice (you)!) in such fundamental matters? surely if OWASP
> can not do it, how can we exert anybody else to follow our advice?
>
> I think is embarrassing at best - why is it we can not implement your best
> practices? You after all are the leading expert! - if OWASP can not  your
> advice, how can we expect others to do the same?
>
> Dennis
>>
> _______________________________________________
>
> OWASP-Leaders mailing list
> OWASP-Leaders at lists.owasp.org
> https://lists.owasp.org/mailman/listinfo/owasp-leaders
>
>
> _______________________________________________
> OWASP-Leaders mailing list
> OWASP-Leaders at lists.owasp.org
> https://lists.owasp.org/mailman/listinfo/owasp-leaders
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/owasp-leaders/attachments/20140701/48e0c88b/attachment.html>


More information about the OWASP-Leaders mailing list