[Owasp-leaders] OWASP Project Manager Report: March 28, 2014
johanna curiel curiel
johanna.curiel at owasp.org
Sun Mar 30 20:24:53 UTC 2014
My excuses , this was meant for Jim, not the entire list
On Sun, Mar 30, 2014 at 4:18 PM, johanna curiel curiel <
johanna.curiel at owasp.org> wrote:
> Hi Jim
> Thank you for those kind and motivating words. You are awesome too!
> I think we need to be practical.
> Meetings with no concrete action plans become tiresome. That's why I think
> that most project technical advisers are not participating anymore.
> We have reached a criteria to use, but again the input of the community is
> the most important one, since judging all these projects must be driven on
> input data from valuable sources. The opensamm was an effort that I did not
> support. We just need simple surveys to ask users and the community to
> score based on (for example):
> Usability==> Purpose of the project satisfy a need?
> Support from project leader/Contributors==> when user needs help, do they
> get it from the community of contributors or project leader?
> Documentation==> Is the documentation helpful enough to use the tool or
> understand what is the project about?
> Easiness of use==> Rate how easy is to install, use, etc
> Quality==> Bugs been fixed? Actively maintain? etc..
> Each project should have a satisfaction survey, ZAP does, so every project
> should do.
> How can we make this happen?
> On Sun, Mar 30, 2014 at 6:07 AM, Jim Manico <jim.manico at owasp.org> wrote:
>> You are an awesome, consistent passionate volunteer and I always enjoy
>> interacting with you! You're super-sharp and anytime you ask something of
>> me I do it (except for pronouncing your home town correctly).
>> I would be happy to help with the technical board of advisors or help
>> review and manage surveys from the community. The only reason I did not do
>> it originally was because of a worry about a perceived conflict of
>> interest. I know these emails from me are not easy to digest, but again,
>> I'm not just complaining, I'm very willing to help.
>> Jim Manico
>> (808) 652-3805
>> On Mar 29, 2014, at 8:40 PM, johanna curiel curiel <
>> johanna.curiel at owasp.org> wrote:
>> Let me clarify here that I did not vote to use this system as rating
>> criteria, I mentioned this to Samantha, It did not seemd appropiate and
>> actualy the so called board of technical directors is not working, the only
>> people that were contributing was me and Chuck.
>> in the end, lets face it, none of us neither me nor Chuck took the
>> desicion to use OPenSAMM to evaluate projects.
>> im a practical person. I told Samatha to just use a simple survey
>> where people could vote. she decided to use this system and my opinion,
>> it is too complex for evaluating projects, this does not fit.
>> So in the end, the one deciding about this was not the board of technical
>> advisors which are not participating long ago in any decisions been taken.
>> Right now, I havent heard anymore about any decisions been taken.
>> On Saturday, March 29, 2014, Samantha Groves <samantha.groves at owasp.org>
>>> Agreed. You should have probably spoken to me directly instead of
>>> posting 10 rants on public mailing lists. That would have probably been the
>>> more respectable and professional thing to do. I did just spend 4 days with
>>> after all.
>>> On Sat, Mar 29, 2014 at 3:45 AM, Jim Manico <jim.manico at owasp.org>wrote:
>>> I am not on the board of technical directors because it is a deep
>>> conflict of interest since I manage so many OWASP technical projects. I
>>> invest tons of energy and time as an OWASP volunteer in many other ways. I
>>> have provided *criteria* for technical project evaluations on several
>>> occasions throughout the years as well. Technical evaluation is just one
>>> criteria of quality, and yes I've reviewed all the links you shared and
>>> think you are mostly on the right track with your evaluation teams.
>>> Samantha, evaluating the quality of a OWASP project using OpenSAMM, a
>>> Software Development Lifecycle Evaluation criteria, seems so far from the
>>> mission of evaluating projects for quality, I felt I needed to step up and
>>> speak out so we stop this practice immediately and move to a quality based
>>> The *measurement* of projects for quality is, per my understanding, the
>>> main reason we hired you. You have done a great job of building teams to
>>> work on this, but I implore you to condense the evaluation form into one
>>> form for each type of project, and minimize the OpenSAMM questions. I am
>>> loud about this because I see the evaluations underway already and we need
>>> to streamline this process into something that is scalable and effective.
>>> I realize you are managing 177 projects *and more*. We may want to
>>> change your focus from traveling to conferences (since we hired Laura Grau
>>> to manage conferences) so you can focus more on your project management
>>> duties. This is of course Sarah's call.
>>> I have no problem with your critique of my personality, that's fine. But
>>> that does not change the fact that we desperately need proper quality
>>> evaluation of projects and I implore you to heed my advice. I see in your
>>> report that you are about to undertake a review of all flagships, that is
>>> another reason why I am loudly suggesting you change course and stop using
>>> the OpenSAMM criteria.
>>> - Jim
>>> I am sorry to disappoint you, but no you were not the only leader to
>>> throw a tantrum on the staff this week. You certainly were one of them, but
>>> not the only one. I deal with over 100 leaders in any given day so to
>>> assume that my reports are only about your actions is very inaccurate.
>>> Now, I appreciate your concerns, and if you would take the time to
>>> read about the very hard work our community members have accomplished
>>> (mainly our technical project advisors<http://owasp.blogspot.com/2013/09/meet-our-new-technical-project-advisors.html> who
>>> are very "Technical") that were brought together after you refused to help
>>> me put this assessment criteria together after yet another tantrum of
>>> yours, you would know the hard work that went into creating this
>>> system/criteria. I recommend familiarizing yourself with the process before
>>> making very inaccurate assumptions about what is actually happening.
>>> What the advisors did at the summit<https://www.owasp.org/images/c/c3/OWASP_2013_PROJECT_SUMMIT_REPORT.pdf>:
>>> pg. 25
>>> Definition of assessments/reviews: Chapter 7<https://www.owasp.org/images/d/d8/PROJECT_LEADER-HANDBOOK_2014.pdf>
>>> Jim, I love and respect you as a person, but this behavior is very
>>> detrimental to our community and serves no purpose other than to alienate
>>> very hard working volunteers that are taking on a task that has not been
>>> able to be managed in a very long time (even before my time here) due to
>>> the large amount of projects we have in our inventory and the lack of
>>> resources we have as an organization. You, as one of our Board of
>>> Directors, should know this better than anyone in our community. If you
>>> have a better way of managing this, then by all means recommend it. Just
>>> remember, I am not managing 5 projects, I am managing 177 and our system
>>> must accommodate them all.
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the OWASP-Leaders