[Owasp-leaders] OWASP Project Manager Report: March 28, 2014

Jim Manico jim.manico at owasp.org
Mon Mar 31 00:28:49 UTC 2014

Thank you, Johanna. It seems that the technical review board is "not
happening" and were given a very different message at the board. This will
be a top tier discussion item next board meeting if not sooner.

Thank you for this update.

Jim Manico
(808) 652-3805

On Mar 30, 2014, at 10:18 AM, johanna curiel curiel <
johanna.curiel at owasp.org> wrote:

Hi Jim

Thank you for those kind and motivating words. You are awesome too!
I think we need to be practical.

Meetings with no concrete action plans become tiresome. That's why I think
that most project technical advisers are not participating anymore.

We have reached a criteria to use, but again the input of the community is
the most important one, since judging all these projects must be driven on
input data from valuable sources. The opensamm was an effort that I did not
support. We just need simple surveys to ask users and the community to
score based on (for example):
Usability==> Purpose of the project satisfy a need?
Support from project leader/Contributors==> when user needs help, do they
get it from the community of contributors or project leader?
Documentation==> Is the documentation helpful enough to use the tool or
understand what is the project about?
Easiness of use==> Rate how easy is to install, use, etc
Quality==> Bugs been fixed? Actively maintain? etc..

Each project should have a satisfaction survey, ZAP does, so every project
should do.

How can we make this happen?



On Sun, Mar 30, 2014 at 6:07 AM, Jim Manico <jim.manico at owasp.org> wrote:

> Johanna,
> You are an awesome, consistent passionate volunteer and I always enjoy
> interacting with you! You're super-sharp and anytime you ask something of
> me I do it (except for pronouncing your home town correctly).
> I would be happy to help with the technical board of advisors or help
> review and manage surveys from the community. The only reason I did not do
> it originally was because of a worry about a perceived conflict of
> interest. I know these emails from me are not easy to digest, but again,
> I'm not just complaining, I'm very willing to help.
> --
> Jim Manico
> @Manicode
> (808) 652-3805
> On Mar 29, 2014, at 8:40 PM, johanna curiel curiel <
> johanna.curiel at owasp.org> wrote:
> Let me clarify here that I did not vote to use this system as rating
> criteria, I mentioned this to Samantha, It did not seemd appropiate and
> actualy the so called board of technical directors is not working, the only
> people that were contributing was me and Chuck.
> in the end, lets face it, none of us neither me nor Chuck took the
> desicion to use OPenSAMM to evaluate projects.
> im a practical person. I told Samatha to just use a simple survey
> where people could vote. she decided to use this system and my opinion,
> it is too complex for evaluating projects, this does not fit.
> So in the end, the one deciding about this was not the board of technical
> advisors which are not participating long ago in any decisions been taken.
> Right now, I havent heard anymore about any decisions been taken.
> Regards
> Johanna
> On Saturday, March 29, 2014, Samantha Groves <samantha.groves at owasp.org>
> wrote:
>> Agreed. You should have probably spoken to me directly instead of posting
>> 10 rants on public mailing lists. That would have probably been the more
>> respectable and professional thing to do. I did just spend 4 days with
>> after all.
>> On Sat, Mar 29, 2014 at 3:45 AM, Jim Manico <jim.manico at owasp.org> wrote:
>>  Samantha,
>> I am not on the board of technical directors because it is a deep
>> conflict of interest since I manage so many OWASP technical projects. I
>> invest tons of energy and time as an OWASP volunteer in many other ways. I
>> have provided *criteria* for technical project evaluations on several
>> occasions throughout the years as well. Technical evaluation is just one
>> criteria of quality, and yes I've reviewed all the links you shared and
>> think you are mostly on the right track with your evaluation teams.
>> Samantha, evaluating the quality of a OWASP project using OpenSAMM, a
>> Software Development Lifecycle Evaluation criteria, seems so far from the
>> mission of evaluating projects for quality, I felt I needed to step up and
>> speak out so we stop this practice immediately and move to a quality based
>> evaluation.
>> The *measurement* of projects for quality is, per my understanding, the
>> main reason we hired you. You have done a great job of building teams to
>> work on this, but I implore you to condense the evaluation form into one
>> form for each type of project, and minimize the OpenSAMM questions. I am
>> loud about this because I see the evaluations underway already and we need
>> to streamline this process into something that is scalable and effective.
>> I realize you are managing 177 projects *and more*. We may want to change
>> your focus from traveling to conferences (since we hired Laura Grau to
>> manage conferences) so you can focus more on your project management
>> duties. This is of course Sarah's call.
>> I have no problem with your critique of my personality, that's fine. But
>> that does not change the fact that we desperately need proper quality
>> evaluation of projects and I implore you to heed my advice. I see in your
>> report that you are about to undertake a review of all flagships, that is
>> another reason why I am loudly suggesting you change course and stop using
>> the OpenSAMM criteria.
>> - Jim
>>  Jim,
>>  I am sorry to disappoint you, but no you were not the only leader to
>> throw a tantrum on the staff this week. You certainly were one of them, but
>> not the only one. I deal with over 100 leaders in any given day so to
>> assume that my reports are only about your actions is very inaccurate.
>>  Now, I appreciate your concerns, and if you would take the time to read
>> about the very hard work our community members have accomplished (mainly
>> our technical project advisors<http://owasp.blogspot.com/2013/09/meet-our-new-technical-project-advisors.html> who
>> are very "Technical") that were brought together after you refused to help
>> me put this assessment criteria together after yet another tantrum of
>> yours, you would know the hard work that went into creating this
>> system/criteria. I recommend familiarizing yourself with the process before
>> making very inaccurate assumptions about what is actually happening.
>>  What the advisors did at the summit<https://www.owasp.org/images/c/c3/OWASP_2013_PROJECT_SUMMIT_REPORT.pdf>:
>> pg. 25
>>  Definition of assessments/reviews: Chapter 7<https://www.owasp.org/images/d/d8/PROJECT_LEADER-HANDBOOK_2014.pdf>
>>  Jim, I love and respect you as a person, but this behavior is very
>> detrimental to our community and serves no purpose other than to alienate
>> very hard working volunteers that are taking on a task that has not been
>> able to be managed in a very long time (even before my time here) due to
>> the large amount of projects we have in our inventory and the lack of
>> resources we have as an organization. You, as one of our Board of
>> Directors, should know this better than anyone in our community. If you
>> have a better way of managing this, then by all means recommend it. Just
>> remember, I am not managing 5 projects, I am managing 177 and our system
>> must accommodate them all.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/owasp-leaders/attachments/20140330/80826460/attachment-0001.html>

More information about the OWASP-Leaders mailing list