[Owasp-leaders] Please provide a status update to the membership

Andrew van der Stock vanderaj at owasp.org
Wed Oct 15 12:15:11 UTC 2014

Michael and the Board,

I write to you formally to request a status update on the global OWASP
Board of Directors election process, in particular, I implore the
current Board to take affirmative action to investigate and manage a
resolution to the technical hitches in membership and balloting, and
if necessary delay the election, so that all eligible members can
vote. There is no activity on the Board list to address this issue,
and this, too, needs to be addressed.

Members need to have trust of the integrity of the balloting
(enfranchisement) and voting processes. There are rules posted
regarding the process and deadlines, and for at least some (and
possibly many) members, these deadlines have been missed by the OWASP
Foundation. There is no current membership list. Members have expired
and not been renewed or processed and have missed out on receiving
their vote to the election. It is entirely possible that some of the
candidates, through no fault of their own, are not in good standing.
We just don't know.

The only semi-official message in relation to my queries so far is
"please don't be inflammatory". That is simply not good enough. I am
not sledging the ops team - that is not my intent - but I am saying
there is an critical issue and it is not being managed or communicated
properly, and that requires Board oversight.

In Australia, we recently had to send an entire state back to re-vote
their senate because our electoral commission lost 1300 votes, which
was more votes than the winning margin. I don't ever recall any open
source project or Foundation ever having this type of problem before.
I hope that it's a small issue that can be addressed in a timely and
comprehensive fashion.

Please as a matter of urgency, please work out and communicate with
all the members, (and not just those on the leaders list):

* What is the Board's position on challenges to the election,
postponing or delaying the vote to get the membership and balloting
right, or doing a re-run?

* Were renewal notices sent out to expiring and expired members in a
timely fashion to make the September 30 renewal eligibility deadline?

* If not, will OWASP be e-mailing or making contact with all expired
members to see if they wanted to renew and give them a vote in the
election? If so, when will this occur? Will it occur by the time
voting closes?

* Are all current Board candidates in good standing? If not, will the
Board reach out to the candidates in question, and offer them back
dated honorary membership to comply with the bylaws? Or will they be
ineligible to stand?

* Are all membership renewals (paid, lifetime, and honorary) submitted
prior to September 30 now processed?

* If so, is there an up to date membership list that does not date
back to April 8, 2014? Can this be added to the OWASP Board 2014
elections page?

* As the CRM process wasn't working for some time, what steps are the
Board putting into place to ensure that it is fixed and monitored for
the next election?

These questions have to be answered. No answer is simply not an
option. I don't mind if you take these on notice and reply in pieces,
but please communicate frequently, openly and honestly with us.

I know the vote is open until next week, but I feel that even if there
are only a handful of members piping up on the Leaders mailing list
today, the CRM process has been broken for at least two months, which
covers about 15% of members. It may have been broken as far back as
April 8 when the membership list was seemingly last generated, which
covers around 45-50% of the members.

Simply enrolling those who pipe up in one venue misses those who don't
hang out on the Leaders list and disenfranchises those who might have
wanted a say in OWASP's future. If this is actually a small issue, it
should be easy to determine: compare July, August's and September's
membership totals with that from the year before. If the totals are
reduced, then there is a problem of a known magnitude. But without an
accurate and up to date membership list, we cannot determine if there
are disenfranchised members or how many have been potentially

I gave the ops team nearly two month's notice that something wasn't
right, and stayed in fairly constant communication during that time. I
even gave a heads up about my fellow candidates, who I sincerely hope
have their membership sorted so OWASP members have a geographically
varied and interesting selection of candidates to choose from.

I've been here since very nearly the beginning, I don't think I've
ever seen such disarray in our internal processes, especially such key
processes that directly elect the Board.

I implore the Board to take this very seriously. Please communicate
clearly and frequently with us on next steps. If the Board or the
Foundation needs time - more time than there exists until the end of
voting, I am more than willing to give the benefit of the doubt to
ensure that we have an open, transparent membership and voting system
with integrity for a vote to be open to all members, not just those
unaffected by the technical glitches. I can't speak for the other
candidates, but please ask them too. I'd rather this be done right.

I am reachable on +61 451 057 580 if you want a chat, but I am UTC+11,
which makes it tricky during US business hours.


More information about the OWASP-Leaders mailing list