[Owasp-leaders] [Owasp-board] Please provide a status update to the membership

Kevin W. Wall kevin.w.wall at gmail.com
Wed Oct 29 02:58:11 UTC 2014


Helen, et al,

Apparently it is too late for that now. I tried to apply and got this
email message sent to me:

    Although you did complete the Honorary membership form this year but
    because it was after the Sept 30, 2014 deadline, you have not been
    granted honorary membership.  The honorary membership form was opened
    up as part of the "grace period" for those individuals whose
    membership expired between June 30, 2014 and Sept 30, 2014.

So it appears that we have to wait until next year to apply.
(Personally, I'd rather
just be able to apply this year and not be able to vote until next
year rather than
remembering to reapply next year, but maybe that's just me.)

-kevin

On Tue, Oct 28, 2014 at 3:01 PM, Helen Gao <helen.gao at owasp.org> wrote:
> Hi Bev.
>
> I agree with you and others that the staffs are doing their best, and often
> beyond expectation. Glad you brought up honorary
> membership. A link seems to be broken.See below from the election page.I will report this to OWASP
> separately just in case.
> There is always an honorary membership program even before I chaired the
> membership committee around 2011 &2012.
>
> ALL qualified individuals MUST apply for Honorary Membership in order to
> vote by completing the Honorary Membership Form
>
> Regards,
>
> Helen Gao
>
> On Thu, Oct 16, 2014 at 12:13 AM, Bev Corwin <bev.corwin at owasp.org> wrote:
>>
>> Hello again,
>>
>> I think that there should be some reasonable response time expectations
>> from OWASP staff (and members) regarding issues related to honorary
>> membership, governance, events, most things in general, etc. I realize that
>> staff are often overwhelmed, and going above and beyond any reasonable
>> expectation, most of the time, however, we should have some kind of
>> "resilience" volunteer system to back them up when they are not able to
>> respond in a "reasonable" amount of time, yet to be determined. A few years
>> ago I also completed an OWASP honorary membership form and never received
>> any recognition that it was ever received or under consideration. It was
>> during a time when I was volunteering quite a bit for OWASP, and as a "dues
>> paying" member of several other professional associations, decided to give
>> it a try. I gave up and eventually moved OWASP to a higher priority level in
>> my "professional associations" hierarchy, therefore giving it standing in my
>> "memberships" budget. There are so many excellent OWASP volunteers, it would
>> make sense to use them for organizational resiliency in important times of
>> governance special needs.
>>
>> Bev
>>
>>
>> On Wed, Oct 15, 2014 at 10:18 PM, Andrew van der Stock
>> <vanderaj at owasp.org> wrote:
>>>
>>> Thanks Kate, I really appreciate your efforts in assisting me with my
>>> membership this year.
>>>
>>> Thanks Josh for organising this.
>>>
>>> I believe once we know the magnitude of the issue, Bev's idea of an
>>> extension to voting for a period after the official close is the best way
>>> forward. That will give expired members a chance to renew and participate
>>> once the ED knows how many are affected.
>>>
>>> Can the ED please keep us informed, I will leave this for a period of
>>> time to allow the team to figure out how many are affected and to put
>>> resolutions in place, but we need to know some answers before voting closes
>>> next week.
>>>
>>> Thanks
>>> Andrew
>>>
>>>
>>> Sent from my iPad
>>>
>>> On 16 Oct 2014, at 1:11 pm, Josh Sokol <josh.sokol at owasp.org> wrote:
>>>
>>> Andrew,
>>>
>>> It is viewable now thanks to super-Kate and her late night efforts to
>>> support us!  Unfortunately, I'm honestly not sure why this document was
>>> included in the Bylaws.  It is very specific to the 2012 elections, but does
>>> illustrate that this is not a process either run or moderated by the Board.
>>> This process is firmly in the hands of our ED and Operations Team in order
>>> to maintain objectivity.
>>>
>>> ~josh
>>>
>>> On Wed, Oct 15, 2014 at 8:52 PM, Josh Sokol <josh.sokol at owasp.org> wrote:
>>>>
>>>> Andrew,
>>>>
>>>> Action by the Board to "determine if any candidates are not in good
>>>> standing and make a decision as to how to deal with that" could be
>>>> misconstrued as the Board tampering with the election and is not part of the
>>>> Board role in this process.  The Executive Director and Operations Team is
>>>> responsible for our elections process.  This includes every single one of
>>>> the bullet points that you mention in your e-mail.  Our staff is actively
>>>> seeking to do these things and being technical or non-technical is
>>>> irrelevant.  As Eoin pointed out, it is NOT the Board's job to manage the
>>>> election process.  This is not in the bylaws
>>>> (https://www.owasp.org/images/9/92/April2014OWASPFoundationByLaws.pdf).
>>>> Honestly, I'm not sure about the election policy and procedure referenced in
>>>> Section 3.02 as I do not have access to it either.  I have requested access
>>>> and will send an inquiry to the operations team to get it publicly viewable
>>>> ASAP.  Hopefully that document will help to address some of your assertions
>>>> regarding who is responsible for what.
>>>>
>>>> ~josh
>>>>
>>>> On Wed, Oct 15, 2014 at 4:09 PM, Andrew van der Stock
>>>> <vanderaj at owasp.org> wrote:
>>>>>
>>>>> Eoin
>>>>>
>>>>> I am not asking the Board to get in there and deal with the technical
>>>>> stuff, I *am* asking the Board to
>>>>>
>>>>> * Determine what will happen if there is a significant number of
>>>>> disenfranchised members
>>>>> * Determine if any candidates are not in good standing and make a
>>>>> decision as to how to deal with that that complies with the by laws
>>>>> * Determine if there needs to be a delay or a re-do
>>>>> * Determine what will happen if there are challenges to the election
>>>>> or its process
>>>>> * Communicate with us
>>>>>
>>>>> None of those things are technical. None of those things stop the
>>>>> technical folks fixing the glitch. That should be happening in
>>>>> parallel, which it appears to be so. Let's let them do their job.
>>>>>
>>>>> At the same time, the Board needs to do their job, which is to manage
>>>>> the election process as per the by laws and providing advice or
>>>>> guidance around the election by laws when asked.
>>>>>
>>>>> I would ask that the election by laws be put into anonymous read only
>>>>> mode as it's in the PDF of the official OWASP by laws, but no one can
>>>>> see it right now without being granted permission:
>>>>>
>>>>>
>>>>> https://docs.google.com/a/owasp.org/document/d/1A16CEWCebTC_vadzSsaGFsuvBD94HhkbgHKBZr6shII/edit
>>>>>
>>>>> thanks
>>>>> Andrew
>>>>>
>>>>> On Thu, Oct 16, 2014 at 3:21 AM, Eoin Keary <eoin.keary at owasp.org>
>>>>> wrote:
>>>>> > Please Board, do not get involved in this process!!
>>>>> > Stay away and let our great staff deal with this.
>>>>> >
>>>>> >
>>>>> > Eoin Keary
>>>>> > Owasp Global Board
>>>>> > +353 87 977 2988
>>>>> >
>>>>> >
>>>>> > On 15 Oct 2014, at 15:26, Tobias <tobias.gondrom at owasp.org> wrote:
>>>>> >
>>>>> > +1 for Josh.
>>>>> > I can fully support Josh's statements.
>>>>> >
>>>>> > I know things may look calm on the outside, but let me assure you the
>>>>> > whole
>>>>> > team (incl. the board) takes this as the highest priority and there
>>>>> > is very
>>>>> > high activity on the inside by everyone pulling together to get this
>>>>> > analysed and fixed ASAP.
>>>>> >
>>>>> > As you know the election is still open for another 9 days until
>>>>> > Oct-24
>>>>> > (https://www.owasp.org/index.php/2014_Board_Elections), so please
>>>>> > have a
>>>>> > little more patience and give our team a chance to fix it. And based
>>>>> > on the
>>>>> > findings we will decide on what to do in addition - hopefully we know
>>>>> > more
>>>>> > in a few hours.
>>>>> >
>>>>> > Best wishes, Tobias
>>>>> >
>>>>> >
>>>>> > Tobias Gondrom
>>>>> > OWASP Global Board Member
>>>>> >
>>>>> >
>>>>> > On 15/10/14 15:10, Josh Sokol wrote:
>>>>> >
>>>>> > Andrew,
>>>>> >
>>>>> > I had at least half a dozen emails back and forth yesterday related
>>>>> > to my
>>>>> > issue with not receiving the voting email and Kelly was well engaged
>>>>> > with me
>>>>> > and SimplyVoting.  They tracked my particular issue down to having
>>>>> > unsubscribed to a SimplyVoting email during the WASPY awards process.
>>>>> > My
>>>>> > issue was just one of many reported and being worked on.  Kate, who
>>>>> > was in
>>>>> > training this week, was pulled from it in order to work on these
>>>>> > issues.
>>>>> > This is item #1 on the ops team's plate and they are laser focused on
>>>>> > making
>>>>> > sure this process is being handled professionally and without missing
>>>>> > votes.
>>>>> > Your concerns are very valid and are all being investigated.   If
>>>>> > there is
>>>>> > cause to pause the election process, I assure you that it will be
>>>>> > done.  I
>>>>> > do want to say, however, that this is an operations issue and Board
>>>>> > involvement beyond supporting the ops team could constitute tampering
>>>>> > with
>>>>> > the election process.  We need to work diligently, yet judiciously,
>>>>> > in order
>>>>> > to ensure the process is fair for everyone involved.  There were
>>>>> > several
>>>>> > emails on this topic yesterday along with a TON of ops team activity,
>>>>> > and an
>>>>> > update is planned for today.  Keep in mind that its early morning on
>>>>> > day 2
>>>>> > here in the US where the ops team is based.  I'm not saying that
>>>>> > there isn't
>>>>> > a problem, but patience is definitely a virtue when you want to make
>>>>> > sure
>>>>> > that things are handled properly.  Please give the ops team a chance
>>>>> > to
>>>>> > research what happened and communicate it out before assuming that
>>>>> > the issue
>>>>> > is just being ignored.  Thank you.
>>>>> >
>>>>> > Sincerely,
>>>>> >
>>>>> > Josh Sokol
>>>>> >
>>>>> > On Oct 15, 2014 7:16 AM, "Andrew van der Stock" <vanderaj at owasp.org>
>>>>> > wrote:
>>>>> >>
>>>>> >> Michael and the Board,
>>>>> >>
>>>>> >> I write to you formally to request a status update on the global
>>>>> >> OWASP
>>>>> >> Board of Directors election process, in particular, I implore the
>>>>> >> current Board to take affirmative action to investigate and manage a
>>>>> >> resolution to the technical hitches in membership and balloting, and
>>>>> >> if necessary delay the election, so that all eligible members can
>>>>> >> vote. There is no activity on the Board list to address this issue,
>>>>> >> and this, too, needs to be addressed.
>>>>> >>
>>>>> >> Members need to have trust of the integrity of the balloting
>>>>> >> (enfranchisement) and voting processes. There are rules posted
>>>>> >> regarding the process and deadlines, and for at least some (and
>>>>> >> possibly many) members, these deadlines have been missed by the
>>>>> >> OWASP
>>>>> >> Foundation. There is no current membership list. Members have
>>>>> >> expired
>>>>> >> and not been renewed or processed and have missed out on receiving
>>>>> >> their vote to the election. It is entirely possible that some of the
>>>>> >> candidates, through no fault of their own, are not in good standing.
>>>>> >> We just don't know.
>>>>> >>
>>>>> >> The only semi-official message in relation to my queries so far is
>>>>> >> "please don't be inflammatory". That is simply not good enough. I am
>>>>> >> not sledging the ops team - that is not my intent - but I am saying
>>>>> >> there is an critical issue and it is not being managed or
>>>>> >> communicated
>>>>> >> properly, and that requires Board oversight.
>>>>> >>
>>>>> >> In Australia, we recently had to send an entire state back to
>>>>> >> re-vote
>>>>> >> their senate because our electoral commission lost 1300 votes, which
>>>>> >> was more votes than the winning margin. I don't ever recall any open
>>>>> >> source project or Foundation ever having this type of problem
>>>>> >> before.
>>>>> >> I hope that it's a small issue that can be addressed in a timely and
>>>>> >> comprehensive fashion.
>>>>> >>
>>>>> >> Please as a matter of urgency, please work out and communicate with
>>>>> >> all the members, (and not just those on the leaders list):
>>>>> >>
>>>>> >> * What is the Board's position on challenges to the election,
>>>>> >> postponing or delaying the vote to get the membership and balloting
>>>>> >> right, or doing a re-run?
>>>>> >>
>>>>> >> * Were renewal notices sent out to expiring and expired members in a
>>>>> >> timely fashion to make the September 30 renewal eligibility
>>>>> >> deadline?
>>>>> >>
>>>>> >> * If not, will OWASP be e-mailing or making contact with all expired
>>>>> >> members to see if they wanted to renew and give them a vote in the
>>>>> >> election? If so, when will this occur? Will it occur by the time
>>>>> >> voting closes?
>>>>> >>
>>>>> >> * Are all current Board candidates in good standing? If not, will
>>>>> >> the
>>>>> >> Board reach out to the candidates in question, and offer them back
>>>>> >> dated honorary membership to comply with the bylaws? Or will they be
>>>>> >> ineligible to stand?
>>>>> >>
>>>>> >> * Are all membership renewals (paid, lifetime, and honorary)
>>>>> >> submitted
>>>>> >> prior to September 30 now processed?
>>>>> >>
>>>>> >> * If so, is there an up to date membership list that does not date
>>>>> >> back to April 8, 2014? Can this be added to the OWASP Board 2014
>>>>> >> elections page?
>>>>> >>
>>>>> >> * As the CRM process wasn't working for some time, what steps are
>>>>> >> the
>>>>> >> Board putting into place to ensure that it is fixed and monitored
>>>>> >> for
>>>>> >> the next election?
>>>>> >>
>>>>> >>
>>>>> >> These questions have to be answered. No answer is simply not an
>>>>> >> option. I don't mind if you take these on notice and reply in
>>>>> >> pieces,
>>>>> >> but please communicate frequently, openly and honestly with us.
>>>>> >>
>>>>> >> I know the vote is open until next week, but I feel that even if
>>>>> >> there
>>>>> >> are only a handful of members piping up on the Leaders mailing list
>>>>> >> today, the CRM process has been broken for at least two months,
>>>>> >> which
>>>>> >> covers about 15% of members. It may have been broken as far back as
>>>>> >> April 8 when the membership list was seemingly last generated, which
>>>>> >> covers around 45-50% of the members.
>>>>> >>
>>>>> >> Simply enrolling those who pipe up in one venue misses those who
>>>>> >> don't
>>>>> >> hang out on the Leaders list and disenfranchises those who might
>>>>> >> have
>>>>> >> wanted a say in OWASP's future. If this is actually a small issue,
>>>>> >> it
>>>>> >> should be easy to determine: compare July, August's and September's
>>>>> >> membership totals with that from the year before. If the totals are
>>>>> >> reduced, then there is a problem of a known magnitude. But without
>>>>> >> an
>>>>> >> accurate and up to date membership list, we cannot determine if
>>>>> >> there
>>>>> >> are disenfranchised members or how many have been potentially
>>>>> >> disenfranchised.
>>>>> >>
>>>>> >> I gave the ops team nearly two month's notice that something wasn't
>>>>> >> right, and stayed in fairly constant communication during that time.
>>>>> >> I
>>>>> >> even gave a heads up about my fellow candidates, who I sincerely
>>>>> >> hope
>>>>> >> have their membership sorted so OWASP members have a geographically
>>>>> >> varied and interesting selection of candidates to choose from.
>>>>> >>
>>>>> >> I've been here since very nearly the beginning, I don't think I've
>>>>> >> ever seen such disarray in our internal processes, especially such
>>>>> >> key
>>>>> >> processes that directly elect the Board.
>>>>> >>
>>>>> >> I implore the Board to take this very seriously. Please communicate
>>>>> >> clearly and frequently with us on next steps. If the Board or the
>>>>> >> Foundation needs time - more time than there exists until the end of
>>>>> >> voting, I am more than willing to give the benefit of the doubt to
>>>>> >> ensure that we have an open, transparent membership and voting
>>>>> >> system
>>>>> >> with integrity for a vote to be open to all members, not just those
>>>>> >> unaffected by the technical glitches. I can't speak for the other
>>>>> >> candidates, but please ask them too. I'd rather this be done right.
>>>>> >>
>>>>> >> I am reachable on +61 451 057 580 if you want a chat, but I am
>>>>> >> UTC+11,
>>>>> >> which makes it tricky during US business hours.
>>>>> >>
>>>>> >> thanks,
>>>>> >> Andrew
>>>>> >> _______________________________________________
>>>>> >> Owasp-board mailing list
>>>>> >> Owasp-board at lists.owasp.org
>>>>> >> https://lists.owasp.org/mailman/listinfo/owasp-board
>>>>> >
>>>>> >
>>>>> >
>>>>> > _______________________________________________
>>>>> > Owasp-board mailing list
>>>>> > Owasp-board at lists.owasp.org
>>>>> > https://lists.owasp.org/mailman/listinfo/owasp-board
>>>>> >
>>>>> >
>>>>> > _______________________________________________
>>>>> > Owasp-board mailing list
>>>>> > Owasp-board at lists.owasp.org
>>>>> > https://lists.owasp.org/mailman/listinfo/owasp-board
>>>>
>>>>
>>>
>>>
>>> _______________________________________________
>>> OWASP-Leaders mailing list
>>> OWASP-Leaders at lists.owasp.org
>>> https://lists.owasp.org/mailman/listinfo/owasp-leaders
>>>
>>
>>
>> _______________________________________________
>> OWASP-Leaders mailing list
>> OWASP-Leaders at lists.owasp.org
>> https://lists.owasp.org/mailman/listinfo/owasp-leaders
>>
>
>
>
> --
> Helen Gao, CISSP
>
> _______________________________________________
> Owasp-board mailing list
> Owasp-board at lists.owasp.org
> https://lists.owasp.org/mailman/listinfo/owasp-board
>



-- 
Blog: http://off-the-wall-security.blogspot.com/
NSA: All your crypto bit are belong to us.


More information about the OWASP-Leaders mailing list