[Owasp-leaders] [Owasp-board] Working toward a resolution on the Constrast Security / OWASP Benchmark fiasco

Andrew van der Stock vanderaj at owasp.org
Wed Dec 2 04:31:21 UTC 2015

I think one of the key ingredients is not class of leadership/contributors
(e.g. member, non-member, vendor, non-vendor, sponsor, non-sponsor, staff,
non-staff) but increasing the diversity of personnel in projects,
particularly flagship projects.

We have a requirement that there are two chapter leaders for active
chapters. One of the things we have discussed is increasing the diversity
of the leadership team of projects, but also the diversity of contributors.
We can't force anyone to give time to something they may not like to do,
but obviously, in cases like this, I would hope that people aren't just
complaining about a particular project, but want to work to resolve the

Personally, I believe if we can increase the number of folks contributing
to such projects will take out much of the independence concerns we are
experiencing here.


On Wed, Dec 2, 2015 at 9:24 AM, Bev Corwin <bev.corwin at owasp.org> wrote:

> Having non vendor project leaders is a good idea, and all OWASP project
> leaders should be as independent as possible from any specific, for profit
> vendors, especially higher level Directors, owners, etc. I think that there
> should be more flexibility with open source groups and non profits, but any
> for profit business should only participate as a stakeholder volunteer
> project team member, and not a project leader if there are any conflicts of
> interests, and/or their products are under evaluation or involved in any
> promotional activities at all. These lines need to be better delineated
> with clear separation within the OWASP operations model. I think there is
> great room for improvement overall in the current operations organizational
> architecture. This can be accomplished by developing internal policies,
> general restructuring, organizational development, and/or incorporating
> external associated 501(c)6 & 501(c)4 organizations.
> Bev
> On Tue, Dec 1, 2015 at 12:07 PM, Tobias Glemser <tobias.glemser at owasp.org>
> wrote:
>> > Does this mean a vendor could never lead this kind of project and we
>> lose all
>> > the merits of the benchmark? I think if the vendor could also get 2
>> other
>> > independent project leaders that aren't from the same vendor then maybe
>> > that would work.
> _______________________________________________
> OWASP-Leaders mailing list
> OWASP-Leaders at lists.owasp.org
> https://lists.owasp.org/mailman/listinfo/owasp-leaders
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/owasp-leaders/attachments/20151202/d62bc313/attachment.html>

More information about the OWASP-Leaders mailing list