[Owasp-leaders] 2017 Roles and Responsibilities

Dinis Cruz dinis.cruz at owasp.org
Thu Jan 12 17:50:37 UTC 2017

Hi Larry, I agree with you on the need for OWASP to focus on its project's
health and I really hope that the environment (villa + meeting rooms) that
we have created for OWASP projects at the June's Owasp Summit 2017 is going
to be used to create this global mapping/review of owasp projects and its

As we know by experience, it is really hard to review Owasp projects, and
in my view, the only way to do it, is to create an environment where a
focused team can work on it (which is the Summit). The idea would be to do
as much preparation as possible before the Summit, and then use a dedicated
team of owasp leaders, contributors and employees to create that mapping
during the Owasp Summit 2017.

What do you think?


On 12 Jan 2017 5:19 p.m., "Larry Conklin" <larry.conklin at owasp.org> wrote:

Tom, et-all

I want to steal your email thread because it does have a common thread that
I want to explore. We in OWASP proudly keep going down a path we don't want
to with total disregard to reality.

OWASP code project health. I have been involved with others trying to help
with getting our code projects into a healthy state. A hard thing to
accomplish and even much harder than it really should be.

Recently Claudia put out an email asking the community to help validate
OWASP code projects for promotion. First as a community, we drop the ball
in a big way. While everyone seems to have opinions about how projects will
be maintain, be in github under what ownership/account, what constitutes a
healthy project. Reading the feedback from Claudia only two people actually
went thru the process of validating the projects. That is not good for an
active community.

Second, I took the time to add comments to my validation. I made the
comment projects needed to use badges. Please, look at Zap and see how it
Zap project uses badges. Yes, they are the gold standard for other projects
in OWASP to strive too. I also made a comment about ownership in GitHub.  Was
any of my feedback sent to the project managers of these projects? Can my
feedback stop a promotion?

Third, I would like to know what the staffs (Claudia and Matt) roles are
and responsibilities for promotion of a project. I think Claudia email sent
out graduating the projects for promotion was ill advised.  While I am in
total agreement these, are great projects and add value to OWASP I would
like to see things like at what project level should the project owner be
OWASP or for it to be clearly stated for all projects not to be under the
OWASP account in github. At this point, I don’t have a preference other
than to say I am tired of reading the same old arguments again and again on
the OWASP leaders list. We need agree on things and go from there.

All, we seem to confuse progress as a circular path. We need true
benchmarks, that are agreed on than we need to have sure we live up to
these agreements. We need active staff and community involvement.

Right now, the OWASP project health is broken. To fix it needs community
and staff. Matt my assumption is when you took the position on technical
leader this was to be a primary focus for that position. Now is your time
to rise and shine. Good luck!

Community, we all need to get behind this. If ever a topic needed to be
feted at an OWASP summit this is it.

On Thu, Jan 12, 2017 at 7:13 AM, Tom Brennan <tomb at owasp.org> wrote:

> Matt congratulations on your 2017 confirmation to OWASP Foundation
> Chairman.
> Johanna congratulations on your confirmation on Vice Chairperson and to
> Andrew on the confirmation of Treasurer. Tobias, Michael and Josh are
> recognized as members at large in 2017.
> As I embark on the Secretary role I want to call ALL officers attention to
> the attached OWASP document for your review, signature and return to me by
> Friday the 13th 2017.  For reference please find details on the functional
> purpose of the secretary role http://www.diycommitteegu
> ide.org/resource/what-role-of-secretary
> Matt I am also requesting of you that as part of the administrative
> process that we update and file IRS for 8822B and file within 60 days as
> required and I will file it.  Please click on below complete, scan and
> return too.
> https://www.irs.gov/pub/irs-pdf/f8822b.pdf
> Look forward to working to improve OWASP's operational logistics, record
> keeping and ultimately accountability. If anyone has any questions please
> self schedule time on my calendar by simply clicking below and if needed we
> will conference in our retained legal council who currently is Perlman and
> Perlman http://www.perlmanandperlman.com/ when required on issues that
> are out of my area of expertise and require a letter of advisory on topics
> that are to be determined.
> Semper Fi,
> *Tom Brennan | Mobile:* 973-506-9304  *|* *Schedule vMeeting*: Click Here
> <http://www.meetme.so/tombrennan>
> *Tom Brennan | Mobile:* 973-506-9304  *|* *Schedule vMeeting*: Click Here
> <http://www.meetme.so/tombrennan>
> _______________________________________________
> OWASP-Leaders mailing list
> OWASP-Leaders at lists.owasp.org
> https://lists.owasp.org/mailman/listinfo/owasp-leaders

OWASP-Leaders mailing list
OWASP-Leaders at lists.owasp.org
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/owasp-leaders/attachments/20170112/47b05912/attachment.html>

More information about the OWASP-Leaders mailing list