[Owasp-leaders] 2017 Roles and Responsibilities

Bev Corwin bev.corwin at owasp.org
Thu Jan 19 02:06:38 UTC 2017


Thank you Johanna, Yes, all of these things are awesome, even implementing
a nice little bug tracking tool would be a good start. Sean started
something on Bugheist w/ OWASP BLT Project. Perhaps staff will review that
and start using it too? Looking forward to making progress and helping with
improvements. Very much appreciate all the good work that everyone is
doing. I agree that a bit of coordination and workflow management would
definately help for improving experiences and performance of volunteers,
staff and board of directors. Cheers! Best wishes, Bev

On Wed, Jan 18, 2017 at 9:01 PM, johanna curiel curiel <
johanna.curiel at owasp.org> wrote:

> Hi Bev
>
> Thank you so much for clarifying that
>  when I said "Now our major problem is that the community is not
> participating on validating the reviews done."
>
> I have not mentioned the reason.
> Fact: community is not participating
> Reasons: the ones you have mentioned among others
>
> A proper Volunteer management program including a portal a a tool should
> address these issues. We do not have one, we are not managing volunteer
> participation properly, that I totally agree with you
>
> Cheers
>
>
> On Wed, Jan 18, 2017 at 2:31 PM, Bev Corwin <bev.corwin at owasp.org> wrote:
>
>> Dear Johanna, I agree with everything except your final paragraph. Our
>> major problem is not that the community is not participating. The major
>> problem is that when they do participate either a) the technology is poorly
>> designed and does not work, and/or b) they receive no response and are
>> often ignored, no status updates, timelines of when to expect updates, just
>> silence. This is a poor workflow model, non responsive and broken. Thank
>> you and best wishes, Bev
>>
>> On Wed, Jan 18, 2017 at 6:57 AM, johanna curiel curiel <
>> johanna.curiel at owasp.org> wrote:
>>
>>> >>There is a huge disconnect but I am not sure why or how or where it
>>> resides.
>>>
>>> Thats why I fnid it a priority to have a proper volunteer portal.
>>>
>>> Without a way to structure and let potential volunteers connect with
>>> the tasks we have, become quite difficult even when people want to help
>>>
>>> I have met many that have asked how they can help. If you look at the
>>> volunteer section on our wiki, this is really poor.
>>>
>>> As someone that has been into project reviews for a quite longtime i can
>>> tell you that evaluating projects is a dating tasks.
>>>
>>> Matt Tesauro came on board as full time Senior technical project manager
>>> to help assist that. So yes, he did the reviews and I fully trust Matt's
>>> experience in this matter.
>>>
>>> Now our major problem is that the community is not participating on
>>> validating the reviews done. A way is to organize tis during a summit which
>>> a fully support, another is like I've been mentioning, creat a proper
>>> volunteer portal not only for project reviews but to help support projects
>>> in general with new volunteers
>>>
>>> I'll make an official plan for this part and help execute it. Will send
>>> soon a proposal to be discussed with the community
>>>
>>> Cheers
>>>
>>>
>>>
>>> On Mon, Jan 16, 2017 at 8:09 PM, Larry Conklin <larry.conklin at owasp.org>
>>> wrote:
>>>
>>>> But the is the real issue. We have had already projects trying to help
>>>> with the issue what is a healthy project. We get lots of input. Then it
>>>> dies. We have had this project start-up more than once. On the projects
>>>> just pushed to only two people from the community answered Claudia
>>>> response. I being one of the two responses. There is a huge disconnect but
>>>> I am not sure why or how or where it resides.
>>>>
>>>> My thoughts on attaching to tom's email thread was I wanted some
>>>> discussion on Staff responsibilities for project promotion. I also posted
>>>> my response on other threads asking why we are not getting community
>>>> involvement.
>>>>
>>>> We are hurting OWASP and its brand name for source code projects unless
>>>> we get a grasp of what the real issues are.  Zap is good not because of the
>>>> community (while they do help in voting) but because of Simon and we know
>>>> we have other good projects but we really do need a clean up, remove the
>>>> deadwood, provide a throttle so good projects see flagship and not others.
>>>>
>>>> Personally I think doing things by email and wiki hurts in processes
>>>> like this where we need better interactively between people.
>>>>
>>>> Larry
>>>>
>>>> On Sun, Jan 15, 2017 at 12:01 PM, Dinis Cruz <dinis.cruz at owasp.org>
>>>> wrote:
>>>>
>>>>> of course, but we need a big push of focus and work to get to that
>>>>> point (which is what the Summit can facilitate)
>>>>>
>>>>> On 12 January 2017 at 18:54, Larry Conklin <larry.conklin at owasp.org>
>>>>> wrote:
>>>>>
>>>>>> Dinis, this seems to be a non-ending conversation. If done at a
>>>>>> summit it needs on how to create a processes and policies that are self
>>>>>> -sustaining. Larry
>>>>>>
>>>>>> On Thu, Jan 12, 2017 at 12:50 PM, Dinis Cruz <dinis.cruz at owasp.org>
>>>>>> wrote:
>>>>>>
>>>>>>> Hi Larry, I agree with you on the need for OWASP to focus on its
>>>>>>> project's health and I really hope that the environment (villa + meeting
>>>>>>> rooms) that we have created for OWASP projects at the June's Owasp Summit
>>>>>>> 2017 is going to be used to create this global mapping/review of owasp
>>>>>>> projects and its health.
>>>>>>>
>>>>>>> As we know by experience, it is really hard to review Owasp
>>>>>>> projects, and in my view, the only way to do it, is to create an
>>>>>>> environment where a focused team can work on it (which is the Summit). The
>>>>>>> idea would be to do as much preparation as possible before the Summit, and
>>>>>>> then use a dedicated team of owasp leaders, contributors and employees to
>>>>>>> create that mapping during the Owasp Summit 2017.
>>>>>>>
>>>>>>> What do you think?
>>>>>>>
>>>>>>> Dinis
>>>>>>>
>>>>>>>
>>>>>>> On 12 Jan 2017 5:19 p.m., "Larry Conklin" <larry.conklin at owasp.org>
>>>>>>> wrote:
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>> Tom, et-all
>>>>>>>
>>>>>>> I want to steal your email thread because it does have a common
>>>>>>> thread that I want to explore. We in OWASP proudly keep going down a path
>>>>>>> we don't want to with total disregard to reality.
>>>>>>>
>>>>>>> OWASP code project health. I have been involved with others trying
>>>>>>> to help with getting our code projects into a healthy state. A hard thing
>>>>>>> to accomplish and even much harder than it really should be.
>>>>>>>
>>>>>>> Recently Claudia put out an email asking the community to help
>>>>>>> validate OWASP code projects for promotion. First as a community, we drop
>>>>>>> the ball in a big way. While everyone seems to have opinions about how
>>>>>>> projects will be maintain, be in github under what ownership/account, what
>>>>>>> constitutes a healthy project. Reading the feedback from Claudia only two
>>>>>>> people actually went thru the process of validating the projects. That is
>>>>>>> not good for an active community.
>>>>>>>
>>>>>>> Second, I took the time to add comments to my validation. I made the
>>>>>>> comment projects needed to use badges. Please, look at Zap and see how it
>>>>>>> Zap project uses badges. Yes, they are the gold standard for other projects
>>>>>>> in OWASP to strive too. I also made a comment about ownership in GitHub.
>>>>>>> Was any of my feedback sent to the project managers of these
>>>>>>> projects? Can my feedback stop a promotion?
>>>>>>>
>>>>>>> Third, I would like to know what the staffs (Claudia and Matt) roles
>>>>>>> are and responsibilities for promotion of a project. I think Claudia email
>>>>>>> sent out graduating the projects for promotion was ill advised.  While
>>>>>>> I am in total agreement these, are great projects and add value to OWASP I
>>>>>>> would like to see things like at what project level should the project
>>>>>>> owner be OWASP or for it to be clearly stated for all projects not to be
>>>>>>> under the OWASP account in github. At this point, I don’t have a preference
>>>>>>> other than to say I am tired of reading the same old arguments again and
>>>>>>> again on the OWASP leaders list. We need agree on things and go from there.
>>>>>>>
>>>>>>> All, we seem to confuse progress as a circular path. We need true
>>>>>>> benchmarks, that are agreed on than we need to have sure we live up to
>>>>>>> these agreements. We need active staff and community involvement.
>>>>>>>
>>>>>>> Right now, the OWASP project health is broken. To fix it needs
>>>>>>> community and staff. Matt my assumption is when you took the position on
>>>>>>> technical leader this was to be a primary focus for that position. Now is
>>>>>>> your time to rise and shine. Good luck!
>>>>>>>
>>>>>>> Community, we all need to get behind this. If ever a topic needed to
>>>>>>> be feted at an OWASP summit this is it.
>>>>>>>
>>>>>>> On Thu, Jan 12, 2017 at 7:13 AM, Tom Brennan <tomb at owasp.org> wrote:
>>>>>>>
>>>>>>>> Matt congratulations on your 2017 confirmation to OWASP Foundation
>>>>>>>> Chairman.
>>>>>>>>
>>>>>>>> Johanna congratulations on your confirmation on Vice Chairperson
>>>>>>>> and to Andrew on the confirmation of Treasurer. Tobias, Michael and Josh
>>>>>>>> are recognized as members at large in 2017.
>>>>>>>>
>>>>>>>> As I embark on the Secretary role I want to call ALL officers
>>>>>>>> attention to the attached OWASP document for your review, signature and
>>>>>>>> return to me by Friday the 13th 2017.  For reference please find details on
>>>>>>>> the functional purpose of the secretary role
>>>>>>>> http://www.diycommitteeguide.org/resource/what-role-of-secretary
>>>>>>>>
>>>>>>>> Matt I am also requesting of you that as part of the administrative
>>>>>>>> process that we update and file IRS for 8822B and file within 60 days as
>>>>>>>> required and I will file it.  Please click on below complete, scan and
>>>>>>>> return too.
>>>>>>>>
>>>>>>>> https://www.irs.gov/pub/irs-pdf/f8822b.pdf
>>>>>>>>
>>>>>>>>
>>>>>>>>
>>>>>>>> Look forward to working to improve OWASP's operational logistics,
>>>>>>>> record keeping and ultimately accountability. If anyone has any questions
>>>>>>>> please self schedule time on my calendar by simply clicking below and if
>>>>>>>> needed we will conference in our retained legal council who currently is
>>>>>>>> Perlman and Perlman http://www.perlmanandperlman.com/ when
>>>>>>>> required on issues that are out of my area of expertise and require a
>>>>>>>> letter of advisory on topics that are to be determined.
>>>>>>>>
>>>>>>>> Semper Fi,
>>>>>>>>
>>>>>>>> *Tom Brennan | Mobile:* 973-506-9304  *|* *Schedule vMeeting*: Click
>>>>>>>> Here <http://www.meetme.so/tombrennan>
>>>>>>>>
>>>>>>>>
>>>>>>>>
>>>>>>>> *Tom Brennan | Mobile:* 973-506-9304  *|* *Schedule vMeeting*: Click
>>>>>>>> Here <http://www.meetme.so/tombrennan>
>>>>>>>>
>>>>>>>> _______________________________________________
>>>>>>>> OWASP-Leaders mailing list
>>>>>>>> OWASP-Leaders at lists.owasp.org
>>>>>>>> https://lists.owasp.org/mailman/listinfo/owasp-leaders
>>>>>>>>
>>>>>>>>
>>>>>>>
>>>>>>> _______________________________________________
>>>>>>> OWASP-Leaders mailing list
>>>>>>> OWASP-Leaders at lists.owasp.org
>>>>>>> https://lists.owasp.org/mailman/listinfo/owasp-leaders
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>
>>>>>
>>>>
>>>
>>>
>>> --
>>> Johanna Curiel
>>> OWASP Volunteer
>>>
>>> _______________________________________________
>>> OWASP-Leaders mailing list
>>> OWASP-Leaders at lists.owasp.org
>>> https://lists.owasp.org/mailman/listinfo/owasp-leaders
>>>
>>>
>>
>
>
> --
> Johanna Curiel
> OWASP Volunteer
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/owasp-leaders/attachments/20170118/b6d621cd/attachment-0001.html>


More information about the OWASP-Leaders mailing list