[Owasp-leaders] 2017 Roles and Responsibilities

Sean Auriti sean.auriti at owasp.org
Thu Jan 19 02:06:14 UTC 2017


I came across this yesterday - http://www.project501.com/  additionally
there is also https://www.catchafire.org/

I'm up to build a custom one if anyone is interested in collaborating on
that.


ᐧ

On Wed, Jan 18, 2017 at 9:01 PM, johanna curiel curiel <
johanna.curiel at owasp.org> wrote:

> Hi Bev
>
> Thank you so much for clarifying that
>  when I said "Now our major problem is that the community is not
> participating on validating the reviews done."
>
> I have not mentioned the reason.
> Fact: community is not participating
> Reasons: the ones you have mentioned among others
>
> A proper Volunteer management program including a portal a a tool should
> address these issues. We do not have one, we are not managing volunteer
> participation properly, that I totally agree with you
>
> Cheers
>
>
> On Wed, Jan 18, 2017 at 2:31 PM, Bev Corwin <bev.corwin at owasp.org> wrote:
>
>> Dear Johanna, I agree with everything except your final paragraph. Our
>> major problem is not that the community is not participating. The major
>> problem is that when they do participate either a) the technology is poorly
>> designed and does not work, and/or b) they receive no response and are
>> often ignored, no status updates, timelines of when to expect updates, just
>> silence. This is a poor workflow model, non responsive and broken. Thank
>> you and best wishes, Bev
>>
>> On Wed, Jan 18, 2017 at 6:57 AM, johanna curiel curiel <
>> johanna.curiel at owasp.org> wrote:
>>
>>> >>There is a huge disconnect but I am not sure why or how or where it
>>> resides.
>>>
>>> Thats why I fnid it a priority to have a proper volunteer portal.
>>>
>>> Without a way to structure and let potential volunteers connect with
>>> the tasks we have, become quite difficult even when people want to help
>>>
>>> I have met many that have asked how they can help. If you look at the
>>> volunteer section on our wiki, this is really poor.
>>>
>>> As someone that has been into project reviews for a quite longtime i can
>>> tell you that evaluating projects is a dating tasks.
>>>
>>> Matt Tesauro came on board as full time Senior technical project manager
>>> to help assist that. So yes, he did the reviews and I fully trust Matt's
>>> experience in this matter.
>>>
>>> Now our major problem is that the community is not participating on
>>> validating the reviews done. A way is to organize tis during a summit which
>>> a fully support, another is like I've been mentioning, creat a proper
>>> volunteer portal not only for project reviews but to help support projects
>>> in general with new volunteers
>>>
>>> I'll make an official plan for this part and help execute it. Will send
>>> soon a proposal to be discussed with the community
>>>
>>> Cheers
>>>
>>>
>>>
>>> On Mon, Jan 16, 2017 at 8:09 PM, Larry Conklin <larry.conklin at owasp.org>
>>> wrote:
>>>
>>>> But the is the real issue. We have had already projects trying to help
>>>> with the issue what is a healthy project. We get lots of input. Then it
>>>> dies. We have had this project start-up more than once. On the projects
>>>> just pushed to only two people from the community answered Claudia
>>>> response. I being one of the two responses. There is a huge disconnect but
>>>> I am not sure why or how or where it resides.
>>>>
>>>> My thoughts on attaching to tom's email thread was I wanted some
>>>> discussion on Staff responsibilities for project promotion. I also posted
>>>> my response on other threads asking why we are not getting community
>>>> involvement.
>>>>
>>>> We are hurting OWASP and its brand name for source code projects unless
>>>> we get a grasp of what the real issues are.  Zap is good not because of the
>>>> community (while they do help in voting) but because of Simon and we know
>>>> we have other good projects but we really do need a clean up, remove the
>>>> deadwood, provide a throttle so good projects see flagship and not others.
>>>>
>>>> Personally I think doing things by email and wiki hurts in processes
>>>> like this where we need better interactively between people.
>>>>
>>>> Larry
>>>>
>>>> On Sun, Jan 15, 2017 at 12:01 PM, Dinis Cruz <dinis.cruz at owasp.org>
>>>> wrote:
>>>>
>>>>> of course, but we need a big push of focus and work to get to that
>>>>> point (which is what the Summit can facilitate)
>>>>>
>>>>> On 12 January 2017 at 18:54, Larry Conklin <larry.conklin at owasp.org>
>>>>> wrote:
>>>>>
>>>>>> Dinis, this seems to be a non-ending conversation. If done at a
>>>>>> summit it needs on how to create a processes and policies that are self
>>>>>> -sustaining. Larry
>>>>>>
>>>>>> On Thu, Jan 12, 2017 at 12:50 PM, Dinis Cruz <dinis.cruz at owasp.org>
>>>>>> wrote:
>>>>>>
>>>>>>> Hi Larry, I agree with you on the need for OWASP to focus on its
>>>>>>> project's health and I really hope that the environment (villa + meeting
>>>>>>> rooms) that we have created for OWASP projects at the June's Owasp Summit
>>>>>>> 2017 is going to be used to create this global mapping/review of owasp
>>>>>>> projects and its health.
>>>>>>>
>>>>>>> As we know by experience, it is really hard to review Owasp
>>>>>>> projects, and in my view, the only way to do it, is to create an
>>>>>>> environment where a focused team can work on it (which is the Summit). The
>>>>>>> idea would be to do as much preparation as possible before the Summit, and
>>>>>>> then use a dedicated team of owasp leaders, contributors and employees to
>>>>>>> create that mapping during the Owasp Summit 2017.
>>>>>>>
>>>>>>> What do you think?
>>>>>>>
>>>>>>> Dinis
>>>>>>>
>>>>>>>
>>>>>>> On 12 Jan 2017 5:19 p.m., "Larry Conklin" <larry.conklin at owasp.org>
>>>>>>> wrote:
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>> Tom, et-all
>>>>>>>
>>>>>>> I want to steal your email thread because it does have a common
>>>>>>> thread that I want to explore. We in OWASP proudly keep going down a path
>>>>>>> we don't want to with total disregard to reality.
>>>>>>>
>>>>>>> OWASP code project health. I have been involved with others trying
>>>>>>> to help with getting our code projects into a healthy state. A hard thing
>>>>>>> to accomplish and even much harder than it really should be.
>>>>>>>
>>>>>>> Recently Claudia put out an email asking the community to help
>>>>>>> validate OWASP code projects for promotion. First as a community, we drop
>>>>>>> the ball in a big way. While everyone seems to have opinions about how
>>>>>>> projects will be maintain, be in github under what ownership/account, what
>>>>>>> constitutes a healthy project. Reading the feedback from Claudia only two
>>>>>>> people actually went thru the process of validating the projects. That is
>>>>>>> not good for an active community.
>>>>>>>
>>>>>>> Second, I took the time to add comments to my validation. I made the
>>>>>>> comment projects needed to use badges. Please, look at Zap and see how it
>>>>>>> Zap project uses badges. Yes, they are the gold standard for other projects
>>>>>>> in OWASP to strive too. I also made a comment about ownership in GitHub.
>>>>>>> Was any of my feedback sent to the project managers of these
>>>>>>> projects? Can my feedback stop a promotion?
>>>>>>>
>>>>>>> Third, I would like to know what the staffs (Claudia and Matt) roles
>>>>>>> are and responsibilities for promotion of a project. I think Claudia email
>>>>>>> sent out graduating the projects for promotion was ill advised.  While
>>>>>>> I am in total agreement these, are great projects and add value to OWASP I
>>>>>>> would like to see things like at what project level should the project
>>>>>>> owner be OWASP or for it to be clearly stated for all projects not to be
>>>>>>> under the OWASP account in github. At this point, I don’t have a preference
>>>>>>> other than to say I am tired of reading the same old arguments again and
>>>>>>> again on the OWASP leaders list. We need agree on things and go from there.
>>>>>>>
>>>>>>> All, we seem to confuse progress as a circular path. We need true
>>>>>>> benchmarks, that are agreed on than we need to have sure we live up to
>>>>>>> these agreements. We need active staff and community involvement.
>>>>>>>
>>>>>>> Right now, the OWASP project health is broken. To fix it needs
>>>>>>> community and staff. Matt my assumption is when you took the position on
>>>>>>> technical leader this was to be a primary focus for that position. Now is
>>>>>>> your time to rise and shine. Good luck!
>>>>>>>
>>>>>>> Community, we all need to get behind this. If ever a topic needed to
>>>>>>> be feted at an OWASP summit this is it.
>>>>>>>
>>>>>>> On Thu, Jan 12, 2017 at 7:13 AM, Tom Brennan <tomb at owasp.org> wrote:
>>>>>>>
>>>>>>>> Matt congratulations on your 2017 confirmation to OWASP Foundation
>>>>>>>> Chairman.
>>>>>>>>
>>>>>>>> Johanna congratulations on your confirmation on Vice Chairperson
>>>>>>>> and to Andrew on the confirmation of Treasurer. Tobias, Michael and Josh
>>>>>>>> are recognized as members at large in 2017.
>>>>>>>>
>>>>>>>> As I embark on the Secretary role I want to call ALL officers
>>>>>>>> attention to the attached OWASP document for your review, signature and
>>>>>>>> return to me by Friday the 13th 2017.  For reference please find details on
>>>>>>>> the functional purpose of the secretary role
>>>>>>>> http://www.diycommitteeguide.org/resource/what-role-of-secretary
>>>>>>>>
>>>>>>>> Matt I am also requesting of you that as part of the administrative
>>>>>>>> process that we update and file IRS for 8822B and file within 60 days as
>>>>>>>> required and I will file it.  Please click on below complete, scan and
>>>>>>>> return too.
>>>>>>>>
>>>>>>>> https://www.irs.gov/pub/irs-pdf/f8822b.pdf
>>>>>>>>
>>>>>>>>
>>>>>>>>
>>>>>>>> Look forward to working to improve OWASP's operational logistics,
>>>>>>>> record keeping and ultimately accountability. If anyone has any questions
>>>>>>>> please self schedule time on my calendar by simply clicking below and if
>>>>>>>> needed we will conference in our retained legal council who currently is
>>>>>>>> Perlman and Perlman http://www.perlmanandperlman.com/ when
>>>>>>>> required on issues that are out of my area of expertise and require a
>>>>>>>> letter of advisory on topics that are to be determined.
>>>>>>>>
>>>>>>>> Semper Fi,
>>>>>>>>
>>>>>>>> *Tom Brennan | Mobile:* 973-506-9304  *|* *Schedule vMeeting*: Click
>>>>>>>> Here <http://www.meetme.so/tombrennan>
>>>>>>>>
>>>>>>>>
>>>>>>>>
>>>>>>>> *Tom Brennan | Mobile:* 973-506-9304  *|* *Schedule vMeeting*: Click
>>>>>>>> Here <http://www.meetme.so/tombrennan>
>>>>>>>>
>>>>>>>> _______________________________________________
>>>>>>>> OWASP-Leaders mailing list
>>>>>>>> OWASP-Leaders at lists.owasp.org
>>>>>>>> https://lists.owasp.org/mailman/listinfo/owasp-leaders
>>>>>>>>
>>>>>>>>
>>>>>>>
>>>>>>> _______________________________________________
>>>>>>> OWASP-Leaders mailing list
>>>>>>> OWASP-Leaders at lists.owasp.org
>>>>>>> https://lists.owasp.org/mailman/listinfo/owasp-leaders
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>
>>>>>
>>>>
>>>
>>>
>>> --
>>> Johanna Curiel
>>> OWASP Volunteer
>>>
>>> _______________________________________________
>>> OWASP-Leaders mailing list
>>> OWASP-Leaders at lists.owasp.org
>>> https://lists.owasp.org/mailman/listinfo/owasp-leaders
>>>
>>>
>>
>
>
> --
> Johanna Curiel
> OWASP Volunteer
>
> _______________________________________________
> OWASP-Leaders mailing list
> OWASP-Leaders at lists.owasp.org
> https://lists.owasp.org/mailman/listinfo/owasp-leaders
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/owasp-leaders/attachments/20170118/ee579a45/attachment-0001.html>


More information about the OWASP-Leaders mailing list