[Owasp-leaders] 2017 Roles and Responsibilities

Bev Corwin bev.corwin at owasp.org
Thu Jan 19 02:08:52 UTC 2017


Should probably help work with committee on platform, I'll help too.

Bev

On Wed, Jan 18, 2017 at 9:06 PM, Sean Auriti <sean.auriti at owasp.org> wrote:

> I came across this yesterday - http://www.project501.com/  additionally
> there is also https://www.catchafire.org/
>
> I'm up to build a custom one if anyone is interested in collaborating on
> that.
>
>
>>
> On Wed, Jan 18, 2017 at 9:01 PM, johanna curiel curiel <
> johanna.curiel at owasp.org> wrote:
>
>> Hi Bev
>>
>> Thank you so much for clarifying that
>>  when I said "Now our major problem is that the community is not
>> participating on validating the reviews done."
>>
>> I have not mentioned the reason.
>> Fact: community is not participating
>> Reasons: the ones you have mentioned among others
>>
>> A proper Volunteer management program including a portal a a tool should
>> address these issues. We do not have one, we are not managing volunteer
>> participation properly, that I totally agree with you
>>
>> Cheers
>>
>>
>> On Wed, Jan 18, 2017 at 2:31 PM, Bev Corwin <bev.corwin at owasp.org> wrote:
>>
>>> Dear Johanna, I agree with everything except your final paragraph. Our
>>> major problem is not that the community is not participating. The major
>>> problem is that when they do participate either a) the technology is poorly
>>> designed and does not work, and/or b) they receive no response and are
>>> often ignored, no status updates, timelines of when to expect updates, just
>>> silence. This is a poor workflow model, non responsive and broken. Thank
>>> you and best wishes, Bev
>>>
>>> On Wed, Jan 18, 2017 at 6:57 AM, johanna curiel curiel <
>>> johanna.curiel at owasp.org> wrote:
>>>
>>>> >>There is a huge disconnect but I am not sure why or how or where it
>>>> resides.
>>>>
>>>> Thats why I fnid it a priority to have a proper volunteer portal.
>>>>
>>>> Without a way to structure and let potential volunteers connect with
>>>> the tasks we have, become quite difficult even when people want to help
>>>>
>>>> I have met many that have asked how they can help. If you look at the
>>>> volunteer section on our wiki, this is really poor.
>>>>
>>>> As someone that has been into project reviews for a quite longtime i
>>>> can tell you that evaluating projects is a dating tasks.
>>>>
>>>> Matt Tesauro came on board as full time Senior technical project
>>>> manager to help assist that. So yes, he did the reviews and I fully trust
>>>> Matt's experience in this matter.
>>>>
>>>> Now our major problem is that the community is not participating on
>>>> validating the reviews done. A way is to organize tis during a summit which
>>>> a fully support, another is like I've been mentioning, creat a proper
>>>> volunteer portal not only for project reviews but to help support projects
>>>> in general with new volunteers
>>>>
>>>> I'll make an official plan for this part and help execute it. Will send
>>>> soon a proposal to be discussed with the community
>>>>
>>>> Cheers
>>>>
>>>>
>>>>
>>>> On Mon, Jan 16, 2017 at 8:09 PM, Larry Conklin <larry.conklin at owasp.org
>>>> > wrote:
>>>>
>>>>> But the is the real issue. We have had already projects trying to help
>>>>> with the issue what is a healthy project. We get lots of input. Then it
>>>>> dies. We have had this project start-up more than once. On the projects
>>>>> just pushed to only two people from the community answered Claudia
>>>>> response. I being one of the two responses. There is a huge disconnect but
>>>>> I am not sure why or how or where it resides.
>>>>>
>>>>> My thoughts on attaching to tom's email thread was I wanted some
>>>>> discussion on Staff responsibilities for project promotion. I also posted
>>>>> my response on other threads asking why we are not getting community
>>>>> involvement.
>>>>>
>>>>> We are hurting OWASP and its brand name for source code projects
>>>>> unless we get a grasp of what the real issues are.  Zap is good not because
>>>>> of the community (while they do help in voting) but because of Simon and we
>>>>> know we have other good projects but we really do need a clean up, remove
>>>>> the deadwood, provide a throttle so good projects see flagship and not
>>>>> others.
>>>>>
>>>>> Personally I think doing things by email and wiki hurts in processes
>>>>> like this where we need better interactively between people.
>>>>>
>>>>> Larry
>>>>>
>>>>> On Sun, Jan 15, 2017 at 12:01 PM, Dinis Cruz <dinis.cruz at owasp.org>
>>>>> wrote:
>>>>>
>>>>>> of course, but we need a big push of focus and work to get to that
>>>>>> point (which is what the Summit can facilitate)
>>>>>>
>>>>>> On 12 January 2017 at 18:54, Larry Conklin <larry.conklin at owasp.org>
>>>>>> wrote:
>>>>>>
>>>>>>> Dinis, this seems to be a non-ending conversation. If done at a
>>>>>>> summit it needs on how to create a processes and policies that are self
>>>>>>> -sustaining. Larry
>>>>>>>
>>>>>>> On Thu, Jan 12, 2017 at 12:50 PM, Dinis Cruz <dinis.cruz at owasp.org>
>>>>>>> wrote:
>>>>>>>
>>>>>>>> Hi Larry, I agree with you on the need for OWASP to focus on its
>>>>>>>> project's health and I really hope that the environment (villa + meeting
>>>>>>>> rooms) that we have created for OWASP projects at the June's Owasp Summit
>>>>>>>> 2017 is going to be used to create this global mapping/review of owasp
>>>>>>>> projects and its health.
>>>>>>>>
>>>>>>>> As we know by experience, it is really hard to review Owasp
>>>>>>>> projects, and in my view, the only way to do it, is to create an
>>>>>>>> environment where a focused team can work on it (which is the Summit). The
>>>>>>>> idea would be to do as much preparation as possible before the Summit, and
>>>>>>>> then use a dedicated team of owasp leaders, contributors and employees to
>>>>>>>> create that mapping during the Owasp Summit 2017.
>>>>>>>>
>>>>>>>> What do you think?
>>>>>>>>
>>>>>>>> Dinis
>>>>>>>>
>>>>>>>>
>>>>>>>> On 12 Jan 2017 5:19 p.m., "Larry Conklin" <larry.conklin at owasp.org>
>>>>>>>> wrote:
>>>>>>>>
>>>>>>>>
>>>>>>>>
>>>>>>>> Tom, et-all
>>>>>>>>
>>>>>>>> I want to steal your email thread because it does have a common
>>>>>>>> thread that I want to explore. We in OWASP proudly keep going down a path
>>>>>>>> we don't want to with total disregard to reality.
>>>>>>>>
>>>>>>>> OWASP code project health. I have been involved with others trying
>>>>>>>> to help with getting our code projects into a healthy state. A hard thing
>>>>>>>> to accomplish and even much harder than it really should be.
>>>>>>>>
>>>>>>>> Recently Claudia put out an email asking the community to help
>>>>>>>> validate OWASP code projects for promotion. First as a community, we drop
>>>>>>>> the ball in a big way. While everyone seems to have opinions about how
>>>>>>>> projects will be maintain, be in github under what ownership/account, what
>>>>>>>> constitutes a healthy project. Reading the feedback from Claudia only two
>>>>>>>> people actually went thru the process of validating the projects. That is
>>>>>>>> not good for an active community.
>>>>>>>>
>>>>>>>> Second, I took the time to add comments to my validation. I made
>>>>>>>> the comment projects needed to use badges. Please, look at Zap and see how
>>>>>>>> it Zap project uses badges. Yes, they are the gold standard for other
>>>>>>>> projects in OWASP to strive too. I also made a comment about ownership in
>>>>>>>> GitHub.  Was any of my feedback sent to the project managers of
>>>>>>>> these projects? Can my feedback stop a promotion?
>>>>>>>>
>>>>>>>> Third, I would like to know what the staffs (Claudia and Matt)
>>>>>>>> roles are and responsibilities for promotion of a project. I think Claudia
>>>>>>>> email sent out graduating the projects for promotion was ill advised.
>>>>>>>>  While I am in total agreement these, are great projects and add
>>>>>>>> value to OWASP I would like to see things like at what project level should
>>>>>>>> the project owner be OWASP or for it to be clearly stated for all projects
>>>>>>>> not to be under the OWASP account in github. At this point, I don’t have a
>>>>>>>> preference other than to say I am tired of reading the same old arguments
>>>>>>>> again and again on the OWASP leaders list. We need agree on things and go
>>>>>>>> from there.
>>>>>>>>
>>>>>>>> All, we seem to confuse progress as a circular path. We need true
>>>>>>>> benchmarks, that are agreed on than we need to have sure we live up to
>>>>>>>> these agreements. We need active staff and community involvement.
>>>>>>>>
>>>>>>>> Right now, the OWASP project health is broken. To fix it needs
>>>>>>>> community and staff. Matt my assumption is when you took the position on
>>>>>>>> technical leader this was to be a primary focus for that position. Now is
>>>>>>>> your time to rise and shine. Good luck!
>>>>>>>>
>>>>>>>> Community, we all need to get behind this. If ever a topic needed
>>>>>>>> to be feted at an OWASP summit this is it.
>>>>>>>>
>>>>>>>> On Thu, Jan 12, 2017 at 7:13 AM, Tom Brennan <tomb at owasp.org>
>>>>>>>> wrote:
>>>>>>>>
>>>>>>>>> Matt congratulations on your 2017 confirmation to OWASP Foundation
>>>>>>>>> Chairman.
>>>>>>>>>
>>>>>>>>> Johanna congratulations on your confirmation on Vice Chairperson
>>>>>>>>> and to Andrew on the confirmation of Treasurer. Tobias, Michael and Josh
>>>>>>>>> are recognized as members at large in 2017.
>>>>>>>>>
>>>>>>>>> As I embark on the Secretary role I want to call ALL officers
>>>>>>>>> attention to the attached OWASP document for your review, signature and
>>>>>>>>> return to me by Friday the 13th 2017.  For reference please find details on
>>>>>>>>> the functional purpose of the secretary role
>>>>>>>>> http://www.diycommitteeguide.org/resource/what-role-of-secretary
>>>>>>>>>
>>>>>>>>> Matt I am also requesting of you that as part of the
>>>>>>>>> administrative process that we update and file IRS for 8822B and file
>>>>>>>>> within 60 days as required and I will file it.  Please click on below
>>>>>>>>> complete, scan and return too.
>>>>>>>>>
>>>>>>>>> https://www.irs.gov/pub/irs-pdf/f8822b.pdf
>>>>>>>>>
>>>>>>>>>
>>>>>>>>>
>>>>>>>>> Look forward to working to improve OWASP's operational logistics,
>>>>>>>>> record keeping and ultimately accountability. If anyone has any questions
>>>>>>>>> please self schedule time on my calendar by simply clicking below and if
>>>>>>>>> needed we will conference in our retained legal council who currently is
>>>>>>>>> Perlman and Perlman http://www.perlmanandperlman.com/ when
>>>>>>>>> required on issues that are out of my area of expertise and require a
>>>>>>>>> letter of advisory on topics that are to be determined.
>>>>>>>>>
>>>>>>>>> Semper Fi,
>>>>>>>>>
>>>>>>>>> *Tom Brennan | Mobile:* 973-506-9304  *|* *Schedule vMeeting*: Click
>>>>>>>>> Here <http://www.meetme.so/tombrennan>
>>>>>>>>>
>>>>>>>>>
>>>>>>>>>
>>>>>>>>> *Tom Brennan | Mobile:* 973-506-9304  *|* *Schedule vMeeting*: Click
>>>>>>>>> Here <http://www.meetme.so/tombrennan>
>>>>>>>>>
>>>>>>>>> _______________________________________________
>>>>>>>>> OWASP-Leaders mailing list
>>>>>>>>> OWASP-Leaders at lists.owasp.org
>>>>>>>>> https://lists.owasp.org/mailman/listinfo/owasp-leaders
>>>>>>>>>
>>>>>>>>>
>>>>>>>>
>>>>>>>> _______________________________________________
>>>>>>>> OWASP-Leaders mailing list
>>>>>>>> OWASP-Leaders at lists.owasp.org
>>>>>>>> https://lists.owasp.org/mailman/listinfo/owasp-leaders
>>>>>>>>
>>>>>>>>
>>>>>>>>
>>>>>>>
>>>>>>
>>>>>
>>>>
>>>>
>>>> --
>>>> Johanna Curiel
>>>> OWASP Volunteer
>>>>
>>>> _______________________________________________
>>>> OWASP-Leaders mailing list
>>>> OWASP-Leaders at lists.owasp.org
>>>> https://lists.owasp.org/mailman/listinfo/owasp-leaders
>>>>
>>>>
>>>
>>
>>
>> --
>> Johanna Curiel
>> OWASP Volunteer
>>
>> _______________________________________________
>> OWASP-Leaders mailing list
>> OWASP-Leaders at lists.owasp.org
>> https://lists.owasp.org/mailman/listinfo/owasp-leaders
>>
>>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/owasp-leaders/attachments/20170118/c1ebdfc5/attachment-0001.html>


More information about the OWASP-Leaders mailing list