[Owasp-leaders] rough consensus & running code

Steve Kosten steve.kosten at owasp.org
Sun May 7 20:51:05 UTC 2017


The statement I ​most objected to was your statement that the OWASP core
values and principles "are being hijacked by staff to bottleneck and
constrain chapter leaders, mostly to protect their jobs."  This is not a
factual statement unless we have the ability to objectively peer into a
person's mind and know their motives, and we don't.  It is an opinion.  I
respect that this is your opinion.  If you have difficulties with the
performance of the staff, I'd suggest bringing it to the board as it is
part of the the board's overall responsibility to manage the activities of
the staff and judge the performance of the staff.  When doing so, please
provide proof to support your assertions as that will enable the board to
make decisions based upon facts.  Please do this; you clearly feel wronged
and care about OWASP and that would be the appropriate avenue to take to
address those concerns.

I did see in a later post of yours that numerous requests of yours have not
been responded to.  That is certainly an issue.  Your concerns and requests
should be acknowledged and handled appropriately.  If I may, I'd like to
share one thing that I have found out that may help you (I don't know how
you submitted your previous requests).  I have found that emailing staff
members doesn't always get a response, I suspect they may be getting
flooded with messages.  But when I used the "Contact Us" link on the main
page (under neath the blue header), I always received a response.  If you
haven't used this, please try that and hopefully the responses improve for

Finally Bev, as I said, it is clear you care for OWASP, let's continue to
move forward together to improve and address the concerns you have about
chapters and projects being unnecessarily curtailed.  There must be some
limits in order to be an OWASP chapter (e.g., we don't want a chapter or
project to be a front to a vendor); chapters and projects must adhere to
the OWASP core values and principles.  How we best support that is a fair
question and appropriate for the leaders-list.  And for that I thank you
for doing just that, for leading the effort to review the Chapter Leaders

Steve Kosten
OWASP Denver Chapter Leader

On Sun, May 7, 2017 at 11:40 AM, Bev Corwin <bev.corwin at owasp.org> wrote:

> No personal attacks, just the truth. There is plenty of proof, I'm just
> stating the obvious. There is a serious lack of productivity, and
> performance. Plain and simple. Staff and board are responsible. Period.
> Someone needs to state the facts here. Local chapters are being limited,
> too. It hurts local and global. Need to wake up and face the facts.
> On Sun, May 7, 2017 at 10:00 AM, Aaron Weaver <aaron.weaver2 at gmail.com>
> wrote:
>> +1 Steve
>> As stated by others let's discuss this at the conference this week. I've
>> personally worked with almost everyone on the staff and they are dedicated
>> to the OWASP mission and work incredibly hard to support us. We're not an
>> easy group of people to wrangle together so let's stick to constructive
>> criticism, thank the OWASP staff, (it's a thankless job) and look for areas
>> of opportunity to improve.
>> -Aaron
>> Philadelphia OWASP Chapter Leader
>> On Sun, May 7, 2017 at 12:44 AM, Steve Kosten <steve.kosten at owasp.org>
>> wrote:
>>> Bev,
>>> I was disturbed to read your comment that you think that OWASP values
>>> and core principles "are being hijacked by staff to bottleneck and
>>> constrain chapter leaders, mostly to protect their jobs".  In stating this,
>>> you are impugning the character of some very good people who have worked
>>> hard to support our organization, and without much apparent proof to
>>> support this significant charge.  When I read Tiffany's document "Outline
>>> for New Chapters", I found it to be in line with what I have found within
>>> the Chapter Leader Handbook and from my experience, it did not appear in
>>> any sense that significant changes were proposed.  If I'm mistaken and
>>> there are, I think this can be expressed and brought up for discussion
>>> without attacking the staff.  I find the tone of this discourse to be
>>> unfortunate and sympathize with the staff; it must be very demoralizing to
>>> be trying to do their best to support the organization only to be lambasted
>>> publicly like this.  I certainly think they, as we are, trying to do the
>>> right thing for the organization.  Attacking them doesn't really help us.
>>> It appears you have issues w/ the handbook.  I completely agree with
>>> Liam, let's bring your issues forward and discuss them.  I had previously
>>> signed up to be a part of this review (prior to reading this thread) and
>>> will fully support this review.  I too want to make things as easy as
>>> possible for chapters and projects to be successful.  And I think Tiffany
>>> is too, which is why she created this document in the first place.  So
>>> let's please put some of this ugliness behind us and work together to make
>>> the handbook better.  If you feel chapters and projects are being
>>> bottlenecked, let's address that at the same time.
>>> Steve Kosten
>>> OWASP Denver Chapter Leader
>>> On Thu, May 4, 2017 at 9:32 AM, Bev Corwin <bev.corwin at owasp.org> wrote:
>>>> Sounds like the Chapter Leader Handbook needs to be voted on by
>>>> members. There are many flaws. Also, staff, chapter leaders and board need
>>>> some training in user experience, member experience, and grassroots
>>>> communications outreach. These top down methodologies and processes are
>>>> contrary to OWASP values and core principles. They are being hijacked by
>>>> staff to bottleneck and constrain chapter leaders, mostly to protect their
>>>> jobs. Bottlenecking needs to be prohibited. Big problem at OWASP.
>>>> On Thu, May 4, 2017 at 11:28 AM, Tiffany Long <tiffany.long at owasp.org>
>>>> wrote:
>>>>> Hey Tom and Bev!  It seems you are ahead of the curve.  This document
>>>>> was set to be released to the community with the Ops Update Blog post
>>>>> accompanied by the following text:
>>>>> Chapter Orientation:
>>>>>> Since September all new chapters were requested to have an
>>>>>> Orientation meeting via Gotomeeting.  Since then these meetings have been
>>>>>> refined into a  series of standing one on one appointments for any Chapter
>>>>>> Leaders starting a new chapter, any new chapter leaders who wish to join,
>>>>>> and any current leaders who want to take a refresher.
>>>>>> So far reactions have been good.  Many experienced chapter leaders
>>>>>> have expressed a wish for this when they got started and follow up emails
>>>>>> with procedural questions have dropped from an average of 5 per new chapter
>>>>>> to 10 total in the last 8 months.  We have also seen an uptick in new
>>>>>> chapters using funds and getting multiple leaders on board.  All of these
>>>>>> are indicators of early chapter health.  Board members, staff, and the
>>>>>> community can read the draft outline of the orientation.  The document will
>>>>>> be made public in the form of the Chapter FAQ in the next few weeks.
>>>>> It has long been noted that new chapter leaders tick the box that says
>>>>> that they have read the Chapter Leader Handbook, but often do not
>>>>> understand what help they can get from the foundation or how funding works.
>>>>> This document is a draft outline of the most commonly asked questions about
>>>>> being a chapter leader.
>>>>> The orientation is divided into three parts, the first addresses how
>>>>> to build a chapter, how to reach out to audiences and tactics that other
>>>>> chapters have used to flourish. The second part covers our vendor
>>>>> neutrality policy and other rules and privileges for chapter leaders.
>>>>> Finally we discuss funding in-depth.
>>>>> Some conversations are expected to be had again when chapter leaders
>>>>> are not overwhelmed with questions. In the outline you will see these
>>>>> topics marked with statements like "reach out to me." Every point in this
>>>>> orientation outline is simply a rehash from the Chapter Leader Handbook.
>>>>> Tiffany Long
>>>>> Community Manager
>>>>> On Thu, May 4, 2017 at 4:07 PM, Bev Corwin <bev.corwin at owasp.org>
>>>>> wrote:
>>>>>> PS: Re: Document: https://docs.google.com/document/d/1uupqip9TiejURb
>>>>>> znt_Dk6t1H--8foRJxcVQ2gdmUj-s/edit?ts=590a0fcc
>>>>>> On Thu, May 4, 2017 at 11:04 AM, Bev Corwin <bev.corwin at owasp.org>
>>>>>> wrote:
>>>>>>> Note that you cannot "edit" or "comment" on this document. The tone
>>>>>>> is very *not* right for "consensus". In fact, it is authoritarian in tone
>>>>>>> and intent. Sounds like OWASP Staff are revolting against local
>>>>>>> chapters and making the OWASP Global staff the new "kings" of OWASP
>>>>>>> Chapters. Do you think that this this appropriate?
>>>>>>> Bev
>>>>>>> On Thu, May 4, 2017 at 10:59 AM, Tom Brennan - OWASP <tomb at owasp.org
>>>>>>> > wrote:
>>>>>>>> @OWASP we reject kings, presidents and voting. we believe in rough
>>>>>>>> consensus and running code
>>>>>>>> <https://www.owasp.org/index.php/About_The_Open_Web_Application_Security_Project#Core_Values>,
>>>>>>>> your attendance is requested to join the next global board meeting on May
>>>>>>>> 9th
>>>>>>>> Details:
>>>>>>>> https://www.owasp.org/index.php/Board
>>>>>>>> Join us share your ideas, concerns and suggestions in person or
>>>>>>>> virtually
>>>>>>>> <https://www.owasp.org/index.php/Category:OWASP_AppSec_Conference>
>>>>>>>> On behalf of the 2017 Board of Directors thank you for caring and
>>>>>>>> sharing.
>>>>>>>> https://www.owasp.org/index.php/About_The_Open_Web_Applicati
>>>>>>>> on_Security_Project#2017_Elected_by_Membership.2C_Global_Boa
>>>>>>>> rd_Members
>>>>>>>> Tom Brennan
>>>>>>>> _______________________________________________
>>>>>>>> OWASP-Leaders mailing list
>>>>>>>> OWASP-Leaders at lists.owasp.org
>>>>>>>> https://lists.owasp.org/mailman/listinfo/owasp-leaders
>>>>>> _______________________________________________
>>>>>> OWASP-Leaders mailing list
>>>>>> OWASP-Leaders at lists.owasp.org
>>>>>> https://lists.owasp.org/mailman/listinfo/owasp-leaders
>>>> _______________________________________________
>>>> OWASP-Leaders mailing list
>>>> OWASP-Leaders at lists.owasp.org
>>>> https://lists.owasp.org/mailman/listinfo/owasp-leaders
>>> _______________________________________________
>>> OWASP-Leaders mailing list
>>> OWASP-Leaders at lists.owasp.org
>>> https://lists.owasp.org/mailman/listinfo/owasp-leaders
>> --
>> Aaron Weaver
>> Philadelphia OWASP Chapter Lead
>> OWASP AppSec Pipeline Lead
>> https://www.owasp.org/index.php/OWASP_AppSec_Pipeline
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/owasp-leaders/attachments/20170507/47837efc/attachment-0001.html>

More information about the OWASP-Leaders mailing list