[Owasp-leaders] rough consensus & running code

Bev Corwin bev.corwin at owasp.org
Sun May 7 21:10:50 UTC 2017

Hi Steve, I suggest that you do a mapping of the conflicts of interests,
for starters, and you will clearly see the tip of the iceberg.
Additionally, there has been *no* oversight for over a year, no
productivity or performance reporting on much of anything, and well, the
patients are literally running the asylum. Thirdly, just look at the drain
and burn on the organization. Show me your proof for your overly optimistic
and what I consider blatantly incorrect assumptions, or at least, something
more objective. Most of the *leakage* is not even documented, yet
experienced by local chapters when trying to engage with global systems. Of
course, we all care for OWASP, but honestly, if this trend continues much
longer, there may very well not be an OWASP to debate over sooner than
later. Sincerely, Bev

On Sun, May 7, 2017 at 4:51 PM, Steve Kosten <steve.kosten at owasp.org> wrote:

> ​Bev,
> The statement I ​most objected to was your statement that the OWASP core
> values and principles "are being hijacked by staff to bottleneck and
> constrain chapter leaders, mostly to protect their jobs."  This is not a
> factual statement unless we have the ability to objectively peer into a
> person's mind and know their motives, and we don't.  It is an opinion.  I
> respect that this is your opinion.  If you have difficulties with the
> performance of the staff, I'd suggest bringing it to the board as it is
> part of the the board's overall responsibility to manage the activities of
> the staff and judge the performance of the staff.  When doing so, please
> provide proof to support your assertions as that will enable the board to
> make decisions based upon facts.  Please do this; you clearly feel wronged
> and care about OWASP and that would be the appropriate avenue to take to
> address those concerns.
> I did see in a later post of yours that numerous requests of yours have
> not been responded to.  That is certainly an issue.  Your concerns and
> requests should be acknowledged and handled appropriately.  If I may, I'd
> like to share one thing that I have found out that may help you (I don't
> know how you submitted your previous requests).  I have found that emailing
> staff members doesn't always get a response, I suspect they may be getting
> flooded with messages.  But when I used the "Contact Us" link on the main
> page (under neath the blue header), I always received a response.  If you
> haven't used this, please try that and hopefully the responses improve for
> you.
> Finally Bev, as I said, it is clear you care for OWASP, let's continue to
> move forward together to improve and address the concerns you have about
> chapters and projects being unnecessarily curtailed.  There must be some
> limits in order to be an OWASP chapter (e.g., we don't want a chapter or
> project to be a front to a vendor); chapters and projects must adhere to
> the OWASP core values and principles.  How we best support that is a fair
> question and appropriate for the leaders-list.  And for that I thank you
> for doing just that, for leading the effort to review the Chapter Leaders
> Handbook.
> Steve Kosten
> OWASP Denver Chapter Leader
> On Sun, May 7, 2017 at 11:40 AM, Bev Corwin <bev.corwin at owasp.org> wrote:
>> No personal attacks, just the truth. There is plenty of proof, I'm just
>> stating the obvious. There is a serious lack of productivity, and
>> performance. Plain and simple. Staff and board are responsible. Period.
>> Someone needs to state the facts here. Local chapters are being limited,
>> too. It hurts local and global. Need to wake up and face the facts.
>> On Sun, May 7, 2017 at 10:00 AM, Aaron Weaver <aaron.weaver2 at gmail.com>
>> wrote:
>>> +1 Steve
>>> As stated by others let's discuss this at the conference this week. I've
>>> personally worked with almost everyone on the staff and they are dedicated
>>> to the OWASP mission and work incredibly hard to support us. We're not an
>>> easy group of people to wrangle together so let's stick to constructive
>>> criticism, thank the OWASP staff, (it's a thankless job) and look for areas
>>> of opportunity to improve.
>>> -Aaron
>>> Philadelphia OWASP Chapter Leader
>>> On Sun, May 7, 2017 at 12:44 AM, Steve Kosten <steve.kosten at owasp.org>
>>> wrote:
>>>> Bev,
>>>> I was disturbed to read your comment that you think that OWASP values
>>>> and core principles "are being hijacked by staff to bottleneck and
>>>> constrain chapter leaders, mostly to protect their jobs".  In stating this,
>>>> you are impugning the character of some very good people who have worked
>>>> hard to support our organization, and without much apparent proof to
>>>> support this significant charge.  When I read Tiffany's document "Outline
>>>> for New Chapters", I found it to be in line with what I have found within
>>>> the Chapter Leader Handbook and from my experience, it did not appear in
>>>> any sense that significant changes were proposed.  If I'm mistaken and
>>>> there are, I think this can be expressed and brought up for discussion
>>>> without attacking the staff.  I find the tone of this discourse to be
>>>> unfortunate and sympathize with the staff; it must be very demoralizing to
>>>> be trying to do their best to support the organization only to be lambasted
>>>> publicly like this.  I certainly think they, as we are, trying to do the
>>>> right thing for the organization.  Attacking them doesn't really help us.
>>>> It appears you have issues w/ the handbook.  I completely agree with
>>>> Liam, let's bring your issues forward and discuss them.  I had previously
>>>> signed up to be a part of this review (prior to reading this thread) and
>>>> will fully support this review.  I too want to make things as easy as
>>>> possible for chapters and projects to be successful.  And I think Tiffany
>>>> is too, which is why she created this document in the first place.  So
>>>> let's please put some of this ugliness behind us and work together to make
>>>> the handbook better.  If you feel chapters and projects are being
>>>> bottlenecked, let's address that at the same time.
>>>> Steve Kosten
>>>> OWASP Denver Chapter Leader
>>>> On Thu, May 4, 2017 at 9:32 AM, Bev Corwin <bev.corwin at owasp.org>
>>>> wrote:
>>>>> Sounds like the Chapter Leader Handbook needs to be voted on by
>>>>> members. There are many flaws. Also, staff, chapter leaders and board need
>>>>> some training in user experience, member experience, and grassroots
>>>>> communications outreach. These top down methodologies and processes are
>>>>> contrary to OWASP values and core principles. They are being hijacked by
>>>>> staff to bottleneck and constrain chapter leaders, mostly to protect their
>>>>> jobs. Bottlenecking needs to be prohibited. Big problem at OWASP.
>>>>> On Thu, May 4, 2017 at 11:28 AM, Tiffany Long <tiffany.long at owasp.org>
>>>>> wrote:
>>>>>> Hey Tom and Bev!  It seems you are ahead of the curve.  This document
>>>>>> was set to be released to the community with the Ops Update Blog post
>>>>>> accompanied by the following text:
>>>>>> Chapter Orientation:
>>>>>>> Since September all new chapters were requested to have an
>>>>>>> Orientation meeting via Gotomeeting.  Since then these meetings have been
>>>>>>> refined into a  series of standing one on one appointments for any Chapter
>>>>>>> Leaders starting a new chapter, any new chapter leaders who wish to join,
>>>>>>> and any current leaders who want to take a refresher.
>>>>>>> So far reactions have been good.  Many experienced chapter leaders
>>>>>>> have expressed a wish for this when they got started and follow up emails
>>>>>>> with procedural questions have dropped from an average of 5 per new chapter
>>>>>>> to 10 total in the last 8 months.  We have also seen an uptick in new
>>>>>>> chapters using funds and getting multiple leaders on board.  All of these
>>>>>>> are indicators of early chapter health.  Board members, staff, and the
>>>>>>> community can read the draft outline of the orientation.  The document will
>>>>>>> be made public in the form of the Chapter FAQ in the next few weeks.
>>>>>> It has long been noted that new chapter leaders tick the box that
>>>>>> says that they have read the Chapter Leader Handbook, but often do not
>>>>>> understand what help they can get from the foundation or how funding works.
>>>>>> This document is a draft outline of the most commonly asked questions about
>>>>>> being a chapter leader.
>>>>>> The orientation is divided into three parts, the first addresses how
>>>>>> to build a chapter, how to reach out to audiences and tactics that other
>>>>>> chapters have used to flourish. The second part covers our vendor
>>>>>> neutrality policy and other rules and privileges for chapter leaders.
>>>>>> Finally we discuss funding in-depth.
>>>>>> Some conversations are expected to be had again when chapter leaders
>>>>>> are not overwhelmed with questions. In the outline you will see these
>>>>>> topics marked with statements like "reach out to me." Every point in this
>>>>>> orientation outline is simply a rehash from the Chapter Leader Handbook.
>>>>>> Tiffany Long
>>>>>> Community Manager
>>>>>> On Thu, May 4, 2017 at 4:07 PM, Bev Corwin <bev.corwin at owasp.org>
>>>>>> wrote:
>>>>>>> PS: Re: Document: https://docs.google.com/document/d/1uupqip9TiejURb
>>>>>>> znt_Dk6t1H--8foRJxcVQ2gdmUj-s/edit?ts=590a0fcc
>>>>>>> On Thu, May 4, 2017 at 11:04 AM, Bev Corwin <bev.corwin at owasp.org>
>>>>>>> wrote:
>>>>>>>> Note that you cannot "edit" or "comment" on this document. The tone
>>>>>>>> is very *not* right for "consensus". In fact, it is authoritarian in tone
>>>>>>>> and intent. Sounds like OWASP Staff are revolting against local
>>>>>>>> chapters and making the OWASP Global staff the new "kings" of OWASP
>>>>>>>> Chapters. Do you think that this this appropriate?
>>>>>>>> Bev
>>>>>>>> On Thu, May 4, 2017 at 10:59 AM, Tom Brennan - OWASP <
>>>>>>>> tomb at owasp.org> wrote:
>>>>>>>>> @OWASP we reject kings, presidents and voting. we believe in
>>>>>>>>> rough consensus and running code
>>>>>>>>> <https://www.owasp.org/index.php/About_The_Open_Web_Application_Security_Project#Core_Values>,
>>>>>>>>> your attendance is requested to join the next global board meeting on May
>>>>>>>>> 9th
>>>>>>>>> Details:
>>>>>>>>> https://www.owasp.org/index.php/Board
>>>>>>>>> Join us share your ideas, concerns and suggestions in person or
>>>>>>>>> virtually
>>>>>>>>> <https://www.owasp.org/index.php/Category:OWASP_AppSec_Conference>
>>>>>>>>> On behalf of the 2017 Board of Directors thank you for caring and
>>>>>>>>> sharing.
>>>>>>>>> https://www.owasp.org/index.php/About_The_Open_Web_Applicati
>>>>>>>>> on_Security_Project#2017_Elected_by_Membership.2C_Global_Boa
>>>>>>>>> rd_Members
>>>>>>>>> Tom Brennan
>>>>>>>>> _______________________________________________
>>>>>>>>> OWASP-Leaders mailing list
>>>>>>>>> OWASP-Leaders at lists.owasp.org
>>>>>>>>> https://lists.owasp.org/mailman/listinfo/owasp-leaders
>>>>>>> _______________________________________________
>>>>>>> OWASP-Leaders mailing list
>>>>>>> OWASP-Leaders at lists.owasp.org
>>>>>>> https://lists.owasp.org/mailman/listinfo/owasp-leaders
>>>>> _______________________________________________
>>>>> OWASP-Leaders mailing list
>>>>> OWASP-Leaders at lists.owasp.org
>>>>> https://lists.owasp.org/mailman/listinfo/owasp-leaders
>>>> _______________________________________________
>>>> OWASP-Leaders mailing list
>>>> OWASP-Leaders at lists.owasp.org
>>>> https://lists.owasp.org/mailman/listinfo/owasp-leaders
>>> --
>>> Aaron Weaver
>>> Philadelphia OWASP Chapter Lead
>>> OWASP AppSec Pipeline Lead
>>> https://www.owasp.org/index.php/OWASP_AppSec_Pipeline
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/owasp-leaders/attachments/20170507/283f8489/attachment-0001.html>

More information about the OWASP-Leaders mailing list