[Owasp-leaders] rough consensus & running code

Arthur Hedge ahedge at castleventures.com
Sun May 7 21:15:17 UTC 2017


Bev,

Why don’t you do the mapping of the conflicts of interests, since you seem to know what they are and then share them with the rest of the OWASP leaders before you continue with more accusations?

Arthur J. Hedge III CISSP
Castle Ventures Corporation
(O) 973-538-8004
(C) 201-314-3973
www.castletips.blogspot.com<http://www.castletips.blogspot.com/>
[Facebook Circle]<https://www.facebook.com/Castle-Ventures-Corporation-184520934930950/>[LINKEDIN Circle]<https://www.linkedin.com/company/castle-ventures-llc?trk=nav_account_sub_nav_company_admin>[cid:image003.png at 01D2C755.7D8E21A0]<https://twitter.com/castletips>



From: owasp-leaders-bounces+ahedge=castleventures.com at lists.owasp.org [mailto:owasp-leaders-bounces+ahedge=castleventures.com at lists.owasp.org] On Behalf Of Bev Corwin
Sent: Sunday, May 07, 2017 5:11 PM
To: Steve Kosten <steve.kosten at owasp.org>
Cc: OWASP List <owasp-board at lists.owasp.org>; owasp-leaders at lists.owasp.org
Subject: Re: [Owasp-leaders] rough consensus & running code

Hi Steve, I suggest that you do a mapping of the conflicts of interests, for starters, and you will clearly see the tip of the iceberg. Additionally, there has been *no* oversight for over a year, no productivity or performance reporting on much of anything, and well, the patients are literally running the asylum. Thirdly, just look at the drain and burn on the organization. Show me your proof for your overly optimistic and what I consider blatantly incorrect assumptions, or at least, something more objective. Most of the *leakage* is not even documented, yet experienced by local chapters when trying to engage with global systems. Of course, we all care for OWASP, but honestly, if this trend continues much longer, there may very well not be an OWASP to debate over sooner than later. Sincerely, Bev

On Sun, May 7, 2017 at 4:51 PM, Steve Kosten <steve.kosten at owasp.org<mailto:steve.kosten at owasp.org>> wrote:
​Bev,

The statement I ​most objected to was your statement that the OWASP core values and principles "are being hijacked by staff to bottleneck and constrain chapter leaders, mostly to protect their jobs."  This is not a factual statement unless we have the ability to objectively peer into a person's mind and know their motives, and we don't.  It is an opinion.  I respect that this is your opinion.  If you have difficulties with the performance of the staff, I'd suggest bringing it to the board as it is part of the the board's overall responsibility to manage the activities of the staff and judge the performance of the staff.  When doing so, please provide proof to support your assertions as that will enable the board to make decisions based upon facts.  Please do this; you clearly feel wronged and care about OWASP and that would be the appropriate avenue to take to address those concerns.

I did see in a later post of yours that numerous requests of yours have not been responded to.  That is certainly an issue.  Your concerns and requests should be acknowledged and handled appropriately.  If I may, I'd like to share one thing that I have found out that may help you (I don't know how you submitted your previous requests).  I have found that emailing staff members doesn't always get a response, I suspect they may be getting flooded with messages.  But when I used the "Contact Us" link on the main page (under neath the blue header), I always received a response.  If you haven't used this, please try that and hopefully the responses improve for you.

Finally Bev, as I said, it is clear you care for OWASP, let's continue to move forward together to improve and address the concerns you have about chapters and projects being unnecessarily curtailed.  There must be some limits in order to be an OWASP chapter (e.g., we don't want a chapter or project to be a front to a vendor); chapters and projects must adhere to the OWASP core values and principles.  How we best support that is a fair question and appropriate for the leaders-list.  And for that I thank you for doing just that, for leading the effort to review the Chapter Leaders Handbook.



Steve Kosten
OWASP Denver Chapter Leader

On Sun, May 7, 2017 at 11:40 AM, Bev Corwin <bev.corwin at owasp.org<mailto:bev.corwin at owasp.org>> wrote:
No personal attacks, just the truth. There is plenty of proof, I'm just stating the obvious. There is a serious lack of productivity, and performance. Plain and simple. Staff and board are responsible. Period. Someone needs to state the facts here. Local chapters are being limited, too. It hurts local and global. Need to wake up and face the facts.

On Sun, May 7, 2017 at 10:00 AM, Aaron Weaver <aaron.weaver2 at gmail.com<mailto:aaron.weaver2 at gmail.com>> wrote:
+1 Steve

As stated by others let's discuss this at the conference this week. I've personally worked with almost everyone on the staff and they are dedicated to the OWASP mission and work incredibly hard to support us. We're not an easy group of people to wrangle together so let's stick to constructive criticism, thank the OWASP staff, (it's a thankless job) and look for areas of opportunity to improve.

-Aaron

Philadelphia OWASP Chapter Leader

On Sun, May 7, 2017 at 12:44 AM, Steve Kosten <steve.kosten at owasp.org<mailto:steve.kosten at owasp.org>> wrote:
Bev,

I was disturbed to read your comment that you think that OWASP values and core principles "are being hijacked by staff to bottleneck and constrain chapter leaders, mostly to protect their jobs".  In stating this, you are impugning the character of some very good people who have worked hard to support our organization, and without much apparent proof to support this significant charge.  When I read Tiffany's document "Outline for New Chapters", I found it to be in line with what I have found within the Chapter Leader Handbook and from my experience, it did not appear in any sense that significant changes were proposed.  If I'm mistaken and there are, I think this can be expressed and brought up for discussion without attacking the staff.  I find the tone of this discourse to be unfortunate and sympathize with the staff; it must be very demoralizing to be trying to do their best to support the organization only to be lambasted publicly like this.  I certainly think they, as we are, trying to do the right thing for the organization.  Attacking them doesn't really help us.

It appears you have issues w/ the handbook.  I completely agree with Liam, let's bring your issues forward and discuss them.  I had previously signed up to be a part of this review (prior to reading this thread) and will fully support this review.  I too want to make things as easy as possible for chapters and projects to be successful.  And I think Tiffany is too, which is why she created this document in the first place.  So let's please put some of this ugliness behind us and work together to make the handbook better.  If you feel chapters and projects are being bottlenecked, let's address that at the same time.

Steve Kosten
OWASP Denver Chapter Leader

On Thu, May 4, 2017 at 9:32 AM, Bev Corwin <bev.corwin at owasp.org<mailto:bev.corwin at owasp.org>> wrote:
Sounds like the Chapter Leader Handbook needs to be voted on by members. There are many flaws. Also, staff, chapter leaders and board need some training in user experience, member experience, and grassroots communications outreach. These top down methodologies and processes are contrary to OWASP values and core principles. They are being hijacked by staff to bottleneck and constrain chapter leaders, mostly to protect their jobs. Bottlenecking needs to be prohibited. Big problem at OWASP.

On Thu, May 4, 2017 at 11:28 AM, Tiffany Long <tiffany.long at owasp.org<mailto:tiffany.long at owasp.org>> wrote:
Hey Tom and Bev!  It seems you are ahead of the curve.  This document was set to be released to the community with the Ops Update Blog post accompanied by the following text:
Chapter Orientation:
Since September all new chapters were requested to have an Orientation meeting via Gotomeeting.  Since then these meetings have been refined into a  series of standing one on one appointments for any Chapter Leaders starting a new chapter, any new chapter leaders who wish to join, and any current leaders who want to take a refresher.


So far reactions have been good.  Many experienced chapter leaders have expressed a wish for this when they got started and follow up emails with procedural questions have dropped from an average of 5 per new chapter to 10 total in the last 8 months.  We have also seen an uptick in new chapters using funds and getting multiple leaders on board.  All of these are indicators of early chapter health.  Board members, staff, and the community can read the draft outline of the orientation.  The document will be made public in the form of the Chapter FAQ in the next few weeks.





It has long been noted that new chapter leaders tick the box that says that they have read the Chapter Leader Handbook, but often do not understand what help they can get from the foundation or how funding works. This document is a draft outline of the most commonly asked questions about being a chapter leader.



The orientation is divided into three parts, the first addresses how to build a chapter, how to reach out to audiences and tactics that other chapters have used to flourish. The second part covers our vendor neutrality policy and other rules and privileges for chapter leaders. Finally we discuss funding in-depth.



Some conversations are expected to be had again when chapter leaders are not overwhelmed with questions. In the outline you will see these topics marked with statements like "reach out to me." Every point in this orientation outline is simply a rehash from the Chapter Leader Handbook.

Tiffany Long
Community Manager

On Thu, May 4, 2017 at 4:07 PM, Bev Corwin <bev.corwin at owasp.org<mailto:bev.corwin at owasp.org>> wrote:
PS: Re: Document: https://docs.google.com/document/d/1uupqip9TiejURbznt_Dk6t1H--8foRJxcVQ2gdmUj-s/edit?ts=590a0fcc

On Thu, May 4, 2017 at 11:04 AM, Bev Corwin <bev.corwin at owasp.org<mailto:bev.corwin at owasp.org>> wrote:
Note that you cannot "edit" or "comment" on this document. The tone is very *not* right for "consensus". In fact, it is authoritarian in tone and intent. Sounds like OWASP Staff are revolting against local chapters and making the OWASP Global staff the new "kings" of OWASP Chapters. Do you think that this this appropriate?

Bev

On Thu, May 4, 2017 at 10:59 AM, Tom Brennan - OWASP <tomb at owasp.org<mailto:tomb at owasp.org>> wrote:
@OWASP we reject kings, presidents and voting. we believe in rough consensus and running code<https://www.owasp.org/index.php/About_The_Open_Web_Application_Security_Project#Core_Values>, your attendance is requested to join the next global board meeting on May 9th

Details:
https://www.owasp.org/index.php/Board

Join us share your ideas, concerns and suggestions in person or virtually<https://www.owasp.org/index.php/Category:OWASP_AppSec_Conference>

On behalf of the 2017 Board of Directors thank you for caring and sharing.
https://www.owasp.org/index.php/About_The_Open_Web_Application_Security_Project#2017_Elected_by_Membership.2C_Global_Board_Members

Tom Brennan

_______________________________________________
OWASP-Leaders mailing list
OWASP-Leaders at lists.owasp.org<mailto:OWASP-Leaders at lists.owasp.org>
https://lists.owasp.org/mailman/listinfo/owasp-leaders



_______________________________________________
OWASP-Leaders mailing list
OWASP-Leaders at lists.owasp.org<mailto:OWASP-Leaders at lists.owasp.org>
https://lists.owasp.org/mailman/listinfo/owasp-leaders



_______________________________________________
OWASP-Leaders mailing list
OWASP-Leaders at lists.owasp.org<mailto:OWASP-Leaders at lists.owasp.org>
https://lists.owasp.org/mailman/listinfo/owasp-leaders


_______________________________________________
OWASP-Leaders mailing list
OWASP-Leaders at lists.owasp.org<mailto:OWASP-Leaders at lists.owasp.org>
https://lists.owasp.org/mailman/listinfo/owasp-leaders



--
Aaron Weaver
Philadelphia OWASP Chapter Lead
OWASP AppSec Pipeline Lead
https://www.owasp.org/index.php/OWASP_AppSec_Pipeline



-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/owasp-leaders/attachments/20170507/41a6fdea/attachment-0001.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image001.png
Type: image/png
Size: 2471 bytes
Desc: image001.png
URL: <http://lists.owasp.org/pipermail/owasp-leaders/attachments/20170507/41a6fdea/attachment-0003.png>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image002.png
Type: image/png
Size: 2900 bytes
Desc: image002.png
URL: <http://lists.owasp.org/pipermail/owasp-leaders/attachments/20170507/41a6fdea/attachment-0004.png>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image003.png
Type: image/png
Size: 2874 bytes
Desc: image003.png
URL: <http://lists.owasp.org/pipermail/owasp-leaders/attachments/20170507/41a6fdea/attachment-0005.png>


More information about the OWASP-Leaders mailing list