[Owasp-leaders] rough consensus & running code

Bev Corwin bev.corwin at owasp.org
Sun May 7 21:15:44 UTC 2017

PS: I have provided many examples in the past, cc:ing Matt and other board
members, they are fully aware of the problems.

On Sun, May 7, 2017 at 5:10 PM, Bev Corwin <bev.corwin at owasp.org> wrote:

> Hi Steve, I suggest that you do a mapping of the conflicts of interests,
> for starters, and you will clearly see the tip of the iceberg.
> Additionally, there has been *no* oversight for over a year, no
> productivity or performance reporting on much of anything, and well, the
> patients are literally running the asylum. Thirdly, just look at the drain
> and burn on the organization. Show me your proof for your overly optimistic
> and what I consider blatantly incorrect assumptions, or at least, something
> more objective. Most of the *leakage* is not even documented, yet
> experienced by local chapters when trying to engage with global systems. Of
> course, we all care for OWASP, but honestly, if this trend continues much
> longer, there may very well not be an OWASP to debate over sooner than
> later. Sincerely, Bev
> On Sun, May 7, 2017 at 4:51 PM, Steve Kosten <steve.kosten at owasp.org>
> wrote:
>> ​Bev,
>> The statement I ​most objected to was your statement that the OWASP core
>> values and principles "are being hijacked by staff to bottleneck and
>> constrain chapter leaders, mostly to protect their jobs."  This is not a
>> factual statement unless we have the ability to objectively peer into a
>> person's mind and know their motives, and we don't.  It is an opinion.  I
>> respect that this is your opinion.  If you have difficulties with the
>> performance of the staff, I'd suggest bringing it to the board as it is
>> part of the the board's overall responsibility to manage the activities of
>> the staff and judge the performance of the staff.  When doing so, please
>> provide proof to support your assertions as that will enable the board to
>> make decisions based upon facts.  Please do this; you clearly feel wronged
>> and care about OWASP and that would be the appropriate avenue to take to
>> address those concerns.
>> I did see in a later post of yours that numerous requests of yours have
>> not been responded to.  That is certainly an issue.  Your concerns and
>> requests should be acknowledged and handled appropriately.  If I may, I'd
>> like to share one thing that I have found out that may help you (I don't
>> know how you submitted your previous requests).  I have found that emailing
>> staff members doesn't always get a response, I suspect they may be getting
>> flooded with messages.  But when I used the "Contact Us" link on the main
>> page (under neath the blue header), I always received a response.  If you
>> haven't used this, please try that and hopefully the responses improve for
>> you.
>> Finally Bev, as I said, it is clear you care for OWASP, let's continue to
>> move forward together to improve and address the concerns you have about
>> chapters and projects being unnecessarily curtailed.  There must be some
>> limits in order to be an OWASP chapter (e.g., we don't want a chapter or
>> project to be a front to a vendor); chapters and projects must adhere to
>> the OWASP core values and principles.  How we best support that is a fair
>> question and appropriate for the leaders-list.  And for that I thank you
>> for doing just that, for leading the effort to review the Chapter Leaders
>> Handbook.
>> Steve Kosten
>> OWASP Denver Chapter Leader
>> On Sun, May 7, 2017 at 11:40 AM, Bev Corwin <bev.corwin at owasp.org> wrote:
>>> No personal attacks, just the truth. There is plenty of proof, I'm just
>>> stating the obvious. There is a serious lack of productivity, and
>>> performance. Plain and simple. Staff and board are responsible. Period.
>>> Someone needs to state the facts here. Local chapters are being limited,
>>> too. It hurts local and global. Need to wake up and face the facts.
>>> On Sun, May 7, 2017 at 10:00 AM, Aaron Weaver <aaron.weaver2 at gmail.com>
>>> wrote:
>>>> +1 Steve
>>>> As stated by others let's discuss this at the conference this week.
>>>> I've personally worked with almost everyone on the staff and they are
>>>> dedicated to the OWASP mission and work incredibly hard to support us.
>>>> We're not an easy group of people to wrangle together so let's stick to
>>>> constructive criticism, thank the OWASP staff, (it's a thankless job) and
>>>> look for areas of opportunity to improve.
>>>> -Aaron
>>>> Philadelphia OWASP Chapter Leader
>>>> On Sun, May 7, 2017 at 12:44 AM, Steve Kosten <steve.kosten at owasp.org>
>>>> wrote:
>>>>> Bev,
>>>>> I was disturbed to read your comment that you think that OWASP values
>>>>> and core principles "are being hijacked by staff to bottleneck and
>>>>> constrain chapter leaders, mostly to protect their jobs".  In stating this,
>>>>> you are impugning the character of some very good people who have worked
>>>>> hard to support our organization, and without much apparent proof to
>>>>> support this significant charge.  When I read Tiffany's document "Outline
>>>>> for New Chapters", I found it to be in line with what I have found within
>>>>> the Chapter Leader Handbook and from my experience, it did not appear in
>>>>> any sense that significant changes were proposed.  If I'm mistaken and
>>>>> there are, I think this can be expressed and brought up for discussion
>>>>> without attacking the staff.  I find the tone of this discourse to be
>>>>> unfortunate and sympathize with the staff; it must be very demoralizing to
>>>>> be trying to do their best to support the organization only to be lambasted
>>>>> publicly like this.  I certainly think they, as we are, trying to do the
>>>>> right thing for the organization.  Attacking them doesn't really help us.
>>>>> It appears you have issues w/ the handbook.  I completely agree with
>>>>> Liam, let's bring your issues forward and discuss them.  I had previously
>>>>> signed up to be a part of this review (prior to reading this thread) and
>>>>> will fully support this review.  I too want to make things as easy as
>>>>> possible for chapters and projects to be successful.  And I think Tiffany
>>>>> is too, which is why she created this document in the first place.  So
>>>>> let's please put some of this ugliness behind us and work together to make
>>>>> the handbook better.  If you feel chapters and projects are being
>>>>> bottlenecked, let's address that at the same time.
>>>>> Steve Kosten
>>>>> OWASP Denver Chapter Leader
>>>>> On Thu, May 4, 2017 at 9:32 AM, Bev Corwin <bev.corwin at owasp.org>
>>>>> wrote:
>>>>>> Sounds like the Chapter Leader Handbook needs to be voted on by
>>>>>> members. There are many flaws. Also, staff, chapter leaders and board need
>>>>>> some training in user experience, member experience, and grassroots
>>>>>> communications outreach. These top down methodologies and processes are
>>>>>> contrary to OWASP values and core principles. They are being hijacked by
>>>>>> staff to bottleneck and constrain chapter leaders, mostly to protect their
>>>>>> jobs. Bottlenecking needs to be prohibited. Big problem at OWASP.
>>>>>> On Thu, May 4, 2017 at 11:28 AM, Tiffany Long <tiffany.long at owasp.org
>>>>>> > wrote:
>>>>>>> Hey Tom and Bev!  It seems you are ahead of the curve.  This
>>>>>>> document was set to be released to the community with the Ops Update Blog
>>>>>>> post accompanied by the following text:
>>>>>>> Chapter Orientation:
>>>>>>>> Since September all new chapters were requested to have an
>>>>>>>> Orientation meeting via Gotomeeting.  Since then these meetings have been
>>>>>>>> refined into a  series of standing one on one appointments for any Chapter
>>>>>>>> Leaders starting a new chapter, any new chapter leaders who wish to join,
>>>>>>>> and any current leaders who want to take a refresher.
>>>>>>>> So far reactions have been good.  Many experienced chapter leaders
>>>>>>>> have expressed a wish for this when they got started and follow up emails
>>>>>>>> with procedural questions have dropped from an average of 5 per new chapter
>>>>>>>> to 10 total in the last 8 months.  We have also seen an uptick in new
>>>>>>>> chapters using funds and getting multiple leaders on board.  All of these
>>>>>>>> are indicators of early chapter health.  Board members, staff, and the
>>>>>>>> community can read the draft outline of the orientation.  The document will
>>>>>>>> be made public in the form of the Chapter FAQ in the next few weeks.
>>>>>>> It has long been noted that new chapter leaders tick the box that
>>>>>>> says that they have read the Chapter Leader Handbook, but often do not
>>>>>>> understand what help they can get from the foundation or how funding works.
>>>>>>> This document is a draft outline of the most commonly asked questions about
>>>>>>> being a chapter leader.
>>>>>>> The orientation is divided into three parts, the first addresses how
>>>>>>> to build a chapter, how to reach out to audiences and tactics that other
>>>>>>> chapters have used to flourish. The second part covers our vendor
>>>>>>> neutrality policy and other rules and privileges for chapter leaders.
>>>>>>> Finally we discuss funding in-depth.
>>>>>>> Some conversations are expected to be had again when chapter leaders
>>>>>>> are not overwhelmed with questions. In the outline you will see these
>>>>>>> topics marked with statements like "reach out to me." Every point in this
>>>>>>> orientation outline is simply a rehash from the Chapter Leader Handbook.
>>>>>>> Tiffany Long
>>>>>>> Community Manager
>>>>>>> On Thu, May 4, 2017 at 4:07 PM, Bev Corwin <bev.corwin at owasp.org>
>>>>>>> wrote:
>>>>>>>> PS: Re: Document: https://docs.google.
>>>>>>>> com/document/d/1uupqip9TiejURbznt_Dk6t1H--8foRJxcVQ2gdmUj-s/
>>>>>>>> edit?ts=590a0fcc
>>>>>>>> On Thu, May 4, 2017 at 11:04 AM, Bev Corwin <bev.corwin at owasp.org>
>>>>>>>> wrote:
>>>>>>>>> Note that you cannot "edit" or "comment" on this document. The
>>>>>>>>> tone is very *not* right for "consensus". In fact, it is authoritarian in
>>>>>>>>> tone and intent. Sounds like OWASP Staff are revolting against
>>>>>>>>> local chapters and making the OWASP Global staff the new "kings" of OWASP
>>>>>>>>> Chapters. Do you think that this this appropriate?
>>>>>>>>> Bev
>>>>>>>>> On Thu, May 4, 2017 at 10:59 AM, Tom Brennan - OWASP <
>>>>>>>>> tomb at owasp.org> wrote:
>>>>>>>>>> @OWASP we reject kings, presidents and voting. we believe in
>>>>>>>>>> rough consensus and running code
>>>>>>>>>> <https://www.owasp.org/index.php/About_The_Open_Web_Application_Security_Project#Core_Values>,
>>>>>>>>>> your attendance is requested to join the next global board meeting on May
>>>>>>>>>> 9th
>>>>>>>>>> Details:
>>>>>>>>>> https://www.owasp.org/index.php/Board
>>>>>>>>>> Join us share your ideas, concerns and suggestions in person or
>>>>>>>>>> virtually
>>>>>>>>>> <https://www.owasp.org/index.php/Category:OWASP_AppSec_Conference>
>>>>>>>>>> On behalf of the 2017 Board of Directors thank you for caring and
>>>>>>>>>> sharing.
>>>>>>>>>> https://www.owasp.org/index.php/About_The_Open_Web_Applicati
>>>>>>>>>> on_Security_Project#2017_Elected_by_Membership.2C_Global_Boa
>>>>>>>>>> rd_Members
>>>>>>>>>> Tom Brennan
>>>>>>>>>> _______________________________________________
>>>>>>>>>> OWASP-Leaders mailing list
>>>>>>>>>> OWASP-Leaders at lists.owasp.org
>>>>>>>>>> https://lists.owasp.org/mailman/listinfo/owasp-leaders
>>>>>>>> _______________________________________________
>>>>>>>> OWASP-Leaders mailing list
>>>>>>>> OWASP-Leaders at lists.owasp.org
>>>>>>>> https://lists.owasp.org/mailman/listinfo/owasp-leaders
>>>>>> _______________________________________________
>>>>>> OWASP-Leaders mailing list
>>>>>> OWASP-Leaders at lists.owasp.org
>>>>>> https://lists.owasp.org/mailman/listinfo/owasp-leaders
>>>>> _______________________________________________
>>>>> OWASP-Leaders mailing list
>>>>> OWASP-Leaders at lists.owasp.org
>>>>> https://lists.owasp.org/mailman/listinfo/owasp-leaders
>>>> --
>>>> Aaron Weaver
>>>> Philadelphia OWASP Chapter Lead
>>>> OWASP AppSec Pipeline Lead
>>>> https://www.owasp.org/index.php/OWASP_AppSec_Pipeline
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/owasp-leaders/attachments/20170507/dc23239a/attachment-0001.html>

More information about the OWASP-Leaders mailing list