liam.smit at gmail.com
Tue May 9 16:49:39 UTC 2017
You are most welcome.
It is plainly evident from your own emails to this very mailing list that
it is simple matter for someone to raise their concerns.
However it is very difficult to address general concerns. Hence my request
for specific problems and better yet specific solutions to them. I'd be
more than willing to give my support to specific changes that fix or
improve specific problems.
To be perfectly frank for *all* chapters to have *zero* problems would
require a perfect system and these do not exist in practice due to real
world constraints e.g. limited resources. If however the vast majority of
chapters experience few or no problems then that is the sign of a well
functioning system. If there is a widespread problem (based on actual data
e.g. percentage of requests in the last year that received no response)
with regard to some process then it needs to be highlighted and improved.
If you are able to shine a light on any such area of deficiency then OWASP
will be improved and I for one will be thankful for the work that you have
put in to improve it.
If you have evidence of prejudice and malpractice then I suggest you
provide it as either of those would be very serious problems which would
need to be addressed. However mere suspicion is not enough to take action
On Tue, May 9, 2017 at 5:38 PM, Bev Corwin <bev.corwin at owasp.org> wrote:
> Thank you for the comments Liam, I will include them in the shared
> documents. I'm happy to hear that you have had such positive experiences
> and that you are willing to share them. However, I must call into question
> your incorrect assumption that it is "easier to find fault", which is
> simply a false and prejudiced statement, and another example of the
> cultural problems at OWASP. I can assure you that I, and the other OWASP
> Brooklyn Chapter Leaders have not found it easy to bring these serious
> faults to the forefront. In fact, it is truly a pain to have to deal with
> these things, and the pitiful pompous backlash, and we do so, because 1)
> they are a problem and they are repeatedly dismissed 2) obviously it is not
> the experience of *all* of the other chapters which raises serious
> questions of "why" only certain chapters 3) refusal to face the problems
> leads an intelligent person to suspect prejudice and malpractice.
> Sincerely, Bev
> On Tue, May 9, 2017 at 11:26 AM, Liam Smit <liam.smit at gmail.com> wrote:
>> Hi Bev
>> What I do find strange about your experience with OWASP is that it is the
>> opposite of what our chapter has experienced.
>> Whenever our chapter has reached out to the staff we have received a
>> helpful response. For example on the multiple occasions that we have:
>> * Requested $500 for banners, t-shirts and stickers so that OWASP will
>> have a presence at a local security conference.
>> * Asked for print quality artwork.
>> * Suggested an improvement to OWASP's security.
>> * Requested Google Apps changes.
>> * Claimed Meetup.com fees as expenses.
>> As such I would like to take the opportunity to state my appreciation for
>> the good work that the staff do and the guidance that the board provides.
>> I hardly need to point out that when you write things like "they are a
>> systematic failure and a cultural failure, most likely due to chronic lack
>> of leadership" that this is both insulting to and potentially demoralising
>> to the hardworking staff and leadership of OWASP.
>> I myself believe in lightweight processes i.e. where there is just enough
>> process to prevent chaos and ensure good governance e.g. through checks and
>> balances. I also believe that policies, processes and procedures can become
>> out of date as things change and grow. In such a case it becomes necessary
>> to tweak the process through minor updates i.e. the least change for the
>> most benefit because constantly changing processes are difficult to
>> If you feel that there are one or more specific problems then please
>> raise these and if at all possible please suggest improvements as it goes
>> without saying that is far easier to find fault in the work of others than
>> it is to come up with a better way.
>> I look forward to the suggested improvements that come out of the meeting
>> that you have arranged.
>> On Tue, May 9, 2017 at 4:08 PM, Bev Corwin <bev.corwin at owasp.org> wrote:
>>> Hi Johanna,
>>> Happy to schedule a call to discuss and go over the various complex
>>> issues. I realize that we are all human, and encourage OWASP leadership and
>>> staff to take that into consideration, as well, especially when creating
>>> and imposing burdensome authoritarian unproductive workflows for Chapter
>>> Leaders and Members without any end user feedback or process for adoption /
>>> votes to accept them. We are all adults, professionals, and volunteers, and
>>> the OWASP Board and Staff should respect and remember this. We have a
>>> gotomeeting on the OWASP Calendar on Friday May 26, 10am ET (USA NY) to
>>> discuss and document concerns, and will deliver to leadership's thoughtful
>>> consideration. All are welcome to participate and share their comments on
>>> the shared documents, links available on the calendar invitation. These
>>> problems are not caused any one staff person - they are a systematic
>>> failure and a cultural failure, most likely due to chronic lack of
>>> leadership and lack of community engagement / communication / feedback
>>> On Mon, May 8, 2017 at 7:00 PM, johanna curiel curiel <
>>> johanna.curiel at owasp.org> wrote:
>>>> Hi Bev,
>>>> We should definitely acknowledge that there are issues based on your
>>>> strong feedback to the staff and the entire organization. I feel your
>>>> frustration and clear you have expressed this clearly multiple times.
>>>> I just hope you bare in mind that OWASP is definitely far from perfect,
>>>> and yes, there are communication issues, especially when we consider a
>>>> staff having to handle a Global community, working remotely, trying to
>>>> please everyone. Also board members that have a fulltime jobs and have
>>>> taken the responsibility to lead a ship called OWASP and might be too
>>>> absorb in their issues.
>>>> I'm at appsec talking to the staff and trying to understand the issues
>>>> they are facing. Many people are clueless how much works takes to handle a
>>>> Global community across the globe and trying to be available 24x7.
>>>> Please, bear in mind that for some members of the staff like Tiffany,
>>>> this community is particularly new to them, especially, I think, she is
>>>> just trying to get the work done and also with the pressure to have
>>>> guidelines ready.
>>>> I would like very much to have a call with you and try to clarify the
>>>> issues you as part of the community are confronting.
>>>> Lets see how can we use that feedback to improve things and how can we
>>>> make sure that volunteers like you are aware of the work done by the staff
>>>> with realistic expectations on the actual situation.
>>>> We are just people trying to make the web a better place, but let's see
>>>> how can we work together to reach that goal.
>>>> Email me in private, would like very much to talk to you and see how
>>>> can we make improve the communication , but also everyone should be aware
>>>> that OWASP is not a corp and far from it.
>>>> Help us improve and use your experience to advise us how but also based
>>>> on the actual resources and real situation.
>>>> Best regards
>>>> >> Sounds like OWASP Staff are revolting against local chapters and
>>>> making the OWASP Global staff the new "kings" of OWASP Chapters. Do you
>>>> think that this this appropriate?
>>>> >>There are many flaws. Also, staff, chapter leaders and board need
>>>> some training in user experience, member experience, and grassroots
>>>> communications outreach.
>>>> >>My biggest complaint is the fact that it was not put up for vote by
>>>> the community before being adopted. Also, that I was not able to comment on
>>>> the draft that you shared
>>>> >> I am also very disappointed in "bottlenecking" or creating
>>>> unnecessary, burdensome costly, wasteful bureaucracy when it is not needed,
>>>> or welcome. It is one thing to try to organize things, it is another to
>>>> make it harder for chapter leaders and project leaders.
>>>> >>You said that the draft was open for comments and *all* comments
>>>> were incorporated. I know that this is a false statement because I
>>>> submitted comments and they were not incorporated, in fact, they were
>>>> completely ignored. Where are these comments documented? I do not think
>>>> that the entire community was aware of this opportunity to comment. If they
>>>> were, I think that you would have heard more comments like mine, that we
>>>> need to develop an integrated local to global workflow for projects and
>>>> chapter memberships, sponsors, events and co-marketing arrangements, since
>>>> it is too much for staff to do on their own. Also, this document claims
>>>> funding options, and our chapter submitted a number of funding requests
>>>> that were also ignored. This bottlenecking is holding local chapters back,
>>>> waiting on staff, who often times do not come through for them, ignore
>>>> them, and place unrealistic responsibilities on them. This needs to change.
>>>> >>There is a serious lack of productivity, and performance. Plain and
>>>> simple. Staff and board are responsible. Period. Someone needs to state the
>>>> facts here. Local chapters are being limited, too. It hurts local and
>>>> global. Need to wake up and face the facts.
>>>> Johanna Curiel
>>>> OWASP Volunteer
>>> OWASP-Leaders mailing list
>>> OWASP-Leaders at lists.owasp.org
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the OWASP-Leaders