[Owasp-leaders] [OWASP-chapters] [Owasp-board] Proposal for OWASP Global Chapters Committee

Timur 'x' Khrotko [owasp] timur at owasp.org
Mon Sep 10 16:28:36 UTC 2018


[not to interfere with the questions of Carlos below]

Dear All, is my observation correct that the committee Josh initiated to
establish is to review the functioning and the management of the Foundation
and the quality of the services provided to the community, and probably the
role of the Board in maybe letting the operational/organizational problems
persist, etc.?

If so then that committee is in the first iteration an audit body and
probably in the second is a crisis management body. One of the subjects of
the review is then the Foundation staff and management. Correct? If so the
management and the Board should not make decisions regarding the
establishment of the committee, beyond the formalities and the control of
the ethical conduct and compliance.

Please correct me if I'm lost!

Ps. The rules say that the committee operates on behalf of the Foundation,
I guess it reads as on behalf of the legal body (the charity and the
represented community).

Timur

On Mon, 10 Sep 2018 at 17:43, Carlos Allendes <carlos.allendes at owasp.org>
wrote:

> Dear Karen
>
> IMO is very sad to read your message if you say that there is no need to
> rush a committee ... then it is still not clear enough that precisely we
> are doing it for delays of months and the lack of feedback from the current
> structure to answer requests or create new chapters (including the new
> student chapters).
>
>  and then I am even more perplexed when you say that "all the committees"
> will be created in October (?) ... it is realistic to think about creating
> several committees (with what that implies)  when objectively there is no
> capacity to create a chapter of students in less than 2.5 months (!)
>
>
> *Finally, I request you please send us the information indicated below....
> **to have an objective context of the gap size, that we should solve**:*
>
> *A) Those 600 leaders that you mention can indicate us in percentages (%)
> to which project and / or chapter those leaders belong.*
>
> *B) Information of current request records tipified by categories*
> *B.1) quantity of requests initiated during 2018*
> *B.2) quantity of requests closed and with the approval of the initiator*
> *B.3) quantity of requests open and pending yet*
>
>
>
> Thanks in advance
>
> ----------
> Carlos Allendes Droguett
> OWASP Chile, chapter leader.
> Links  e-List <http://goo.gl/LBELa>   www <http://goo.gl/9wuFX>    mail
> <carlos.allendes at owasp.org>   linkedIN
> <http://cl.linkedin.com/in/carlosallendes>
> ----------
>
>
>
>
> 2018-09-10 11:20 GMT-03:00 Karen Staley <karen.staley at owasp.org>:
>
>> Dear Leaders and Community Members,
>>
>> First of all, thank you for all the comments and for your support of the
>> Foundation.  We very much value your input on this email thread.
>>
>>
>> As an open source community we believe that committees will enhance the
>> engagement and service of the Foundation to the community. A Global Chapter
>> committee will be helpful to support the chapters and assist them with
>> their initiatives. Based on this, it is clear, we all want the same thing
>> for the Foundation. Committees will enhance engagement and community
>> relationships. Please join one of the three *Town-Hall meetings *to
>> discuss the Foundation and the path we should take for the future. These
>> meetings will include ideas for other committees we need to create as well.
>> It is important that we have the *entire** leader community comment *through
>> the month of September. We have *over 600 leaders *that should have an
>> opportunity to share their thoughts and suggestions with the Foundation.
>> Let's give them this opportunity to respond to the Foundation throughout
>> the month of September.
>>
>> The Foundation is very sensitive to recent communications with the
>> community as well and hosting Town-Hall meetings will allow for collective
>> input on the committees so that at the AppSec USA leaders meeting we can
>> address all needed committees with the community. We need to provide the
>> community *(more than 600 leaders today*) with sufficient time to share
>> their thoughts on several items concerning the future of the Foundation.
>> The comments on this email thread are very valuable, but with more than 600
>> leaders there are many more voices to be heard.
>>
>> Furthermore, I personally need this time as well to understand the
>> community better.  There is no need to rush one committee, all committees
>> will be created in October. Let’s give the greater community time to
>> respond and speak to the Foundation and the community.
>>
>>
>> I would also like to ask any community members reading this email to
>> share their thoughts on the approach of Town-Hall meetings in September and
>> creation of committees in October.  Please take time to join one of the
>> Town-Hall meetings, your involvement is vital and we need to hear from you.
>> I would very much like to hear what you have to say about the Foundation
>> and its future path.
>>
>> Thank you for your patience and understanding. If you have any questions
>> or need additional information on the Foundation or the Town-Hall meetings,
>> just contact me or Matt T.
>>
>>
>> Sincerely,
>>
>> Karen
>>
>>
>> On Mon, Sep 10, 2018 at 6:14 AM Zoe Braiterman <zoe.braiterman at owasp.org>
>> wrote:
>>
>>> Hi Josh and all,
>>>
>>> I agree with @Josh and support the proposal. So far, the WIA Committee
>>> is the only OWASP Committee set to be run under the Committees 2.0
>>> Operational Model.
>>>
>>> I definitely see the potential opportunity for value and sustainability
>>> from an OWASP Chapters Committee, at the global and local Chapter community
>>> levels.
>>>
>>> From my experience, the ongoing, extra volunteer work (online
>>> communications and monthly global Committee calls, outside of local
>>> meetings / events) has been worthwhile as a means of continuous
>>> collaboration and driving the global OWASP mission. That said, many
>>> discussions I’ve had (regarding WIA and otherwise) confirm my reasons for
>>> agreeing. I also copy the WIA Officers inbox and WIA Committee mailing list
>>> here.
>>>
>>> I look forward to conintued discussion / collaboration of the Committee
>>> Adoption, based on my perspective as both an OWASP Committee Chair and a
>>> Brooklyn Chapter member.
>>>
>>> Best,
>>> Zoe
>>>
>>>
>>>
>>> On Sun, Sep 9, 2018 at 11:59 AM Bev Corwin <bev.corwin at owasp.org> wrote:
>>>
>>>> +1 Josh, I support Josh and will be happy to share our experiences with
>>>> the new Brooklyn chapter.
>>>>
>>>> Bev
>>>>
>>>>
>>>> On Sun, Sep 9, 2018 at 11:25 AM, Bil Corry <bil.corry at owasp.org> wrote:
>>>>
>>>>> Hi Martin,
>>>>>
>>>>> Josh had the same thought, he shared the same link in the first
>>>>> sentence of the first email in this thread:
>>>>>
>>>>>
>>>>> http://lists.owasp.org/pipermail/owasp-leaders/2018-September/019352.html
>>>>>
>>>>> - Bil
>>>>>
>>>>> On Sep 9, 2018, at 1:41 AM, Martin Knobloch <martin.knobloch at owasp.org>
>>>>> wrote:
>>>>>
>>>>> Hi Josh,
>>>>>
>>>>> Just to make sure everyone is on the same page on the committee policy
>>>>> and guidelines, I want to share this link:
>>>>>
>>>>>
>>>>> https://www.owasp.org/index.php/Governance/OWASP_Committees#OWASP_Committees_2.0_Operational_Model
>>>>>
>>>>> Kind regards,
>>>>> -martin
>>>>>
>>>>> On Saturday, September 8, 2018, Josh Sokol <josh.sokol at owasp.org>
>>>>> wrote:
>>>>>
>>>>>> This is exactly the kind of issues we are trying to address with this
>>>>>> committee.  If you have a question about how something should work or want
>>>>>> advice on how to do something, that shouldn't go into a support queue and
>>>>>> wait weeks for a response from a staff member.  Instead, my proposal would
>>>>>> leverage regional and global leaders with actual experience running
>>>>>> chapters to help answer these questions.  Even better, as a new chapter
>>>>>> leader, you should be partnered with a mentor from one one of our more
>>>>>> experienced chapters to help coach you.
>>>>>>
>>>>>> Any of our Chapter Leaders, or anyone else for that matter,
>>>>>> interested in furthering this cause, we don't need the Board or ED's
>>>>>> approval to do so.  I've started a new #chapters channel in Slack for that
>>>>>> purpose.  Come and join us:
>>>>>>
>>>>>>
>>>>>> https://join.slack.com/t/owasp/shared_invite/enQtNDI5MzgxMDQ2MTAwLTEyNzIzYWQ2NDZiMGIwNmJhYzYxZDJiNTM0ZmZiZmJlY2EwZmMwYjAyNmJjNzQxNzMyMWY4OTk3ZTQ0MzFhMDY
>>>>>>
>>>>>> It's probably worth noting, however, that despite being asked for a
>>>>>> "civil discussion and substantive proposal", and providing what I felt was
>>>>>> a genuinely substantive step in that direction, I received a follow-up
>>>>>> e-mail from Karen saying that they'd like to put this proposal on hold for
>>>>>> two months while they hold three town halls to discuss the "holistic
>>>>>> sustainability of the foundation".  To put it another way, what I warned of
>>>>>> in my response to Greg's e-mail is exactly what the Board and ED were
>>>>>> looking to do, they just haven't been straightforward in their discussions
>>>>>> about it.  These conversations have been going on in closed door meetings
>>>>>> and private e-mail threads, and not on the OWASP-Board mailing list in the
>>>>>> spirit of openness and transparency.
>>>>>>
>>>>>> ~josh
>>>>>>
>>>>>> On Sat, Sep 8, 2018 at 12:39 AM John Patrick Lita <
>>>>>> john.patrick.lita at owasp.org> wrote:
>>>>>>
>>>>>>> Hi all
>>>>>>>
>>>>>>> I know all that we have problems with each chapters, and i hope that
>>>>>>> the global committee will also have a program from ASEAN Region.
>>>>>>>
>>>>>>> My Chapter in Philippines was idle for a while. I just notice that
>>>>>>> everytime there is a Conference in STATE no one can answer my questions or
>>>>>>> query because everyone is busy for Conference.
>>>>>>>
>>>>>>> I hope the support is flexible for me as a chapter leader i have so
>>>>>>> many question and need more guidance to make my chapter more productive and
>>>>>>> active to the community.
>>>>>>>
>>>>>>> Thanks
>>>>>>>
>>>>>>> On Fri, Sep 7, 2018, 11:51 PM Travis McPeak <travis.mcpeak at gmail.com>
>>>>>>> wrote:
>>>>>>>
>>>>>>>> Hi all,
>>>>>>>>
>>>>>>>> After discussing this with Josh, I'd like to say I misunderstood
>>>>>>>> the intent of the committee. I was concerned that this would turn into a
>>>>>>>> lot of endless debate with little action items. What Josh is proposing is
>>>>>>>> the exact opposite of this.
>>>>>>>>
>>>>>>>> When I started as a new chapter leader, I found a surprising lack
>>>>>>>> of resources or lots of outdated resources for me to draw on. With the
>>>>>>>> volume of experience we all have as chapter leaders there's no reason why
>>>>>>>> common problems like these shouldn't be addressed quickly with a
>>>>>>>> divide-and-conquer approach. Those interested can be empowered and
>>>>>>>> supported with the necessary resources to go make things better. I now
>>>>>>>> believe this is the intent of the committee and I look forward to the
>>>>>>>> awesome things that will come from a result of it.
>>>>>>>>
>>>>>>>> -Travis (Bay Area)
>>>>>>>>
>>>>>>>> On Tue, Sep 4, 2018 at 1:26 PM Milton Smith <milton.smith at owasp.org>
>>>>>>>> wrote:
>>>>>>>>
>>>>>>>>> This seems like a great proposal to me Josh.  The committees
>>>>>>>>> operational model looks well written and considers OWASP committee
>>>>>>>>> organization/operations from the OWASP member perspective.  It’s great to
>>>>>>>>> have your knowledge and the knowledge of past leaders/staff.
>>>>>>>>>
>>>>>>>>> Clearly OWASP is experiencing some growing pains.  We are looking
>>>>>>>>> at committees for this area but perhaps committees should be considered
>>>>>>>>> more broadly for other areas where diverse opinion exists?  Properly
>>>>>>>>> representing everyone’s opinions is difficult in a global organization.
>>>>>>>>> Josh and Martin your both amazing, you’ve both been improving the security
>>>>>>>>> space for many years, and I appreciate your leadership and enthusiasm for
>>>>>>>>> building a better OWASP.
>>>>>>>>>
>>>>>>>>> —Milton
>>>>>>>>>
>>>>>>>>>
>>>>>>>>> On Sep 1, 2018, at 2:28 PM, Josh Sokol <josh.sokol at owasp.org>
>>>>>>>>> wrote:
>>>>>>>>>
>>>>>>>>> Dear OWASP Leaders,
>>>>>>>>>
>>>>>>>>> As per the OWASP Committees 2.0 Operational Model
>>>>>>>>> <https://www.owasp.org/index.php/Governance/OWASP_Committees>,
>>>>>>>>> approved by a vote of the OWASP Board of Directors on July 16, 2014, I
>>>>>>>>> would like to formally propose the creation of a new "OWASP Global Chapters
>>>>>>>>> Committee".
>>>>>>>>>
>>>>>>>>> My rationale for the creation of this new committee is that our
>>>>>>>>> community has made a number of observations about inadequacies in the ways
>>>>>>>>> our Chapters interact with the OWASP Foundation, it's Staff, and the
>>>>>>>>> Board.  This committee would serve as a new form of governance within the
>>>>>>>>> OWASP Foundation, cutting red tape and empowering our chapter leaders to
>>>>>>>>> better serve the mission of OWASP while still adhering to the OWASP Core
>>>>>>>>> Values of openness, innovation, being a global community, and integrity.
>>>>>>>>> We will focus on strengthening the OWASP Chapters through education,
>>>>>>>>> networking, and driving value to our members.
>>>>>>>>>
>>>>>>>>> Topics that are within scope for the OWASP Global Chapters
>>>>>>>>> Committee include, but are not limited to:
>>>>>>>>>
>>>>>>>>>    - *Leadership Requirements: *The committee will be responsible
>>>>>>>>>    for defining requirements for new chapter leaders and create a community
>>>>>>>>>    vetting process.
>>>>>>>>>    - *Activity Requirements: *The committee will be responsible
>>>>>>>>>    for defining the minimum activity requirements for chapters and will
>>>>>>>>>    periodically review chapters for meeting those minimum requirements.
>>>>>>>>>    - *Mentorship: *Programs will be created to pair new chapter
>>>>>>>>>    leaders together with more experienced ones.  Budgets will be established
>>>>>>>>>    in order to facilitate mentees attendance of mentor chapter meetings.
>>>>>>>>>    - *Projects Partnership Tours: *To emphasize the importance of
>>>>>>>>>    projects, a budget will be established for projects to hold regional tours
>>>>>>>>>    of chapters where they will speak and show off their projects.
>>>>>>>>>    - *Budgets: *The committee will be a resource for OWASP
>>>>>>>>>    policies and procedures when it comes to the budget process and ensuring
>>>>>>>>>    that it is being followed.  The committee will help identify opportunities
>>>>>>>>>    for chapter leaders to spend their money.
>>>>>>>>>    - *Policy: *The committee will review and revise the Chapter
>>>>>>>>>    Leader Handbook on a periodic basis.  They will assess gaps in existing
>>>>>>>>>    policies and help to create new policies or redefine existing policies to
>>>>>>>>>    address gaps.
>>>>>>>>>    - *Guidance: *The committee will serve to help guide other
>>>>>>>>>    leaders with any questions that they have.  They will assist with finding
>>>>>>>>>    speakers.  They will help to recommend topics for presentations.
>>>>>>>>>    - *Feedback: *The committee will survey chapter leadership on
>>>>>>>>>    pertinent topics and be a listening outlet for chapter needs.
>>>>>>>>>    - *Conflict Resolution: *The committee will serve as a
>>>>>>>>>    tribunal for conflicts among and between chapters.
>>>>>>>>>    - *Local and Regional Events: *The committee will help to
>>>>>>>>>    guide chapter leaders on how to start and run local and regional events.  A
>>>>>>>>>    "startup" budget will be formed from existing event revenues in order to
>>>>>>>>>    seed investment in more events, helping additional chapters to be able to
>>>>>>>>>    raise enough money to cover their expenses and innovate.
>>>>>>>>>    - *Board Guidance: *The committee will work with the Board on
>>>>>>>>>    any initiatives they have as they relate to chapter policies, governance,
>>>>>>>>>    budgets, or otherwise.
>>>>>>>>>
>>>>>>>>> This scoping was developed by myself and Tiffany Long in an effort
>>>>>>>>> to cover many of the issues our chapters face on a routine basis.  It is
>>>>>>>>> not a comprehensive list and I'd certainly welcome suggestions from others
>>>>>>>>> in our community.  Moreso, it is my hope that others will be interested in
>>>>>>>>> participating in and contributing to this committee.
>>>>>>>>>
>>>>>>>>> Per the Committee Creation section of the Committees 2.0
>>>>>>>>> Operational Model, this is now up for a community discussion with a Board
>>>>>>>>> vote to follow.  I hereby formally request that this be added as a topic
>>>>>>>>> for vote at the September 19th OWASP Board meeting.  Thank you.
>>>>>>>>>
>>>>>>>>> Sincerely,
>>>>>>>>>
>>>>>>>>> Josh Sokol
>>>>>>>>>
>>>>>>>>> OWASP Board Member 2014-2017
>>>>>>>>> OWASP Austin Chapter Leader
>>>>>>>>> OWASP LASCON Conference Co-Founder
>>>>>>>>> _______________________________________________
>>>>>>>>> OWASP-Leaders mailing list
>>>>>>>>> OWASP-Leaders at lists.owasp.org
>>>>>>>>> https://lists.owasp.org/mailman/listinfo/owasp-leaders
>>>>>>>>>
>>>>>>>>>
>>>>>>>>> _______________________________________________
>>>>>>>>> OWASP-Leaders mailing list
>>>>>>>>> OWASP-Leaders at lists.owasp.org
>>>>>>>>> https://lists.owasp.org/mailman/listinfo/owasp-leaders
>>>>>>>>>
>>>>>>>>
>>>>>>>>
>>>>>>>> --
>>>>>>>> -Travis
>>>>>>>> _______________________________________________
>>>>>>>> OWASP-Leaders mailing list
>>>>>>>> OWASP-Leaders at lists.owasp.org
>>>>>>>> https://lists.owasp.org/mailman/listinfo/owasp-leaders
>>>>>>>>
>>>>>>> _______________________________________________
>>>>>>> Owasp-chapters mailing list
>>>>>>> Owasp-chapters at lists.owasp.org
>>>>>>> https://lists.owasp.org/mailman/listinfo/owasp-chapters
>>>>>>>
>>>>>>
>>>>>
>>>>> --
>>>>> Kind regards,
>>>>> -martin
>>>>>
>>>>> Martin Knobloch
>>>>> _______________________
>>>>> OWASP Chairman of the BOD
>>>>> OWASP Netherlands Chapter Leader
>>>>>
>>>>> Email:   martin.knobloch at owasp.org
>>>>> Mobile: +31623226933
>>>>> Web:    https://www.owasp.org
>>>>>
>>>>> _______________________________________________
>>>>> Owasp-board mailing list
>>>>> Owasp-board at lists.owasp.org
>>>>> https://lists.owasp.org/mailman/listinfo/owasp-board
>>>>>
>>>>>
>>>>> _______________________________________________
>>>>> Owasp-board mailing list
>>>>> Owasp-board at lists.owasp.org
>>>>> https://lists.owasp.org/mailman/listinfo/owasp-board
>>>>>
>>>>>
>>>> _______________________________________________
>>>> OWASP-Leaders mailing list
>>>> OWASP-Leaders at lists.owasp.org
>>>> https://lists.owasp.org/mailman/listinfo/owasp-leaders
>>>>
>>> --
>>> *Zoe Braiterman*
>>> Chair, OWASP Women in AppSec (WIA) Committee - wia at owasp.org
>>> Vice Chair, OWASP NIST NSTIC IDESG (NNI) Initiative
>>> Learning Lead, OWASP Mentors Initiative & Learning Gateway Project
>>>
>>>
>>> _______________________________________________
>>> Owasp-chapters mailing list
>>> Owasp-chapters at lists.owasp.org
>>> https://lists.owasp.org/mailman/listinfo/owasp-chapters
>>>
>>
>>
>> --
>> *OWASP Foundation*
>> Karen Staley
>> Executive Director
>>
>> karen.staley at owasp.org <kelly.santalucia at owasp.org>
>> Direct: +1 240.446.2951
>>
>>
>> *Consider giving back, and supporting the open source community by
>> becoming a member <https://www.owasp.org/index.php/Membership> or making
>> a donation <https://www.owasp.org/index.php/Donate> today! *
>>
>> *Join us at AppSec USA 2018 <https://2018.appsecusa.org/> 8-12 October in
>> San Jose, CA!*
>>
>>
>>
>>
>> _______________________________________________
>> Owasp-chapters mailing list
>> Owasp-chapters at lists.owasp.org
>> https://lists.owasp.org/mailman/listinfo/owasp-chapters
>>
>>
>
> This message may contain confidential information - you should handle it
> accordingly.
> _______________________________________________
> Owasp-chapters mailing list
> Owasp-chapters at lists.owasp.org
> https://lists.owasp.org/mailman/listinfo/owasp-chapters
>
-- 

secmachine․net #wepowersecdev
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/owasp-leaders/attachments/20180910/98e315b2/attachment-0001.html>


More information about the OWASP-Leaders mailing list