[Owasp-leaders] [balint:7407] Re: [OWASP-chapters] Proposal for OWASP Global Chapters Committee

Matt Tesauro matt.tesauro at owasp.org
Fri Sep 14 00:43:54 UTC 2018


Ramiro,

> I just want to support OWASP in my country, as well as all of you!


Great! That's all anyone could ask for.  Staff is trying to do the same -
just for the world ;-)

About a time line for the chapters review/audit - I can speak generally
about that and get exactly where Dawn is at from her tomorrow.

Like I said in a different reply - US and EU are done - that's ~56% of all
chapters.  Latin America is the current region with APAC, the Middle East,
Africa, Canada and the Caribbean to go.  She's doing the largest ones first
so as this continues, the regions should take less and less time.  We
wanted to have them done well before December but, to be honest, Laura's
departure has shifted her work to the rest of the staff and slowed things
down.

At the very worst, once AppSec US is over, there's not a lot of major/large
things going on so it will be 'slower' and with less distractions and she
can focus on the audit/review with fewer things competing for her time.  I
would think if things don't go well, we'll have all the chapters done by
Christmas.

I just ask for a bit of patience.  If you get frustrated, feel the need to
raise an issue, or think the staff has made a mistake, please email me
directly to discuss it.  I'd much prefer you reach out to me to discuss
things early and avoid any building frustrations.

Cheers!

Hope that helps!

--
-- Matt Tesauro
*OWASP Foundation*
Director of Community and Operations
matt.tesauro at owasp.org

Consider giving back, and supporting the open source community by becoming
a member <https://www.owasp.org/index.php/Membership> or making a donation
<https://www.owasp.org/index.php/Donate> today!


Join us at AppSec USA 2018 <https://2018.appsecusa.org/> 8-12 October in
San Jose, CA!




On Thu, Sep 13, 2018 at 6:04 PM Ramiro Pulgar <ramiro.pulgar at owasp.org>
wrote:

> Matt,
>
>
>
> I am always be a gentlemen. I apologize if you and Dawn feel that my words
> (by email) were innapropiate.
>
>
>
> I just try to express my dissatisfaction, as many of us feel in several
> Latin American countries, because the very slow answers. BUT, I think that
> if your answer is that OWASP is auditing and *give exact dates* of the
> end of the audit to continue with the work done for years, it is different.
>
>
>
> I just want to support OWASP in my country, as well as all of you!
>
>
>
> Best Regards,
>
> Ramiro Pulgar
> OWASP Ecuador Chapter Leader
>
> Linkedin: http://www.linkedin.com/in/ramiropulgar
> Skype/Twitter: milovisho
> Whatsapp: +593 99 275 1705
>
> [image: https://www.owasp.org/images/a/a0/Owasp-logo-250.png]
>
>
> PublicKeyID: 0x0BAA7B2D http://pool.sks-keyservers.net |
> http://keyserver.pgp.com
> Fingerprint: 4096R/0BAA7B2D 4C7E 5264 F07A CFFA 3987 18CF DBD6 C750 0BAA
> 7B2D
>
>
> URL Site: http://www.owasp.org/index.php?title=Ecuador
> Mailing List: http://lists.owasp.org/listinfo/owasp-ecuador
> Twitter: @owaspec <https://twitter.com/owaspec>
>
>
> Disclaimer: The information contained in this e-mail is confidential and
> intended only for the use of the person or company to which it is
> addressed. This information is considered provisional and referential; it
> can not be totally or partially distributed nor copied by any media without
> the authorization from the sender. The sender does not assume
> responsibility about this information, opinions or criteria contented in
> this e-mail.
>
>
>
>
>
> *From:* Matt Tesauro <matt.tesauro at owasp.org>
> *Sent:* jueves, 13 de septiembre de 2018 17:06
> *To:* ramiro.pulgar at owasp.org
> *Cc:* OWASP Foundation Board List <owasp-board at lists.owasp.org>;
> owasp-chapters at lists.owasp.org; OWASP Leaders <
> owasp-leaders at lists.owasp.org>
> *Subject:* Re: [Owasp-leaders] [balint:7407] Re: [OWASP-chapters]
> Proposal for OWASP Global Chapters Committee
>
>
>
> Ramiro,
>
>
>
> To be frank, your post is completely inappropriate and violates at least
> this item in OWASP's code of ethics
> <https://www.owasp.org/index.php/About_The_Open_Web_Application_Security_Project#Code_of_Ethics>
> :
>
> · Not intentionally injure or impugn the professional reputation of
> practice of colleagues, clients, or employers;
>
>
>
> I will not tolerate posts of this nature to anyone in the OWASP community
> - *and staff is part of the community*.  I expect to see your future
> posts to the leaders list be civil and constructive.
>
>
>
> To answer your unfortunately worded post:  It would appear you didn't
> understand her reply.  Let me rephrase it so that you may better understand
> what Dawn is currently working on with my full knowledge and approval:
>
>
>
> We are going through the inventory of chapters and cleaning
> up/de-activating chapters which do not meet the minimal requirements per
> the chapter handbook - principally having fewer then 4 meetings per year.
>
>
>
> While she is doing this work, we are not accepting new chapters in the
> regions that haven't been audited.  So far, she's completed the US and EU -
> the geographical regions with the most chapters.
>
>
>
> Her email simply stated that she's currently working on aka _auditing_ the
> Latin America region and not opening any chapters until the audit of that
> region is complete.
>
>
>
> Obviously she knows that Ecuador is in Latin America since the fact that
> she's auditing that region is an issue with handling your request.
>
>
>
> If you'd like me to further explain the reasons for conducting the
> audit/review of existing chapters, I'd be happy to discuss it further
> assuming you can be civil and abide by the OWASP Code of Ethics.
>
>
>
> Cheers!
>
>
> --
> -- Matt Tesauro
>
> *OWASP Foundation*
>
> Director of Community and Operations
>
> matt.tesauro at owasp.org
>
> Consider giving back, and supporting the open source community by becoming
> a member <https://www.owasp.org/index.php/Membership> or making a donation
> <https://www.owasp.org/index.php/Donate> today!
>
> Join us at AppSec USA 2018 <https://2018.appsecusa.org/> 8-12 October in
> San Jose, CA!
>
>
>
> On Thu, Sep 13, 2018 at 3:33 PM <ramiro.pulgar at owasp.org> wrote:
>
> Hi all,
>
>
>
> Dawn doesn’t know where countries are.
>
>
>
> I asked her since January that I want to restart Ecuador chapter, and she
> sent me an email that she is working first on Latinamerica and then she
> will solve my request…. Ecuador is in Latinamerica!!!!!!!!!!
>
>
>
> “Dear Ramiro:
>
> Thank you for reaching out, we are currently working on the Latin America
> region and once that is completed we will reach out to the community.
>
> Thank you.
>
> Dawn Aitken
>
> Community Manager
>
> (973) 658-6186”
>
>
>
> I think that Dawn doesn´t have interest to attend our requests.
>
>
>
> Please, I recommend that a Community Manager have to be a OWASP leader or
> a Community lover that shares our interests.
>
>
>
> Saludos Cordiales,
>
> Ramiro Pulgar
> OWASP Ecuador Chapter Leader
>
> Linkedin: http://www.linkedin.com/in/ramiropulgar
> Whatsapp: +593 99 275 1705
>
> [image: https://www.owasp.org/images/a/a0/Owasp-logo-250.png]
>
>
> PublicKeyID: 0x0BAA7B2D http://pool.sks-keyservers.net |
> http://keyserver.pgp.com
> Fingerprint: 4096R/0BAA7B2D 4C7E 5264 F07A CFFA 3987 18CF DBD6 C750 0BAA
> 7B2D
>
>
> URL Site: http://www.owasp.org/index.php?title=Ecuador
> Mailing List: http://lists.owasp.org/listinfo/owasp-ecuador
> Twitter: @owaspec <https://twitter.com/owaspec>
>
>
> Disclaimer: The information contained in this e-mail is confidential and
> intended only for the use of the person or company to which it is
> addressed. This information is considered provisional and referential; it
> can not be totally or partially distributed nor copied by any media without
> the authorization from the sender. The sender does not assume
> responsibility about this information, opinions or criteria contented in
> this e-mail.
>
>
>
>
>
> *From:* owasp-leaders-bounces+ramiro.pulgar=owasp.org at lists.owasp.org
> <owasp-leaders-bounces+ramiro.pulgar=owasp.org at lists.owasp.org> *On
> Behalf Of *Timur 'x' Khrotko [owasp]
> *Sent:* Thursday, September 13, 2018 1:25 PM
> *To:* Ofer Maor <ofer.maor at owasp.org>
> *Cc:* Tom Brennan <Tom.Brennan at owasp.org>; OWASP Board List <
> owasp-board at lists.owasp.org>; owasp-chapters at lists.owasp.org;
> owasp-leaders <owasp-leaders at lists.owasp.org>
> *Subject:* Re: [Owasp-leaders] [balint:7407] Re: [OWASP-chapters]
> Proposal for OWASP Global Chapters Committee
>
>
>
> Ofer, while there maybe an issue that there are some cases of people
> parazitizing on the owasp goodwill. But how high is this issue on the list
> of the current owasp issues? I hear voices that owasp/foundation is/are in
> crises, and there are high priority/critical issues to deal with.
>
> On the other hand what does foundation do in addressing the problem you
> mentioned? My experience is that Dawn did shut down the Hungary chapter
> around christmas wo any prior notice. The notice came from wiki that our
> page was deactivated. Formally they didn't see recent meetups on the wiki
> page. Practically they didn't click on the meetup.com link there to see
> the meetup activity. And it was only Tiffany who apologized for that.
>
> Now i had a formal letter from Dawn that our chapter will be shut down as
> we didn't do any meetups this year (true). Maybe she could ask first how
> may the foundation help us in doing meetups?!
>
> So my observation is that besides many great things )) the foundation also
> makes nonsense repressive moves, sends nonsense long replies, and they send
> some of our requests to dev/null.
>
> Respect,
> Timur
>
>
>
> On Thu, 13 Sep 2018 at 15:32, Ofer Maor <ofer.maor at owasp.org> wrote:
>
> Hey Tony,
>
> There have been some issues where chapters were created, a lot of work was
> done, funds were drawn, but no actual progress was made. I don't think I
> can tell what were the reasons behind each such incident. I am pretty sure
> in some cases it is just poor execution, but at the same time it feels as
> if there are cases were people are more after the "title" on their LinkedIn
> page than about driving the community. In any case - even if its all good
> intent but with no actual followup, this creates a burden on the Foundation
> staff, without helping the cause. Therefore there is room for a
> "meritocracy" type of structure - where you first do something, and only
> then get others to carry some of the weight. When I became the chapter
> leader of #Israel a decade ago or so, I didn't even rely on the Foundation
> for funds - we did originally everything by getting each sponsor to pay for
> something, only later we've went to the foundation to manage funds and
> sponsorships. Those were different times, and the Foundation today can
> provide more support than back then, but I'd still like to see the
> community driving this thing forward first, and rely on the foundation for
> support, than the other way around.
>
>
>
> Anyway - just my .02...
>
>
>
> Ofer.
>
>
>
>
>
> On Thu, Sep 13, 2018 at 1:55 PM, Tony Turner <tony.turner at owasp.org>
> wrote:
>
> Ofer, is that really a problem that needs to be solved? Bogus chapters I
> mean. I hadn’t heard that was an issue. I’m not sure I’m crazy about that
> much governance around forming chapters. We need to make it easy, not
> create restrictions around the process.
>
> Tony Turner | OWASP Orlando Chapter Lead
>
>
> On Sep 12, 2018, at 2:30 PM, Ofer Maor <ofer.maor at owasp.org> wrote:
>
> Hey All,
>
> Jumping in a little late into this discussion (but having read through
> most of it....) - a few of my thoughts:
>
> Yes, OWASP was easier to manage in the "good old days" when we were
> smaller, more idealistic, and less commercial. But that type of
> reminiscence will not get us anywhere today. OWASP Has grown, considerably,
> and as any other organization, as it grows, and more money gets involved,
> there are more and more pressures on it, and this means we need the right
> structure to support that, finding the way to keep the community spirit and
> vendor neutrality, while managing pressures - both financially and
> "politically". I am all in favor for Josh's call for Committee. I know the
> previous committees have "derailed" into insufficient progress, but I think
> they had their good times too, and I think there's room to bring them back
> to life.
>
> Moreover, pulling from some of the discussion we had on the slack channel,
> I think as the organization grows, and as the "value" of being a "Chapter
> Leader" is growing (people want that on their resume now....), we need to
> find a better way to vet new chapters. One of my suggestions (which of
> course needs more hashing out from its initial thought) is to create a
> tiered, merit based approach, where people will have some framework to
> create a "chapter candidate" - which requires them to put in effort and
> deliver results (i.e. create meetings with enough attendance etc), but
> without giving them too much credit upfront, and without invoking the
> "heavy" operational side. These chapter-candidates will not have a budget,
> they can not have members allocate it to them, nor will they get any
> financial support. They will only get some basic rights to use the name and
> logo of OWASP for the meetup. Once they have passed through certain barrier
> requirements (to be defined by the chapters committee and approved by the
> board if needed), they will be able to become a chapter.
>
>
>
> This will provide individuals, from one hand, an easier way to start-up a
> local OWASP activity without going through the entire process, but will
> also limit the load on the foundation staff, and also make it harder for
> people to abuse the system for their personal gain (free conference
> admission, bogus titles, etc.).
>
> Bottom line - I'm all for it.
>
> Ofer.
>
>
>
>
>
> On Sun, Sep 2, 2018 at 12:28 AM, Josh Sokol <josh.sokol at owasp.org> wrote:
>
> Dear OWASP Leaders,
>
>
>
> As per the OWASP Committees 2.0 Operational Model
> <https://www.owasp.org/index.php/Governance/OWASP_Committees>, approved
> by a vote of the OWASP Board of Directors on July 16, 2014, I would like to
> formally propose the creation of a new "OWASP Global Chapters Committee".
>
>
>
> My rationale for the creation of this new committee is that our community
> has made a number of observations about inadequacies in the ways our
> Chapters interact with the OWASP Foundation, it's Staff, and the Board.
> This committee would serve as a new form of governance within the OWASP
> Foundation, cutting red tape and empowering our chapter leaders to better
> serve the mission of OWASP while still adhering to the OWASP Core Values of
> openness, innovation, being a global community, and integrity.  We will
> focus on strengthening the OWASP Chapters through education, networking,
> and driving value to our members.
>
>
>
> Topics that are within scope for the OWASP Global Chapters Committee
> include, but are not limited to:
>
>    - *Leadership Requirements: *The committee will be responsible for
>    defining requirements for new chapter leaders and create a community
>    vetting process.
>    - *Activity Requirements: *The committee will be responsible for
>    defining the minimum activity requirements for chapters and will
>    periodically review chapters for meeting those minimum requirements.
>    - *Mentorship: *Programs will be created to pair new chapter leaders
>    together with more experienced ones.  Budgets will be established in order
>    to facilitate mentees attendance of mentor chapter meetings.
>    - *Projects Partnership Tours: *To emphasize the importance of
>    projects, a budget will be established for projects to hold regional tours
>    of chapters where they will speak and show off their projects.
>    - *Budgets: *The committee will be a resource for OWASP policies and
>    procedures when it comes to the budget process and ensuring that it is
>    being followed.  The committee will help identify opportunities for chapter
>    leaders to spend their money.
>    - *Policy: *The committee will review and revise the Chapter Leader
>    Handbook on a periodic basis.  They will assess gaps in existing policies
>    and help to create new policies or redefine existing policies to address
>    gaps.
>    - *Guidance: *The committee will serve to help guide other leaders
>    with any questions that they have.  They will assist with finding
>    speakers.  They will help to recommend topics for presentations.
>    - *Feedback: *The committee will survey chapter leadership on
>    pertinent topics and be a listening outlet for chapter needs.
>    - *Conflict Resolution: *The committee will serve as a tribunal for
>    conflicts among and between chapters.
>    - *Local and Regional Events: *The committee will help to guide
>    chapter leaders on how to start and run local and regional events.  A
>    "startup" budget will be formed from existing event revenues in order to
>    seed investment in more events, helping additional chapters to be able to
>    raise enough money to cover their expenses and innovate.
>    - *Board Guidance: *The committee will work with the Board on any
>    initiatives they have as they relate to chapter policies, governance,
>    budgets, or otherwise.
>
> This scoping was developed by myself and Tiffany Long in an effort to
> cover many of the issues our chapters face on a routine basis.  It is not a
> comprehensive list and I'd certainly welcome suggestions from others in our
> community.  Moreso, it is my hope that others will be interested in
> participating in and contributing to this committee.
>
>
>
> Per the Committee Creation section of the Committees 2.0 Operational
> Model, this is now up for a community discussion with a Board vote to
> follow.  I hereby formally request that this be added as a topic for vote
> at the September 19th OWASP Board meeting.  Thank you.
>
>
>
> Sincerely,
>
>
>
> Josh Sokol
>
>
>
> OWASP Board Member 2014-2017
>
> OWASP Austin Chapter Leader
>
> OWASP LASCON Conference Co-Founder
>
>
> _______________________________________________
> OWASP-Leaders mailing list
> OWASP-Leaders at lists.owasp.org
> https://lists.owasp.org/mailman/listinfo/owasp-leaders
>
>
>
> _______________________________________________
> Owasp-chapters mailing list
> Owasp-chapters at lists.owasp.org
> https://lists.owasp.org/mailman/listinfo/owasp-chapters
>
>
>
>
>
> This message may contain confidential information - you should handle it
> accordingly.
>
> _______________________________________________
> OWASP-Leaders mailing list
> OWASP-Leaders at lists.owasp.org
> https://lists.owasp.org/mailman/listinfo/owasp-leaders
>
> --
>
>
>
> secmachine․net #wepowersecdev
>
> _______________________________________________
> OWASP-Leaders mailing list
> OWASP-Leaders at lists.owasp.org
> https://lists.owasp.org/mailman/listinfo/owasp-leaders
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/owasp-leaders/attachments/20180913/04788141/attachment-0001.html>


More information about the OWASP-Leaders mailing list