[Owasp-summit-2013] (Why Summits are special) Re: Cancelation of the OWASP Summit 2013

vanderaj vanderaj vanderaj at owasp.org
Mon Apr 9 23:33:28 UTC 2012


The OWASP Foundation was initially famous for the Developer Guide, and
then now the OWASP Top 10. Once we get traction with folks in
industry, these are the two projects that I consistently hear folks
either knowing about, read or even having copies of these two.

Very few other things the Foundation does provide any fame or traction at all.

We need to broaden these horizons by having high quality, commercially
useful things we should be famous for. We must look at other high
performing foundations and see how they survive. Not funding or
enabling what we are famous for is just stupid.

To say that I have NO say because I couldn't convince my employer to
give me the time off to send me to a junket in Portugal absolutely
stinks. That's a terrible attitude for a global organization. More to
the point, because I can't be involved in committees because of time
zones (trust me, I tried!) means I have no say. This is a terrible
outcome for a global organization.

The worst part is that in the 15 months since the Summit, none of the
things we said we'd do there have come to pass. That's a terrible
waste on our investment. I'm sure many of you had a fabulous time, but
that's not how the OWASP Guide got written, and it's not how the Top
10 got written, and it's not how ESAPI got written, and it's not how
ASVS got written.

I donated my 180 slide two day developer deck that I wrote between
jobs whilst I moved countries to the OWASP Foundation. If the
processes at OWASP worked, it would be finished now. The Education
project is just one of the projects that needs help. But sending folks
to a nice place doesn't help them get volunteers or finish projects. I
gave up the leadership of the Guide in 2009, and in the intervening
years, nothing happened. If the processes at OWASP worked, it would
have identified that a) I hadn't done anything on the Guide since 2006
and moved me on much earlier, but also identified that nothing is
happening in any of our key projects. Something is broken here, and we
need a way to short circuit here.

To say point blank - no ifs or buts, that ship has sailed - that we
can't spend money on the folks who actually create the Foundation, but
we can spend money on a junket is a terrible outcome for the
Foundation. Worse, it is utterly insulting and disrespectful of all
the authors and developers who put in the hard yards here. The
Foundation is our collective creature, and it's not for any one of us
to say what it will and won't do. If it can't change, it will die.


On Tue, Apr 10, 2012 at 8:47 AM, Dinis Cruz <dinis.cruz at owasp.org> wrote:
> Andrew, the idea of OWASP paying its leaders to work on OWASP projects has
> expired a couple years ago (at the last SoC actually).

You received this message because you are subscribed to the Google Groups "OWASP Summit 2013" group.
To post to this group, send email to owasp-summit-2013 at owasp.org.
To unsubscribe from this group, send email to owasp-summit-2013+unsubscribe at owasp.org.
For more options, visit this group at http://groups.google.com/a/owasp.org/group/owasp-summit-2013/?hl=en.

More information about the Owasp-summit-2013 mailing list