[Owasp-summit-2013] (Why Summits are special) Re: Cancelation of the OWASP Summit 2013

Dinis Cruz dinis.cruz at owasp.org
Tue Apr 10 00:13:51 UTC 2012

Andrew my point on the Summit was just to say that it is harder to see the
real value of OWASP Summit when one was not there (sorry if I sounded to
hash, & of course you have a right to voice your opinions and concerns).

In a way, your comments are actually a good example of why it would be very
hard (if not impossible) for OWASP to allocate funds to its leaders

Yes, You (Andrew) did a lot of work and yes the Guides were a big part of
OWASP's history (and yes OWASP really sucks at following up and continuing
past work).

But, so did a LOT of other owasp leaders and today , OWASP is far to big
for any project, chapter or conference to claim the *"Hey I'm important
invest on me!!" *badge.

In a way, just opening up this discussion ('OWASP leaders should be paid')
creates a lot of bad energy, since there are far too many people who did a
HUGE amount for OWASP (in the past and today) who would want to be paid (if
that was an option).

In terms of why not a lot has happened at OWASP's projects, you are
absolutely right. In fact that is a critical problem that OWASP current
has, and needs to solve very quickly.

Btw, I don't think that OWASP is doing a good job at maximizing its
potential, in fact one of the reasons I left the OWASP board is because I
believe that the next version of OWASP will come from the bottom -> up
(versus from the top->down).

OWASP needs to re-invent itself, in fact it needs to adopt a GIT philosophy
of Clones, Forks and Merges (but that is a topic for another thread :)  )

Andrew, let's make sure we're sync up on this, I'm happy to call you to
talk about it (sometimes a chat is much more efficient that emails)

Dinis Cruz

On 10 April 2012 00:33, vanderaj vanderaj <vanderaj at owasp.org> wrote:

> Dinis,
> The OWASP Foundation was initially famous for the Developer Guide, and
> then now the OWASP Top 10. Once we get traction with folks in
> industry, these are the two projects that I consistently hear folks
> either knowing about, read or even having copies of these two.
> Very few other things the Foundation does provide any fame or traction at
> all.
> We need to broaden these horizons by having high quality, commercially
> useful things we should be famous for. We must look at other high
> performing foundations and see how they survive. Not funding or
> enabling what we are famous for is just stupid.
> To say that I have NO say because I couldn't convince my employer to
> give me the time off to send me to a junket in Portugal absolutely
> stinks. That's a terrible attitude for a global organization. More to
> the point, because I can't be involved in committees because of time
> zones (trust me, I tried!) means I have no say. This is a terrible
> outcome for a global organization.
> The worst part is that in the 15 months since the Summit, none of the
> things we said we'd do there have come to pass. That's a terrible
> waste on our investment. I'm sure many of you had a fabulous time, but
> that's not how the OWASP Guide got written, and it's not how the Top
> 10 got written, and it's not how ESAPI got written, and it's not how
> ASVS got written.
> I donated my 180 slide two day developer deck that I wrote between
> jobs whilst I moved countries to the OWASP Foundation. If the
> processes at OWASP worked, it would be finished now. The Education
> project is just one of the projects that needs help. But sending folks
> to a nice place doesn't help them get volunteers or finish projects. I
> gave up the leadership of the Guide in 2009, and in the intervening
> years, nothing happened. If the processes at OWASP worked, it would
> have identified that a) I hadn't done anything on the Guide since 2006
> and moved me on much earlier, but also identified that nothing is
> happening in any of our key projects. Something is broken here, and we
> need a way to short circuit here.
> To say point blank - no ifs or buts, that ship has sailed - that we
> can't spend money on the folks who actually create the Foundation, but
> we can spend money on a junket is a terrible outcome for the
> Foundation. Worse, it is utterly insulting and disrespectful of all
> the authors and developers who put in the hard yards here. The
> Foundation is our collective creature, and it's not for any one of us
> to say what it will and won't do. If it can't change, it will die.
> thanks,
> Andrew
> On Tue, Apr 10, 2012 at 8:47 AM, Dinis Cruz <dinis.cruz at owasp.org> wrote:
> > Andrew, the idea of OWASP paying its leaders to work on OWASP projects
> has
> > expired a couple years ago (at the last SoC actually).
> >

You received this message because you are subscribed to the Google Groups "OWASP Summit 2013" group.
To post to this group, send email to owasp-summit-2013 at owasp.org.
To unsubscribe from this group, send email to owasp-summit-2013+unsubscribe at owasp.org.
For more options, visit this group at http://groups.google.com/a/owasp.org/group/owasp-summit-2013/?hl=en.

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/owasp-summit-2013/attachments/20120410/4f8310fd/attachment.html>

More information about the Owasp-summit-2013 mailing list