[Owasp-topten] Please welcome Neil Smithline and Torsten Gigler as co-leads

Andrew van der Stock vanderaj at owasp.org
Thu Jun 22 06:42:26 UTC 2017

Hi folks

Realizing that I've just changed countries, I decided to reach out to two
longtime OWASP Top 10 contributors to be co-leads with me. Please welcome
Neil and Torsten!

In addition, I've asked for any long time contributors who help the project
consistently to be made a contributor on GitHub. So if you provide a lot of
edits or so on, happy to have a more open construction of the project out
in the open. To that end, I have nearly completed a full text conversion of
the current draft that can be built into an okay looking draft. The good
thing is that we can still transpose the final agreed text to the PPTX
format once all the feedback has been worked on.

Torsten and Neil and I want to run a weekly call in the lead up to the
release, so we can work on a few tasks each week, and hopefully this will
translate out into small but steady improvements all the time with full
traceability and visibility. This will help eliminate those who worry about
the development process.

Opening the leadership up is for a few reasons, but primarily to help
spread the load, ensure I am not a road block, get better decisions made by
consensus instead of fiat, and to eliminate or at least reduce any issues
about my new company affiliation, which I think is a good thing.

We had many different outcomes from the OWASP Summit, and this is one of
them aimed to improve independence, which has two aspects:

   - Independence in appearance, where co-leads have no appearance of a
   conflict of interest, such as being in related companies or good friends
   behind the scenes
   - Independance in actuality, where co-leads have no financial or family
   ties to each other in fact

If I'd made one of my good OWASP friends a co-lead, I don't think it would
have advanced the independence goal, or if I had stacked the project with
others from my new company. We don't want that.

As the Board and staff can't make a rule for just the OWASP Top 10 and not
for other projects, I've started the process of getting a Board motion
going to ensure all Flagship projects have multiple co-leads. Hopefully,
this will help all the other Flagship projects too, and help introduce new
blood into project leadership.

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/owasp-topten/attachments/20170621/815f8fd7/attachment.html>

More information about the Owasp-topten mailing list