[Owasp_project_leader_list] OWASP Project Manager Report: March 28, 2014

Dinis Cruz dinis.cruz at owasp.org
Sat Mar 29 12:15:37 UTC 2014


Jim , I think you are reading too much into the word 'value' specially
since it is not at all implying that that form is measuring quality

But its good feedback and its probably better to rename the form ;)

I also don't see a prob with using OpenSAMM in that form. Its 'a' metric
and at this stage what the we really need is good information about the
status, usability and 'value to the user' of all/most of our projects
(measuring Quality comes much later)

Samantha, please take all these (and other) comments with a pinch-of-salt
(or glass of wine). After all, the good news is that finally there is some
energy around OWASP projects (and the hard battles/discussions have not
even started :) )

Like we like to say in England: 'Keep Calm and Carry On'

BTW, for the record, I think Samantha is doing a fantastic job, and my only
regret is that I don't have more time to help her.

Dinis
On 29 Mar 2014 11:44, "psiinon" <psiinon at gmail.com> wrote:

> Seconded.
>
> OpenSAMM is a great way to categorize projects, its not suitable for
> evaluating project quality.
> I've had similar feedback from people I've asked to evaluate ZAP using it.
> Were there specific reasons why we stopped using the old form?
> From memory it seamed fairly suitable.
> I'm happy to give feedback on it or any other criteria that is proposed
> for this purpose - I've got a fair amount of experience evaluating tools
> and libraries :)
>
> Cheers,
>
> Simon
>
>
> On Sat, Mar 29, 2014 at 10:45 AM, Jim Manico <jim.manico at owasp.org> wrote:
>
>>  Samantha,
>>
>> I am not on the board of technical directors because it is a deep
>> conflict of interest since I manage so many OWASP technical projects. I
>> invest tons of energy and time as an OWASP volunteer in many other ways. I
>> have provided *criteria* for technical project evaluations on several
>> occasions throughout the years as well. Technical evaluation is just one
>> criteria of quality, and yes I've reviewed all the links you shared and
>> think you are mostly on the right track with your evaluation teams.
>>
>> Samantha, evaluating the quality of a OWASP project using OpenSAMM, a
>> Software Development Lifecycle Evaluation criteria, seems so far from the
>> mission of evaluating projects for quality, I felt I needed to step up and
>> speak out so we stop this practice immediately and move to a quality based
>> evaluation.
>>
>> The *measurement* of projects for quality is, per my understanding, the
>> main reason we hired you. You have done a great job of building teams to
>> work on this, but I implore you to condense the evaluation form into one
>> form for each type of project, and minimize the OpenSAMM questions. I am
>> loud about this because I see the evaluations underway already and we need
>> to streamline this process into something that is scalable and effective.
>>
>> I realize you are managing 177 projects *and more*. We may want to change
>> your focus from traveling to conferences (since we hired Laura Grau to
>> manage conferences) so you can focus more on your project management
>> duties. This is of course Sarah's call.
>>
>> I have no problem with your critique of my personality, that's fine. But
>> that does not change the fact that we desperately need proper quality
>> evaluation of projects and I implore you to heed my advice. I see in your
>> report that you are about to undertake a review of all flagships, that is
>> another reason why I am loudly suggesting you change course and stop using
>> the OpenSAMM criteria.
>>
>> - Jim
>>
>>
>>
>>
>>
>>
>>  Jim,
>>
>>  I am sorry to disappoint you, but no you were not the only leader to
>> throw a tantrum on the staff this week. You certainly were one of them, but
>> not the only one. I deal with over 100 leaders in any given day so to
>> assume that my reports are only about your actions is very inaccurate.
>>
>>  Now, I appreciate your concerns, and if you would take the time to read
>> about the very hard work our community members have accomplished (mainly
>> our technical project advisors<http://owasp.blogspot.com/2013/09/meet-our-new-technical-project-advisors.html> who
>> are very "Technical") that were brought together after you refused to help
>> me put this assessment criteria together after yet another tantrum of
>> yours, you would know the hard work that went into creating this
>> system/criteria. I recommend familiarizing yourself with the process before
>> making very inaccurate assumptions about what is actually happening.
>>
>>  What the advisors did at the summit<https://www.owasp.org/images/c/c3/OWASP_2013_PROJECT_SUMMIT_REPORT.pdf>:
>> pg. 25
>>
>>  Definition of assessments/reviews: Chapter 7<https://www.owasp.org/images/d/d8/PROJECT_LEADER-HANDBOOK_2014.pdf>
>>
>>  Jim, I love and respect you as a person, but this behavior is very
>> detrimental to our community and serves no purpose other than to alienate
>> very hard working volunteers that are taking on a task that has not been
>> able to be managed in a very long time (even before my time here) due to
>> the large amount of projects we have in our inventory and the lack of
>> resources we have as an organization. You, as one of our Board of
>> Directors, should know this better than anyone in our community. If you
>> have a better way of managing this, then by all means recommend it. Just
>> remember, I am not managing 5 projects, I am managing 177 and our system
>> must accommodate them all.
>>
>>  I implore you to take a step back, and think about what your actions
>> are actually accomplishing.
>>
>>  With respect,
>>
>>  Samantha
>>
>>
>>
>>
>>
>> On Fri, Mar 28, 2014 at 11:43 PM, Jim Manico <jim.manico at owasp.org>wrote:
>>
>>>  Samantha,
>>>
>>> In this report you say:
>>>
>>> "My suggestion to those that are so very quick to criticizes the hard
>>> work of others is to please familiarize yourself with the actual efforts
>>> that have gone into these endeavors. If you see an issue with something
>>> that we have done, please let us know, and I welcome you to pitch in and
>>> help out. Many of our processes and procedures are dependent on volunteer
>>> contributions, and if we have no support in these areas, then there isn't
>>> much we can do on the operations side as the resources we require are
>>> simply not available."
>>>
>>> That was most certainly me. I have been concerned that the various code
>>> projects at the flagship level are not deserving of that status. I have
>>> also requested that several projects I assist or manage be evaluated and
>>> it's been 6+ months with no activity on that front - or better put, as a
>>> project manager of 3 OWASP projects that I've requested evaluation for, no
>>> one has contacted me as a project manager about the status of those
>>> reviews, so I imagine other project managers in this situation have gotten
>>> the same.
>>>
>>> What made me flip from "patience on this" to "alerting the board and
>>> Sarah that I am very concerned about what is going on" is that finally when
>>> you asked me to distribute a form to help folks evaluate Dependency Check,
>>> it was nonsensical. It was a list of OpenSAMM categorizes that should be
>>> used to evaluate a companies SDLC; categories that really have nothing to
>>> do with OWASP project quality evaluation. It makes me ask, what is going
>>> on? And I'm very upset that this form is being using the evaluate other
>>> projects, it a step in the wrong direction. I'd like to see this fixed
>>> really soon.
>>>
>>> Thank you.
>>> - Jim
>>>
>>>
>>>
>>> On 3/29/14, 8:53 AM, Samantha Groves wrote:
>>>
>>>  Hello Leaders,
>>>
>>> Below is the link to my weekly projects report. Please reach out to me
>>> if you have any questions about any of the items in the report, and I will
>>> do my best to answer them.
>>>
>>> Projects Weekly Report: March 28, 2014<https://www.owasp.org/index.php/Projects/Reports/2014-28-03>
>>>
>>> Have a great weekend.
>>>
>>> Thank you, Leaders.
>>>
>>> Samantha
>>>
>>>  --
>>>
>>> *Samantha Groves, MBA*
>>>
>>> *OWASP Projects Manager*
>>>
>>>
>>>  The OWASP Foundation
>>>
>>> Phoenix, USA
>>>
>>> Email: samantha.groves at owasp.org
>>>
>>> Skype: samanthahz
>>>
>>>
>>>  OWASP Global Projects<https://www.owasp.org/index.php/Category:OWASP_Project>
>>>
>>> Book a Meeting with Me <http://goo.gl/mZXdZ>
>>>
>>> OWASP Contact US Form <http://owasp4.owasp.org/contactus.html>
>>>
>>> New Project Application Form <http://www.tfaforms.com/263506>
>>>
>>>
>>>
>>>
>>>
>>>  _______________________________________________
>>> Owasp_project_leader_list mailing listOwasp_project_leader_list at lists.owasp.orghttps://lists.owasp.org/mailman/listinfo/owasp_project_leader_list
>>>
>>>
>>>
>>
>>
>>  --
>>
>> *Samantha Groves, MBA*
>>
>> *OWASP Projects Manager*
>>
>>
>>  The OWASP Foundation
>>
>> Phoenix, USA
>>
>> Email: samantha.groves at owasp.org
>>
>> Skype: samanthahz
>>
>>
>>  OWASP Global Projects<https://www.owasp.org/index.php/Category:OWASP_Project>
>>
>> Book a Meeting with Me <http://goo.gl/mZXdZ>
>>
>> OWASP Contact US Form <http://owasp4.owasp.org/contactus.html>
>>
>> New Project Application Form <http://www.tfaforms.com/263506>
>>
>>
>>
>>
>>
>> _______________________________________________
>> Owasp_project_leader_list mailing list
>> Owasp_project_leader_list at lists.owasp.org
>> https://lists.owasp.org/mailman/listinfo/owasp_project_leader_list
>>
>>
>
>
> --
> OWASP ZAP <https://www.owasp.org/index.php/ZAP> Project leader
>
> _______________________________________________
> Owasp_project_leader_list mailing list
> Owasp_project_leader_list at lists.owasp.org
> https://lists.owasp.org/mailman/listinfo/owasp_project_leader_list
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/owasp_project_leader_list/attachments/20140329/5a2f7ae8/attachment-0001.html>


More information about the Owasp_project_leader_list mailing list