[Owasp_project_leader_list] [Owasp-board] [Owasp-leaders] OWASP Project Manager Report: March 28, 2014

Jim McCallson jmccallson at gmail.com
Mon Mar 31 17:53:02 UTC 2014


Dennis,

I have to agree with you about this this being all voluntary. I usually
dont say much but I too get tired of people at OWASP having to defend the
way it is run. I am glad that OWASP is run the way it is and I agree about
"if you dont like something try to make it better" but complaining does
nothing for anyone not even the person complaining. I to see things I dont
like about different parts of softwares and I try to figure out how to make
it better (if I can). Anyway I dont want to rant, but thanks again Dennis
for saying what you did.

JIM



On Mon, Mar 31, 2014 at 9:23 AM, Dennis Groves <dennis.groves at owasp.org>wrote:

> Since the beginning of OWASP things get done by volunteer. That is how it
> works.
> The staff works hard to facilitate and support the volunteer efforts. That
> is they were hired to do.
>
> All this complaining is not useful nor productive. It is destructive. This
> is not how we create an open environment it is how you create a closed one
> where everybody is afraid to participate because the wolves will come in
> and complain - it is not the OWASP way.
>
> This is not life and death, there is not any urgency at all. It is dead
> simple.
>
> If the volunteers don't like what the volunteers built, then rebuild it!
> That is how stuff gets done.
>
> If you have all this energy to complain; then make OWASP better!
> Get involved and do something constructive you obviously have the time and
> energy.
>
>
> Regards,
>
> Dennis
>
>
>
> On Mon, Mar 31, 2014 at 6:49 AM, Samantha Groves <
> samantha.groves at owasp.org> wrote:
>
>> Thank you, Johanna.
>>
>> Yes, I began to start sending out the surveys late January and was
>> attempting to get them filled out for our projects until Friday. However,
>> it does seem that a major draw back of what was created is that the survey
>> is too complex.
>>
>> Johanna is correct when she states that towards the end, the advisors
>> began letting me know that they could no longer participate due to work
>> commitments. That is understandable and since they were brought on to
>> create the criteria itself, and that was created, it was understandable. As
>> with all volunteer initiatives, participants drop off on a regular basis
>> and new ones come on. We are at a stage, as Leaders have voiced their
>> concerns, where we might need to re-evaluate the advisory group, which is
>> fair. It might not be the best method of incentivization for the type of
>> output that is needed.
>>
>>
>> On Mon, Mar 31, 2014 at 3:07 AM, johanna curiel curiel <
>> johanna.curiel at owasp.org> wrote:
>>
>>> Eoin,
>>>
>>> For clarifications, from my point of view and activities as Project
>>> Technical Advisor:
>>>
>>>    - Last year November we created the final criteria to  analyze the
>>>    actual situation of the Projects.
>>>    - In order to do proper reviews, It was clear that we need an input
>>>    mechanism for the community
>>>    - January this year Samantha created Surveys(in google forms) using
>>>    OpenSAMM  to gather input from the community
>>>
>>> When this was proposed, this was my email , dating from 2nd January 2013
>>> "Ok, coming back to the survey, I think it's too complex for the average
>>> person. In order to be able to fill the survey, the person needs to
>>> understand clearly the concepts . I think this survey is fine among
>>> professionals working on the  compliance sector but not the general public
>>> or user that has tested an Owasp tool or code project."
>>>
>>> And this is were we are right now, so we need  a proper mechanism to
>>> gather input from the community for the projects reviews
>>>
>>> The only persons from the board actively participating in meetings and
>>> reacting were Chuck Cooper and me.
>>>
>>> Attached file is my work done last year gathering info about all
>>> incubator projects and their status. It is clear for me that some are
>>> definitely not incubators anymore and many should not even be on the list
>>> anymore.
>>>
>>> We should move forward on promoting these projects to higher status or
>>> out of the list. For me this whole process is becoming way to bureaucratic.
>>>
>>> I like to think in solutions. IMHO we just need simple surveys , asking
>>> users and contributors their opinions about the main areas we use in the
>>> Project assessment criteria.
>>>
>>> regards
>>>
>>> Johanna
>>>  Incubator projects -last updates<https://docs.google.com/a/owasp.org/spreadsheet/ccc?key=0Am8S4R_cON7JdC1DMEVqS2VnZUM3R0x1Y2U1NzQyNXc&usp=drive_web>
>>>
>>>
>>> On Mon, Mar 31, 2014 at 5:13 AM, Eoin Keary <eoin.keary at owasp.org>wrote:
>>>
>>>> May I ask where is the output from the advisory board to date?
>>>>
>>>>
>>>> Eoin Keary
>>>> Owasp Global Board
>>>> +353 87 977 2988
>>>>
>>>>
>>>> On 31 Mar 2014, at 01:28, Jim Manico <jim.manico at owasp.org> wrote:
>>>>
>>>> Thank you, Johanna. It seems that the technical review board is "not
>>>> happening" and were given a very different message at the board. This will
>>>> be a top tier discussion item next board meeting if not sooner.
>>>>
>>>> Thank you for this update.
>>>>
>>>> Aloha,
>>>> --
>>>> Jim Manico
>>>> @Manicode
>>>> (808) 652-3805
>>>>
>>>> On Mar 30, 2014, at 10:18 AM, johanna curiel curiel <
>>>> johanna.curiel at owasp.org> wrote:
>>>>
>>>> Hi Jim
>>>>
>>>> Thank you for those kind and motivating words. You are awesome too!
>>>> I think we need to be practical.
>>>>
>>>> Meetings with no concrete action plans become tiresome. That's why I
>>>> think that most project technical advisers are not participating anymore.
>>>>
>>>> We have reached a criteria to use, but again the input of the community
>>>> is the most important one, since judging all these projects must be driven
>>>> on input data from valuable sources. The opensamm was an effort that I did
>>>> not support. We just need simple surveys to ask users and the community to
>>>> score based on (for example):
>>>> Usability==> Purpose of the project satisfy a need?
>>>> Support from project leader/Contributors==> when user needs help, do
>>>> they get it from the community of contributors or project leader?
>>>> Documentation==> Is the documentation helpful enough to use the tool or
>>>> understand what is the project about?
>>>> Easiness of use==> Rate how easy is to install, use, etc
>>>> Quality==> Bugs been fixed? Actively maintain? etc..
>>>>
>>>> Each project should have a satisfaction survey, ZAP does, so every
>>>> project should do.
>>>>
>>>> How can we make this happen?
>>>>
>>>> regards
>>>>
>>>> Johanna
>>>>
>>>>
>>>>
>>>> On Sun, Mar 30, 2014 at 6:07 AM, Jim Manico <jim.manico at owasp.org>wrote:
>>>>
>>>>> Johanna,
>>>>>
>>>>> You are an awesome, consistent passionate volunteer and I always enjoy
>>>>> interacting with you! You're super-sharp and anytime you ask something of
>>>>> me I do it (except for pronouncing your home town correctly).
>>>>>
>>>>> I would be happy to help with the technical board of advisors or help
>>>>> review and manage surveys from the community. The only reason I did not do
>>>>> it originally was because of a worry about a perceived conflict of
>>>>> interest. I know these emails from me are not easy to digest, but again,
>>>>> I'm not just complaining, I'm very willing to help.
>>>>>
>>>>>
>>>>> --
>>>>> Jim Manico
>>>>> @Manicode
>>>>> (808) 652-3805
>>>>>
>>>>> On Mar 29, 2014, at 8:40 PM, johanna curiel curiel <
>>>>> johanna.curiel at owasp.org> wrote:
>>>>>
>>>>> Let me clarify here that I did not vote to use this system as rating
>>>>> criteria, I mentioned this to Samantha, It did not seemd appropiate and
>>>>> actualy the so called board of technical directors is not working, the only
>>>>> people that were contributing was me and Chuck.
>>>>> in the end, lets face it, none of us neither me nor Chuck took the
>>>>> desicion to use OPenSAMM to evaluate projects.
>>>>>
>>>>> im a practical person. I told Samatha to just use a simple survey
>>>>> where people could vote. she decided to use this system and my opinion,
>>>>> it is too complex for evaluating projects, this does not fit.
>>>>>
>>>>> So in the end, the one deciding about this was not the board of
>>>>> technical advisors which are not participating long ago in any decisions
>>>>> been taken.
>>>>>
>>>>> Right now, I havent heard anymore about any decisions been taken.
>>>>>
>>>>>
>>>>> Regards
>>>>>
>>>>> Johanna
>>>>> On Saturday, March 29, 2014, Samantha Groves <
>>>>> samantha.groves at owasp.org> wrote:
>>>>>
>>>>>> Agreed. You should have probably spoken to me directly instead of
>>>>>> posting 10 rants on public mailing lists. That would have probably been the
>>>>>> more respectable and professional thing to do. I did just spend 4 days with
>>>>>> after all.
>>>>>>
>>>>>>
>>>>>> On Sat, Mar 29, 2014 at 3:45 AM, Jim Manico <jim.manico at owasp.org>wrote:
>>>>>>
>>>>>>  Samantha,
>>>>>>
>>>>>> I am not on the board of technical directors because it is a deep
>>>>>> conflict of interest since I manage so many OWASP technical projects. I
>>>>>> invest tons of energy and time as an OWASP volunteer in many other ways. I
>>>>>> have provided *criteria* for technical project evaluations on
>>>>>> several occasions throughout the years as well. Technical evaluation is
>>>>>> just one criteria of quality, and yes I've reviewed all the links you
>>>>>> shared and think you are mostly on the right track with your evaluation
>>>>>> teams.
>>>>>>
>>>>>> Samantha, evaluating the quality of a OWASP project using OpenSAMM, a
>>>>>> Software Development Lifecycle Evaluation criteria, seems so far from the
>>>>>> mission of evaluating projects for quality, I felt I needed to step up and
>>>>>> speak out so we stop this practice immediately and move to a quality based
>>>>>> evaluation.
>>>>>>
>>>>>> The *measurement* of projects for quality is, per my understanding,
>>>>>> the main reason we hired you. You have done a great job of building teams
>>>>>> to work on this, but I implore you to condense the evaluation form into one
>>>>>> form for each type of project, and minimize the OpenSAMM questions. I am
>>>>>> loud about this because I see the evaluations underway already and we need
>>>>>> to streamline this process into something that is scalable and effective.
>>>>>>
>>>>>> I realize you are managing 177 projects *and more*. We may want to
>>>>>> change your focus from traveling to conferences (since we hired Laura Grau
>>>>>> to manage conferences) so you can focus more on your project management
>>>>>> duties. This is of course Sarah's call.
>>>>>>
>>>>>> I have no problem with your critique of my personality, that's fine.
>>>>>> But that does not change the fact that we desperately need proper quality
>>>>>> evaluation of projects and I implore you to heed my advice. I see in your
>>>>>> report that you are about to undertake a review of all flagships, that is
>>>>>> another reason why I am loudly suggesting you change course and stop using
>>>>>> the OpenSAMM criteria.
>>>>>>
>>>>>> - Jim
>>>>>>
>>>>>>
>>>>>>
>>>>>>
>>>>>>
>>>>>>
>>>>>>  Jim,
>>>>>>
>>>>>>  I am sorry to disappoint you, but no you were not the only leader
>>>>>> to throw a tantrum on the staff this week. You certainly were one of them,
>>>>>> but not the only one. I deal with over 100 leaders in any given day so to
>>>>>> assume that my reports are only about your actions is very inaccurate.
>>>>>>
>>>>>>  Now, I appreciate your concerns, and if you would take the time to
>>>>>> read about the very hard work our community members have accomplished
>>>>>> (mainly our technical project advisors<http://owasp.blogspot.com/2013/09/meet-our-new-technical-project-advisors.html> who
>>>>>> are very "Technical") that were brought together after you refused to help
>>>>>> me put this assessment criteria together after yet another tantrum of
>>>>>> yours, you would know the hard work that went into creating this
>>>>>> system/criteria. I recommend familiarizing yourself with the process before
>>>>>> making very inaccurate assumptions about what is actually happening.
>>>>>>
>>>>>>  What the advisors did at the summit<https://www.owasp.org/images/c/c3/OWASP_2013_PROJECT_SUMMIT_REPORT.pdf>:
>>>>>> pg. 25
>>>>>>
>>>>>>  Definition of assessments/reviews: Chapter 7<https://www.owasp.org/images/d/d8/PROJECT_LEADER-HANDBOOK_2014.pdf>
>>>>>>
>>>>>>  Jim, I love and respect you as a person, but this behavior is very
>>>>>> detrimental to our community and serves no purpose other than to alienate
>>>>>> very hard working volunteers that are taking on a task that has not been
>>>>>> able to be managed in a very long time (even before my time here) due to
>>>>>> the large amount of projects we have in our inventory and the lack of
>>>>>> resources we have as an organization. You, as one of our Board of
>>>>>> Directors, should know this better than anyone in our community. If you
>>>>>> have a better way of managing this, then by all means recommend it. Just
>>>>>> remember, I am not managing 5 projects, I am managing 177 and our system
>>>>>> must accommodate them all.
>>>>>>
>>>>>>
>>>>  _______________________________________________
>>>> Owasp-board mailing list
>>>> Owasp-board at lists.owasp.org
>>>> https://lists.owasp.org/mailman/listinfo/owasp-board
>>>>
>>>>
>>>
>>> _______________________________________________
>>> OWASP-Leaders mailing list
>>> OWASP-Leaders at lists.owasp.org
>>> https://lists.owasp.org/mailman/listinfo/owasp-leaders
>>>
>>>
>>
>>
>> --
>>
>> *Samantha Groves, MBA*
>>
>> *OWASP Projects Manager*
>>
>>
>> The OWASP Foundation
>>
>> Phoenix, USA
>>
>> Email: samantha.groves at owasp.org
>>
>> Skype: samanthahz
>>
>>
>> OWASP Global Projects<https://www.owasp.org/index.php/Category:OWASP_Project>
>>
>> Book a Meeting with Me <http://goo.gl/mZXdZ>
>>
>> OWASP Contact US Form <http://owasp4.owasp.org/contactus.html>
>>
>> New Project Application Form <http://www.tfaforms.com/263506>
>>
>>
>>
>>
>> _______________________________________________
>> Owasp-board mailing list
>> Owasp-board at lists.owasp.org
>> https://lists.owasp.org/mailman/listinfo/owasp-board
>>
>>
>
>
> --
> Dennis Groves <http://about.me/dennis.groves>, MSc
> Email me, <dennis.groves at owasp.org> or schedule a meeting<http://goo.gl/8sPIy>
> .
> *This email is licensed under a CC BY-ND 3.0
> <http://creativecommons.org/licenses/by-nd/3.0/deed.en_GB> license.*
> Stand up for your freedom to install free software.<http://www.fsf.org/campaigns/secure-boot/statement>
> Please do not send me Microsoft Office/Apple iWork documents.
> Send OpenDocument <http://fsf.org/campaigns/opendocument/> instead!
>
> <http://www.owasp.org/>
>
> _______________________________________________
> Owasp_project_leader_list mailing list
> Owasp_project_leader_list at lists.owasp.org
> https://lists.owasp.org/mailman/listinfo/owasp_project_leader_list
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/owasp_project_leader_list/attachments/20140331/fab5bef4/attachment-0001.html>


More information about the Owasp_project_leader_list mailing list