Friday 4 December 2015

Paying OWASP Leaders and some ideas on how OWASP should be supporting its projects

(based on an email to the owasp-leaders list)

The reasons why I believe OWASP  should not be allowed to pay owasp leaders are listed here http://blog.diniscruz.com/2012/04/why-owasp-cant-pay-owasp-leaders.html

And since I have not been on the OWASP board for about 5 years, I think we need to realise that IF it was possible to pay owasp leaders to work on OWASP projects, THAT (paying owasp leaders) would have happened by now (after all, there has been enough budget to make that happen)

The problem is that there is still this 'idea' that "IF ONLY we could do that (pay owasp leaders) amazing stuff would happen". 

Sometimes it is better to be clear on the rules of engagement, so that the energy can be focused on ideas that work

For example paying expenses to get OWASP leaders together or project related operational expenses, is a much more realistic target for the available funds (in fact we already have good track record in using funds that way)

When I spoke with Jim Manico recently, he mentioned the idea of hiring technical editors to work on OWASP projects (from a global point of view). Just to be clear, as long as they are not OWASP Leaders, I think that would also be a great use of OWASP funds.

Think for example how useful would it be to provide our OWASP projects support with:
 - documentation 
 - diagrams
 - pagination, copy editing, spelling, index pages (for docs projects)
 - README(s)
 - installation scripts
 - QA/Testing
 - Writing Unit tests

Remember that IF was possible to pay owasp leaders, by now, we should have already a couple success stories.

For me what OWASP can really do for its projects is to provide: 
 - a community, 
 - a stage to present it
 - as much operational support as possible 
 - love and energy