It is fascinating when folks who share their opinion in the blogosphere when they don't know what they're talking about...
In order for a discussion to go anywhere, it requires not just pontification of opinion but some facts as well. Robert McIdiot posted Suggestions for the OWASP maturity model
which factually proves that he should more frequently exercise his right to remain silent. Anyway, let's dissect his confusion to see if there is any insight.
The Enterprise Dilettante is named "project leader" for the "maturity model" project for a relatively new outfit named OWASP - why does the acronym remind me of a venomous insect and not an internationally recognized standards body?
I wonder what his definition of new is? OWASP is internationally recognized and has chapters in at least 125 different parts of the planet. I guess he could have simply visited the web page to figure out the locations along with figuring out the logo. I wonder if he is aware that the folks who created the capability maturity model also aren't from a standards body. They are from a University! Maybe he isn't aware that folks from the community at large also participate in improving CMMi? Maybe, researching something isn't he ever does and instead expects others to spoonfeed him.
I wonder what he'll do about contributions to this "effort," particularly code, from India, or eastern Europe.
The work of OWASP is 100% open source and anyone is free to join. While none of the participants on this project currently reside in either India or Eastern Europe, they are more than welcome to participate. If you know of folks from Wipro, Cognizant, TCS, Satyam, Infosys or other firms that are willing to participate, I will welcome them with open arms.
yet rail about offshoring even though current IT employment in the US is higher now in 2008 than it was before the dot-bomb implosion earlier in this decade.
Ahh, creative accounting. Robert, there are many statistics that indicate that the number of IT jobs in America is declining by 3% a year. If lots of folks leave the profession at a rate higher than openings, your numbers hold true but are otherwise dishonest. Robert, I bet you don't have any statistics on IT employees who got displaced by outsourcing as to the percentage that managed to get a pay increase vs those who took a pay cut?
So Jimbo, what's your "maturity model" going to look like? Code? Process (heaven forbid)? Powerpoint (OMG)? How heavy is it? How light? How constrained by the Agile Manifesto? Or not? Bottom line dude: who does it successfully serve?
Now I am certain that he wants me to spoonfeed him like a big baby. A simple visit to the site and he would have actually seen an early draft and been able to form an intelligent opinion.
It's one thing to get on a soap box and bleat endless platitudes that in the end mean nothing to anyone. On the other hand, if you have something of value to deliver...we're waiting, but not holding our collective breath.
I know in is ingrained into your persona to sit on the sidelines instead of jumping in and playing the game with the big boys. If you think you can do a better job of creating a maturity model around security, then be my guest. In order to create a maturity model, you at some level must be mature...
Show me - and I'm betting that you can't.
I know you aspire to be a credible enterprise architect, but you really need to stick to project management. Oops, a competent project manager would understand that heroics isn't the answer but teamwork is. By assembling the best and brightest from all over the planet, OWASP will produce a competent security maturity model. I am not alone in this undertaking and any deficiencies I have, will be more than made up by the truly high caliber individuals I am working with on this project.
If you want to make bets, I bet that you couldn't competently run an open source project because you can only
succeed based on command and control. I bet you don't even comprehend the value proposition of open source nor the community model at large. I would bet though that you will either post a stupid response regarding open source or simply practice remaining silent.
Anyway, I hope that the organizations that Robert Mcilree consults for truly get what they pay for...