[Owasp-natal] Dinis Cruz blog: OWASP Project Reboot 2012 - Here is a better model
caiogore em gmail.com
Sexta Abril 20 01:37:55 UTC 2012
THURSDAY, 19 APRIL 2012
OWASP Project Reboot 2012 - Here is a better model
In the last ROI on OWASP investment on Projects (ie paying leaders) post I
mentioned that we need a better model to empower OWASP leaders with
available funds (which seem to be at the moment about 100,000 USD)
My proposal / idea is to create a OWASP Project Sponsorship model based on
these following simple rules:
OWASP makes available a budget for OWASP Projects (for example 100k)
OWASP leaders are free to use that money in anyway they want, with only the
They can't pay another OWASP leaders or a company that an OWASP leader is
directly connected to
For amounts less than $500 they add its description to the respective OWASP
WIKI page 24h before they commit to make the expense
For amounts less than $5000 they add its description to the respective
OWASP WIKI 7 days before they commit to make the expense
Each expense item is mapped to an individual OWASP leader and multiple
OWASP Leaders can work together.
Payments will be made by Alison on Invoice submission (by paypal or direct
After the budget is spent (or in 6 months time), OWASP will review the
outcomes and see if these rules need to be changed
And that's it!
This will allow the OWASP leaders (of any type) to just get on with it and
find the best ways to take OWASP projects to the next level.
After you read this idea, take a look at the current Project Reboot
Proposal at the OWASP Wiki.
From my point of view, there are a number of problems with that proposal:
It allows the payment of OWASP leaders (see Why OWASP can't pay OWASP
Leaders for a list of reasons why this is a bad idea)
It doesn't learn from the past and all the hard work that went into the
OWASP Season Of Code (SoC) concept - This proposal is basically OWASP SoC
2012, so at least least reuse what has been done before:
It puts the barrier of entry as an OWASP Membership (which is a 50USD
registration) - I would put this barrier of entry at OWASP Leader level,
since those are individuals that have earned OWASP's trust and have
delivered (note that the issue of 'does an OWASP leader deserve to be
OWASP leader' is a separate thread)
There are a lot of pieces missing - If we are going down this path (which
again is OWASP SoC 2012), then we will need to be as transparent and
efficient as the last OWASP SoC. To get a better picture of what will need
to be done, spend some time with the amazing pages that Paulo Coimbra (and
the GPC) created on
https://www.owasp.org/index.php/Category:OWASP_Season_of_Code (for example
a lesson learned from past SoC is that all proposals must be submitted via
the OWASP wiki)
There is no Project Manager - Investing in OWASP projects in this way is a
full time job. The first step should be to hire a project manager to work
on this (one of the beauties of the model I propose above is that is much
lighter to implement (since there is a high degree of self control)
Finally, don't get me wrong! Investing on OWASP's projects is one of most
important things that OWASP needs to do, and if the Project Reboot Proposal
is approved, we will be better than we were before.
The reasons for this post, is that I just think there is a better and
simpler way of doing it :)
" Eu quero saber como renomear um arquivo " ele diz.
Por favor, é dia de pagamento, não é?! Mas eu estou de bom humor.
" Claro. Basta dar 'rm' e o nome do arquivo "
" Obrigado "
Noilson Caio Teixeira de Araújo
Linux Professional Institute Certification LPI000182893
Novell Certified Linux Administrator (CLA) 10111916
Novell Data Center Technical Specialist
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Owasp-natal