[GPC] SoC '09, RFP questions

Paulo Coimbra paulo.coimbra at owasp.org
Thu May 14 13:06:11 EDT 2009

Committee, Mike,


I was thinking in creating a FAQs section in the SoC 09 wiki page beginning
by using the appropriate parts of the content below. Do you agree?




Paulo Coimbra,

 <https://www.owasp.org/index.php/Main_Page> OWASP Project Manager


From: li.jason.c at gmail.com [mailto:li.jason.c at gmail.com] On Behalf Of Jason
Sent: quinta-feira, 14 de Maio de 2009 17:48
To: Boberski, Michael [USA]
Cc: paulo.coimbra at owasp.org; Global Projects Committee
Subject: Re: [GPC] SoC '09, RFP questions




I was not able to attend the recent meeting the GPC had in Poland regarding
the SoC protocol, but here was my understanding of it prior to that meeting
and I do not believe the rules of engagement have changed.


With regards to your first question, yes, we are relying more on project
proposals this year. We are hoping for this season of code to be geared more
towards improving existing projects rather than create a new wave of new
projects by having a list of projects as in the previous year. That is not
to say that we will not accept any new ideas - any proposal will be accepted
for review by the SoC Jury. But rather than provide a list of ideas which
encourages a tide of new projects, we're hoping to focus on improving
existing projects while still allowing new and innovative project ideas to
pop up.


Also, as you may have seen in traffic on the list, we are currently in the
process of identifying projects that have been abandoned by their project
leaders and it's our intention to include these projects as an adoption
option for SoC when it is officially launched next week.


In regards to your second question, this discussion was undergoing much
debate but I believe the conclusion was that there is no mandate to reach
any particular quality level. It will be up to the project proposer to
create a clearly defined roadmap with milestones and for the proposer to
identify which quality level they wish to reach. The SoC Jury will examine
the project roadmap and deliverables and take into consideration whether the
quality level identified in the roadmap is appropriate for the amount of
work proposed for the project. As appropriate, the SoC Jury will provide
feedback on proposals if they feel the quality level is too low.


As an extreme example, a project proposal to create a one page cheat-sheet
for CSRF that selects "Alpha" quality will most likely be referred back to
the proposer with a request that the proposal target "Stable" quality as the
amount of work involved in a one page cheat-sheet should allow for reaching


On the other hand, a project proposal to create a comprehensive security
framework like ESAPI for say, PHP, that selects "Alpha" quality may be
viewed more favorably because the expected work involved may be considerably


Regardless of the quality level selected, the SoC Jury will also be judging
the project roadmap to ensure that the deliverables and milestones are
appropriate; payment for SoC will be directly tied to completion of the
project's proposed milestones in the roadmap and therefore it is expected
that the roadmap will include significant detail about the work involved.


Hope that helps! LMK if you have further questions.
-Jason Li-
-jason.li at owasp.org-

On Thu, May 14, 2009 at 12:25 PM, Paulo Coimbra <paulo.coimbra at owasp.org>



I thank your interest and pertinent questions and I am carbon copying the
Global Projects Committee as its members may want to provide the adequate




Paulo Coimbra,

 <https://www.owasp.org/index.php/Main_Page> OWASP Project Manager


From: Boberski, Michael [USA] [mailto:boberski_michael at bah.com] 
Sent: quinta-feira, 14 de Maio de 2009 16:27
To: Paulo Coimbra
Subject: SoC '09, RFP questions


Paulo, looking at http://www.owasp.org/index.php/OWASP_Season_of_Code_2009,
I have a few questions.


Question #1. Is it correct that there is not a list with specific requests
for proposals as was done with the SoC '08, that instead you're relying on
participants to propose specific projects, ideally that fall within those
four listed areas?


Question #2. Do projects need to reach Alpha or Beta quality?




Mike B.



Global-projects-committee mailing list
Global-projects-committee at lists.owasp.org


-------------- next part --------------
An HTML attachment was scrubbed...
URL: https://lists.owasp.org/mailman/private/global-projects-committee/attachments/20090514/fe00df7b/attachment.html 

More information about the Global-projects-committee mailing list