[GPC] SoC '09, RFP questions

Boberski, Michael [USA] boberski_michael at bah.com
Thu May 14 13:13:20 EDT 2009

I'd offer my $0.02 that certain things need to be clarified. 
However that's done, FAQ or otherwise, it's up to you :-)
Mike B.


From: paulo coimbra [mailto:pcoimbra at owasp.org] On Behalf Of Paulo
Sent: Thursday, May 14, 2009 1:06 PM
To: 'Jason Li'; Boberski, Michael [USA]; 'Global Projects Committee'
Subject: RE: [GPC] SoC '09, RFP questions

Committee, Mike,


I was thinking in creating a FAQs section in the SoC 09 wiki page
beginning by using the appropriate parts of the content below. Do you




Paulo Coimbra,

OWASP Project Manager <https://www.owasp.org/index.php/Main_Page> 


From: li.jason.c at gmail.com [mailto:li.jason.c at gmail.com] On Behalf Of
Jason Li
Sent: quinta-feira, 14 de Maio de 2009 17:48
To: Boberski, Michael [USA]
Cc: paulo.coimbra at owasp.org; Global Projects Committee
Subject: Re: [GPC] SoC '09, RFP questions




I was not able to attend the recent meeting the GPC had in Poland
regarding the SoC protocol, but here was my understanding of it prior to
that meeting and I do not believe the rules of engagement have changed.


With regards to your first question, yes, we are relying more on project
proposals this year. We are hoping for this season of code to be geared
more towards improving existing projects rather than create a new wave
of new projects by having a list of projects as in the previous year.
That is not to say that we will not accept any new ideas - any proposal
will be accepted for review by the SoC Jury. But rather than provide a
list of ideas which encourages a tide of new projects, we're hoping to
focus on improving existing projects while still allowing new and
innovative project ideas to pop up.


Also, as you may have seen in traffic on the list, we are currently in
the process of identifying projects that have been abandoned by their
project leaders and it's our intention to include these projects as an
adoption option for SoC when it is officially launched next week.


In regards to your second question, this discussion was undergoing much
debate but I believe the conclusion was that there is no mandate to
reach any particular quality level. It will be up to the project
proposer to create a clearly defined roadmap with milestones and for the
proposer to identify which quality level they wish to reach. The SoC
Jury will examine the project roadmap and deliverables and take into
consideration whether the quality level identified in the roadmap is
appropriate for the amount of work proposed for the project. As
appropriate, the SoC Jury will provide feedback on proposals if they
feel the quality level is too low.


As an extreme example, a project proposal to create a one page
cheat-sheet for CSRF that selects "Alpha" quality will most likely be
referred back to the proposer with a request that the proposal target
"Stable" quality as the amount of work involved in a one page
cheat-sheet should allow for reaching "Stable".


On the other hand, a project proposal to create a comprehensive security
framework like ESAPI for say, PHP, that selects "Alpha" quality may be
viewed more favorably because the expected work involved may be
considerably more.


Regardless of the quality level selected, the SoC Jury will also be
judging the project roadmap to ensure that the deliverables and
milestones are appropriate; payment for SoC will be directly tied to
completion of the project's proposed milestones in the roadmap and
therefore it is expected that the roadmap will include significant
detail about the work involved.


Hope that helps! LMK if you have further questions.
-Jason Li-
-jason.li at owasp.org-

On Thu, May 14, 2009 at 12:25 PM, Paulo Coimbra
<paulo.coimbra at owasp.org> wrote:



I thank your interest and pertinent questions and I am carbon copying
the Global Projects Committee as its members may want to provide the
adequate answers. 




Paulo Coimbra,

OWASP Project Manager <https://www.owasp.org/index.php/Main_Page> 


From: Boberski, Michael [USA] [mailto:boberski_michael at bah.com] 
Sent: quinta-feira, 14 de Maio de 2009 16:27
To: Paulo Coimbra
Subject: SoC '09, RFP questions


Paulo, looking at
http://www.owasp.org/index.php/OWASP_Season_of_Code_2009, I have a few


Question #1. Is it correct that there is not a list with specific
requests for proposals as was done with the SoC '08, that instead you're
relying on participants to propose specific projects, ideally that fall
within those four listed areas?


Question #2. Do projects need to reach Alpha or Beta quality?




Mike B.



Global-projects-committee mailing list
Global-projects-committee at lists.owasp.org


-------------- next part --------------
An HTML attachment was scrubbed...
URL: https://lists.owasp.org/mailman/private/global-projects-committee/attachments/20090514/33ad9103/attachment.html 

More information about the Global-projects-committee mailing list