[GPC] [RFC] Note for Leaders: Project Health Benefits - Using the "OWASP" Name

Dinis Cruz dinis.cruz at owasp.org
Thu May 21 06:08:02 EDT 2009

Interresting idea, let's talk about it tonigth

Dinis Cruz

On 20 May 2009, at 19:01, Brad Causey <bradcausey at gmail.com> wrote:

> (What angry emails?) <347.png>
> I think thats a great idea Jason. There has to be some motivation,  
> and in a continuing effort to raise the "brand" of OWASP, setting  
> higher standards to projects we associate ourselves with is a great  
> step in the right direction. I'm all for it.
> -Brad Causey
> http://www.AppSecLive.org
> On Wed, May 20, 2009 at 12:45 PM, Jason Li <jason.li at owasp.org> wrote:
> Hey guys,
> Here's an email that I drafted that I'd like to send to the leaders
> list. Thoughts?
> --
> -Jason Li-
> -jason.li at owasp.org-
> Leaders,
> The last couple of weeks, the GPC has gotten several angry emails from
> various project owners in response to some of the initiatives that the
> GPC is undertaking.
> As you are hopefully aware, the GPC is trying to increase the quality
> of all OWASP projects by establishing a level of consistency and
> organization across our projects.
> What I'm gathering from this trend of pushback though is that while
> people generally agree with the direction we are trying to go in
> raising the quality of OWASP projects, there are people who don't want
> to be subject to any "bureaucratic" rules. In a sense, there's kind of
> a "not in my backyard" mentality: everyone agrees that the quality of
> OWASP projects needs to be improved but when it comes to their
> specific project, the rules need not apply because they are going to
> release something "soon", or they are a long time OWASP contributor,
> etc.
> As such, I think we're going to be facing a crossroads - people still
> want to contribute, but there will be a subset of those people who
> don't want to do what is necessary to be consistent with a high
> quality OWASP project.
> Right now, we don't really have any carrot/stick to encourage project
> owners in the direction towards quality. The GPC is working on a
> proposal to encapsulate project health, which establishes three
> "levels" of quality for projects (see
> https://www.owasp.org/index.php/Assessing_Project_Health). We expect
> most projects to reach Level 2 status with a small set of projects
> reaching Level 3 status.
> The motivation for project owners to move from Level 2 to Level 3 is
> that we intend to prominently highlight projects that reach Level 3 on
> the OWASP site. But right now, we have no motivation for project
> leaders to proceed to Level 2.
> As I was going through the project surveys, it occurred to me that an
> overwhelming number of projects call themselves the "OWASP XYZ". I'd
> like to propose that a project can't include the OWASP "name" until
> they reach a certain quality level.
> The OWASP "name" is something that belongs to the OWASP Foundation so
> it is something that we (as the community) can legitimately "control".
> It's also something important that was should protect because any
> project bearing the OWASP name reflects the OWASP brand and if the
> quality is not up to par, then it damages the perception of OWASP for
> all projects.
> _______________________________________________
> Global-projects-committee mailing list
> Global-projects-committee at lists.owasp.org
> https://lists.owasp.org/mailman/listinfo/global-projects-committee
> _______________________________________________
> Global-projects-committee mailing list
> Global-projects-committee at lists.owasp.org
> https://lists.owasp.org/mailman/listinfo/global-projects-committee
-------------- next part --------------
An HTML attachment was scrubbed...
URL: https://lists.owasp.org/mailman/private/global-projects-committee/attachments/20090521/aa51755a/attachment.html 

More information about the Global-projects-committee mailing list