[GPC] OWASP Ajax Security project

Boberski, Michael [USA] boberski_michael at bah.com
Fri May 29 16:30:57 EDT 2009


Jason that really needs to be clarified on the SoC page. The "20k" mention is still there, even!!

I also think, respectfully to the larger audience, that's a HUGE mistake.  

The funds were never enough to cover the work. A couple grand is a nice "award" type amount and a positive way to start off a relationship.

Mike B.
 

-----Original Message-----
From: li.jason.c at gmail.com [mailto:li.jason.c at gmail.com] On Behalf Of Jason Li
Sent: Friday, May 29, 2009 4:25 PM
To: Boberski, Michael [USA]
Cc: paulo.coimbra at owasp.org; global-projects-committee at lists.owasp.org
Subject: Re: [GPC] OWASP Ajax Security project

Michael,

I meant to follow up on this earlier - sorry about that.

The direction the Board has decided to go with SoC funds is that they shouldn't be use to pay for technical work by our community members.
The hope is to get away from using money as the incentive for our community members to become more active and involved. Rather, they would like the funds to be used for things that the OWASP community could not otherwise produce - for example, physical books for promotion, graphic design costs for documentation, design work for templates, etc.

The SoC money would be allocated to the budgets for accepted projects and the budgets would be presumed for "operating costs" so to speak as opposed to "development costs".

It's a huge change in direction to be sure.

-Jason

On Fri, May 22, 2009 at 4:18 PM, Boberski, Michael [USA] <boberski_michael at bah.com> wrote:
> If no one is going to get paid anything for SoC, you should say that on the website.
>
> That 20k mention is still hanging around, too.
>
> What are you going to do with all the SoC money?
>
> Sorry if I missed something, the turn this thread went caught my eye.
>
> Mike B.
>
>
> -----Original Message-----
> From: global-projects-committee-bounces at lists.owasp.org 
> [mailto:global-projects-committee-bounces at lists.owasp.org] On Behalf 
> Of Paulo Coimbra
> Sent: Friday, May 22, 2009 4:12 PM
> To: 'Jason Li'
> Cc: global-projects-committee at lists.owasp.org
> Subject: Re: [GPC] OWASP Ajax Security project
>
> I meant other costs/investments than the costs of leadership and/or software developing/research work. If we say "Joint proposals (up to 20k) are highly encouraged" and SoC 09 budget is =< 90K it does mean that we are counting on allocating funds and that the universe of approved proposals is limited. Is that right?
>
> Are we also considering the approval of projects without budget? If yes, does it make sense? Would the expectancy of having the non funded projects committed with the program's duties be realistic?
>
>
> Paulo Coimbra,
> OWASP Project Manager
>
>> >-----Original Message-----
>> >From: li.jason.c at gmail.com [mailto:li.jason.c at gmail.com] On Behalf 
>> >Of Jason Li
>> >Sent: sexta-feira, 22 de Maio de 2009 19:07
>> >To: paulo.coimbra at owasp.org
>> >Cc: global-projects-committee at lists.owasp.org
>> >Subject: Re: [GPC] OWASP Ajax Security project
>> >
>> >Based on the recent Board decision regarding the use of OWASP money 
>> >for SoC this time around, SoC money will be used solely for expenses 
>> >and not to "pay" project contributors. It seems to me that under 
>> >that philosophy, we will be able to accept many proposals without 
>> >needing to award any monetary grant. In effect, we're just using SoC 
>> >as a vehicle to solicit proposals and establish a framework to 
>> >choose the best proposals.
>> >
>> >In fact, I see the "new" SoC mentality to essentially be a large 
>> >series of Requests for Proposals (RFPs).
>> >
>> >So I don't think there is a danger that someone submits a proposal 
>> >to take over a project and we are unable to "award" them project 
>> >leadership. But in routing the proposals through SoC, we get to see 
>> >their proposed vision for the project (especially if we end up in a 
>> >situation with more than one volunteer) rather than just simply 
>> >handing off the project to someone who's spoken up first.
>> >
>> >-Jason
>> >
>> >
>> >On Fri, May 22, 2009 at 2:01 PM, Paulo Coimbra 
>> ><paulo.coimbra at owasp.org> wrote:
>> >> My answers are below inline.
>> >>
>> >>
>> >>
>> >> Thanks,
>> >>
>> >>
>> >>
>> >> Paulo
>> >>
>> >>
>> >>
>> >> From: li.jason.c at gmail.com [mailto:li.jason.c at gmail.com] On Behalf
>> >Of Jason
>> >> Li
>> >> Sent: sexta-feira, 22 de Maio de 2009 18:26
>> >> To: paulo.coimbra at owasp.org
>> >> Cc: global-projects-committee at lists.owasp.org
>> >> Subject: Re: [GPC] OWASP Ajax Security project
>> >>
>> >>
>> >>
>> >> I admit I haven't been tracking very carefully, but have we gotten
>> >any
>> >> conflicting volunteers for projects?
>> >>
>> >>
>> >>
>> >> [pc] I have been trying and keeping this spreadsheet
>> >>
>> >https://spreadsheets.google.com/a/owasp.org/ccc?key=rHFvhU15v3S3myFq
>> >S
>> >W
>> >QVXyg&hl=en
>> >> permanently updated. Of course, something can have failed me but
>> >otherwise
>> >> we just have Anurag's proposal to assume the Ajax leadership.
>> >>
>
> [pc]
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>> >>
>> >>
>> >> In other words, is there a project out there that appears 
>> >> abandoned
>> >that
>> >> more than one person has volunteered to take over?
>> >>
>> >>
>> >>
>> >> [pc] As above, I think not - at least until now.
>> >>
>> >>
>> >>
>> >> Either way, I think our best course of action is to have anyone
>> >interested
>> >> in taking over a project submit a proposal to SoC to become the 
>> >> new
>> >project
>> >> leader. That allows us to objectively determine whether they 
>> >> should
>> >be
>> >> handed the project.
>> >>
>> >>
>> >>
>> >> [pc]  I am not sure. What would happen if a proposal was refused 
>> >> in
>> >terms of
>> >> SoC for monetary reasons and we needed a leadership for the 
>> >> project
>> >in
>> >> question?
>> >>
>> >>
>> >>
>> >> Thoughts?
>> >>
>> >> --
>> >>
>> >> -Jason Li-
>> >>
>> >> -jason.li at owasp.org-
>> >>
>> >>
>> >>
>> >>
>> >>
>> >>
>> >>
>> >> On Fri, May 22, 2009 at 1:20 PM, Paulo Coimbra
>> ><paulo.coimbra at owasp.org>
>> >> wrote:
>> >>
>> >>> Dear Anurag Agarwal,
>> >>
>> >>>
>> >>
>> >>>
>> >>
>> >>>
>> >>
>> >>> Thanks for volunteering to assume the OWASP Ajax Security project
>> >>
>> >>> leadership. The decision belongs to the Global Projects Committee
>> >as a
>> >>
>> >>> whole and so I am copying carbon them. I am sure your due answer
>> >won't
>> >>> take long.
>> >>
>> >>>
>> >>
>> >>>
>> >>
>> >>>
>> >>
>> >>> I take the opportunity to inform you that I am dealing with the
>> >>
>> >>> proposal that you have kindly sent off and very soon I will get
>> >back
>> >>
>> >>> to you with more information and details.
>> >>
>> >>>
>> >>
>> >>>
>> >>
>> >>>
>> >>
>> >>> Many thanks, regards,
>> >>
>> >>>
>> >>
>> >>> Paulo Coimbra,
>> >>
>> >>>
>> >>
>> >>> OWASP Project Manager
>> >>
>> >>>
>> >>
>> >>>
>> >>
>> >>>
>> >>
>> >>>
>> >>
>> >>>
>> >>
>> >>> Committee,
>> >>
>> >>>
>> >>
>> >>>
>> >>
>> >>>
>> >>
>> >>> For your information please below Anurag Agarwal's background:
>> >>
>> >>>
>> >>
>> >>>
>> >>
>> >>>
>> >>
>> >>> Anurag Agarwal is a web application security evangelist and
>> >Director
>> >>
>> >>> of Education Services at WhiteHat Security. He has 14 years of
>> >>
>> >>> experience designing, developing, managing and (5+ years) 
>> >>> securing
>> >web
>> >>
>> >>> applications and has worked for companies like Citigroup, Cisco,
>> >HSBC
>> >>
>> >>> Bank, GE Medical Systems, etc. He is CISSP certified and a Sun
>> >>
>> >>> Certified Java Developer. He is an active contributor to the web
>> >>
>> >>> application security field and has written several articles on
>> >secure
>> >>
>> >>> design and coding, spoken at various conferences and maintains a
>> >>
>> >>> website (http://www.attacklabs.com), where he has published 
>> >>> several
>> >>
>> >>> proof of concepts on various attacks. He is associated with WASC
>> >and
>> >>
>> >>> OWASP and has a blog on web application security at
>> >>
>> >>> http://myappsecurity.blogspot.com
>> >>
>> >>>
>> >>
>> >>>
>> >>
>> >>>
>> >>
>> >>> Technical Architect : Chander Singh
>> >(chander.singh at myappsecurity.com)
>> >>
>> >>>
>> >>
>> >>>
>> >>
>> >>>
>> >>
>> >>> Specific activities and roles:
>> >>
>> >>>
>> >>
>> >>>
>> >>
>> >>>
>> >>
>> >>> Project Management and external interface - Anurag Agarwal Design
>> >and
>> >>
>> >>> Development - Anurag Agarwal and Chander Singh Maintenance -
>> >Chander
>> >>
>> >>> Singh
>> >>
>> >>>
>> >>
>> >>>
>> >>
>> >>>
>> >>
>> >>>
>> >>
>> >>>
>> >>
>> >>> Thanks,
>> >>
>> >>>
>> >>
>> >>>
>> >>
>> >>>
>> >>
>> >>> Paulo Coimbra,
>> >>
>> >>>
>> >>
>> >>> OWASP Project Manager
>> >>
>> >>>
>> >>
>> >>>
>> >>
>> >>>
>> >>
>> >>> From: Anurag Agarwal [mailto:anurag.agarwal at yahoo.com]
>> >>
>> >>> Sent: segunda-feira, 18 de Maio de 2009 16:57
>> >>
>> >>> To: Paulo Coimbra (OWASP)
>> >>
>> >>> Subject: OWASP Ajax Security project
>> >>
>> >>>
>> >>
>> >>>
>> >>
>> >>>
>> >>
>> >>> Hi Paulo - I would be interested in leading OWASP Ajax Security
>> >>
>> >>> project in case the current leader is not interested. Let me know
>> >>
>> >>>
>> >>
>> >>>
>> >>
>> >>>
>> >>
>> >>> Cheers,
>> >>
>> >>>
>> >>
>> >>>
>> >>
>> >>>
>> >>
>> >>> Anurag Agarwal
>> >>
>> >>>
>> >>
>> >>>
>> >>
>> >>>
>> >>
>> >>> Web: www.attacklabs.com , www.myappsecurity.com
>> >>
>> >>>
>> >>
>> >>> Email : anurag.agarwal at yahoo.com
>> >>
>> >>>
>> >>
>> >>> Blog : http://myappsecurity.blogspot.com
>> >>
>> >>>
>> >>
>> >>>
>> >>
>> >>>
>> >>
>> >>>
>> >>
>> >>>
>> >>
>> >>> _______________________________________________
>> >>
>> >>> Global-projects-committee mailing list
>> >>
>> >>> Global-projects-committee at lists.owasp.org
>> >>
>> >>> https://lists.owasp.org/mailman/listinfo/global-projects-committe
>> >>> e
>> >>
>> >>>
>> >>
>> >>>
>
> _______________________________________________
> Global-projects-committee mailing list 
> Global-projects-committee at lists.owasp.org
> https://lists.owasp.org/mailman/listinfo/global-projects-committee
>


More information about the Global-projects-committee mailing list