[Owasp-board] OWASP Funding for ESAPI Project Manager

Dave Wichers dave.wichers at owasp.org
Tue Apr 6 17:57:03 UTC 2010

Here are my thoughts on this proposed effort:


The ESAPI for Java project currently has over a dozen active contributors
and the five plus other ESAPI language specific projects have other
contributors as well.


Jim Manico has been an active contributor for the ESAPI for Java project for
several years and in the last six months or so has transitioned primarily
into the extremely important but less interesting and glorious roll as the
ESAPI for Java project manager/build wrangler. He is looking to transition
this role to another volunteer but finding such a volunteer who has the time
and expertise is very difficult. No one has stepped up in the past 3-4
months, for example.


I asked him if he would be willing to continue in this role at a more active
level if OWASP could provide a small amount of funding for this and he has
graciously offered to work 25 hours / month on this at $40 / hour, which is
an extremely discounted rate.


This role would not be to provide core technical contributions to ESAPI, but
rather to manage the project, support all the contributors, manage and
streamline the build/release process, etc. A small amount of funding here
can significantly enhance and ease the contributions of numerous volunteers.


Jim should be able to provide some level of support to the other ESAPI
language specific versions and help them all stay in sync with each other,
which would be extremely helpful as well.


This position could eventually serve as a model for providing similar more
specific project management support to other large OWASP projects.


If you are all OK with this, I can draft a statement to be sent to the
leaders list to this affect. I don't want to put this particular position up
for bid, but I think the concept is something we should consider funding for
other large projects if this seems to be successful.




From: Dave Wichers 
Sent: Tuesday, April 06, 2010 12:31 AM
To: 'Jeff Williams'
Subject: OWASP Funding for Jim for ESAPI?


What would you think about asking the board for funding for Jim to continue
with his role as ESAPI wrangler. He's offered to work 20+ hours per month at
$40/hr. We'd probably pay him a flat $40 and he'd work that or more.


I think this would be a great investment for OWASP to get someone of Jim's
caliber for that rate.




From: Jim Manico 
Sent: Tuesday, April 06, 2010 12:28 AM
To: Dave Wichers
Subject: RE: ESAPI JavaDoc


Cool. I'd be happy to stay with my current OWASP rate if necessary (0$) and
keep things limping along until the right person shows up to take over.  I
grumble a little bit at times, but I know that what we are doing around
ESAPI is very important to the community.


If OWASP does spring for a few bucks, I'll like to use that extra time to:


1)      Automate the build process

2)      Re-design the ESAPI homepage and make it a more professional of a
front end, like http://www.opensamm.org/ or http://www.hibernate.org/ .

3)      Do a general quality control pass of all the Wiki's and clean house.

4)      Whatever else Dave has in mind ;)


-        Jim


From: Dave Wichers 
Sent: Tuesday, April 06, 2010 12:15 AM
To: Jim Manico
Subject: RE: ESAPI JavaDoc


I'll see what they say.


From: Jim Manico 
Sent: Monday, April 05, 2010 8:53 PM
To: Dave Wichers
Subject: RE: ESAPI JavaDoc


Wow, that's pretty cool Dave. How about something like 40$/hr? Is that low


Jim Manico



From: Dave Wichers
Sent: Mon 4/5/2010 1:51 PM
To: Jim Manico
Subject: RE: ESAPI JavaDoc

Thank you. I'm just starting to look into ESAPI again in prep for Aspect
developing an ESAPI course, and while I'm in their learning more about
ESAPI, I'm sure I will have more feedback for you.


I have a question for you. If we could get OWASP to fund some of your
support to OWASP would you be interested? It wouldn't be anything close to
your $100 / hr rate to Aspect, but it would be paid. I'm thinking about
asking for like 20 hours / month for you to continue as the ESAPI wrangler,
or whatever your role is J


Would that be of interest to you? I know you want to hand this off to
someone else, but if it was paid, I would hope that would make it more
palatable for you to continue.




-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/owasp-board/attachments/20100406/16ecce3d/attachment-0002.html>

More information about the Owasp-board mailing list