[Owasp-board] A draft proposal document for Project Re-boot

Jason Li jason.li at owasp.org
Tue Apr 3 18:59:36 UTC 2012


Eoin,

It sounds an awful lot like restarting the OWASP "Season of Code"
initiative.

If the Board is set on paying contributors to work on projects, then I'd
suggest just restarting the "Season of Code" program as there's already a
lot of history and process established for it.

However, as I mentioned on a previous Board thread regarding project
interns, the whole "Season of Code" initiative came to a screeching halt
when the Board made a decision back in September 2009 that OWASP should NOT
pay contributors to work on projects. In fact,  Dinis noted this exact
point about not paying contributors in his recent response to your thread
in support of rebooting projects.

That was a heavily debated decision and I'm only privy to some of those
details as that decision was made at a time when Board members fed
information down to committees after Board meetings rather than vice
versa (incidentally, many in the GPC including myself opposed the decision
initially - but Dinis was able to convince me why it was important). I
would suggest that any conversation about paying contributors should first
address those concerns.

Some things to consider... many of the projects that you cited that require
major rewrite/augmentation (Testing Guide, Code Review Guide, WebGoat) were
previous Season of Code projects.

Is it a coincidence that little to no progress has been made on those
projects since the last time contributors got paid to work on those
projects?

By no means am I making a value judgement on the contributions - in fact,
I'm sure most people put in way more time than the money would justify.

But the point is, one of the many reasons that decision was made back in
2009 was because OWASP didn't want to set this pattern of expectation where
contributors would only work on projects if they got paid.

There are several projects at OWASP that are progressing at a reasonable
pace DESPITE the lack of direct funding (ZAP, ESAPI, AppSensor, Cheat
Sheets).

Isn't a better goal to figure out why those projects are floating when
these other projects aren't?

Otherwise, we're just going to be in a perpetual cycle of paying people to
update OWASP projects...

-Jason

On Tue, Apr 3, 2012 at 10:34 AM, eoin keary <eoin.keary at owasp.org> wrote:

> Lets talk on Thursday.
> Please give it a quick read before then.
>
>
>
> --
> Global Board Member (Vice Chair)
>
>
> _______________________________________________
> Owasp-board mailing list
> Owasp-board at lists.owasp.org
> https://lists.owasp.org/mailman/listinfo/owasp-board
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/owasp-board/attachments/20120403/fa340c4d/attachment-0001.html>


More information about the Owasp-board mailing list