[Owasp-board] A draft proposal document for Project Re-boot

Jim Manico jim.manico at owasp.org
Tue Apr 3 19:59:59 UTC 2012

+1 Eoin!!!

Jim Manico
VP, Security Architecture
WhiteHat Security
(808) 652-3805

On Apr 3, 2012, at 3:23 PM, Eoin <eoin.keary at owasp.org> wrote:

Hi Jason,
Yes you can call it a season of code but it is also about marketing and
creating energy around existing projects.
We need adoption and use and relevancy.
I have no idea why things have come to a stop since the last releases but
we can waste time pondering or simply do something about it and spend the
funds we have on positive activities.

I have no objection to teams getting paid if projects are energised,
leaders included, if that's what's it takes so be it. GPC and board can
make sure the financial aspects of the arrangement are fair and justified.
There is bigger picture here.... Our projects are free and open source we
are open and we have funding I think we need to invest in what we do best:
work as a collective, make stuff, be a catalyst for change.
Right now all we do is events. Our core library has eroded and will
continue to do so.

Eoin Keary
BCC Risk Advisory
Owasp Global Board
+353 87 977 2988

On 3 Apr 2012, at 19:59, Jason Li <jason.li at owasp.org> wrote:


It sounds an awful lot like restarting the OWASP "Season of Code"

If the Board is set on paying contributors to work on projects, then I'd
suggest just restarting the "Season of Code" program as there's already a
lot of history and process established for it.

However, as I mentioned on a previous Board thread regarding project
interns, the whole "Season of Code" initiative came to a screeching halt
when the Board made a decision back in September 2009 that OWASP should NOT
pay contributors to work on projects. In fact,  Dinis noted this exact
point about not paying contributors in his recent response to your thread
in support of rebooting projects.

That was a heavily debated decision and I'm only privy to some of those
details as that decision was made at a time when Board members fed
information down to committees after Board meetings rather than vice
versa (incidentally, many in the GPC including myself opposed the decision
initially - but Dinis was able to convince me why it was important). I
would suggest that any conversation about paying contributors should first
address those concerns.

Some things to consider... many of the projects that you cited that require
major rewrite/augmentation (Testing Guide, Code Review Guide, WebGoat) were
previous Season of Code projects.

Is it a coincidence that little to no progress has been made on those
projects since the last time contributors got paid to work on those

By no means am I making a value judgement on the contributions - in fact,
I'm sure most people put in way more time than the money would justify.

But the point is, one of the many reasons that decision was made back in
2009 was because OWASP didn't want to set this pattern of expectation where
contributors would only work on projects if they got paid.

There are several projects at OWASP that are progressing at a reasonable
pace DESPITE the lack of direct funding (ZAP, ESAPI, AppSensor, Cheat

Isn't a better goal to figure out why those projects are floating when
these other projects aren't?

Otherwise, we're just going to be in a perpetual cycle of paying people to
update OWASP projects...


On Tue, Apr 3, 2012 at 10:34 AM, eoin keary <eoin.keary at owasp.org> wrote:

> Lets talk on Thursday.
> Please give it a quick read before then.
> --
> Global Board Member (Vice Chair)
> _______________________________________________
> Owasp-board mailing list
> Owasp-board at lists.owasp.org
> https://lists.owasp.org/mailman/listinfo/owasp-board
Owasp-board mailing list
Owasp-board at lists.owasp.org
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/owasp-board/attachments/20120403/ff271bb4/attachment.html>

More information about the Owasp-board mailing list