[Owasp-board] Fwd: [Owasp_project_leader_list] Do you consider your project a Flagship status candidate?

Kevin W. Wall kevin.w.wall at gmail.com
Sat Jun 7 16:08:21 UTC 2014


I guess my question is why is this concern only coming up now?
I brought up this same issue back on May 7th on the discussion page of
<https://www.owasp.org/index.php/Talk:Governance/ProjectProgramModels>
that Samantha had asked everyone to comment on, but which seems as though
only myself and James McGovern made any comments on.

And I think that's only the tip of the iceberg. I think someone--either the
board or a designated OWASP committee--needs to come up with a list
of definitive criteria of what is required of a flagship product, how
is it going
to be measured, and what (if any) are going to be the perks / advantages
of having a project labeled as flagship both to the community and to
the project members themselves. I'm not opposed to starting with a clean
slate (versus starting with the ProjectProgramModels wiki page that
Samantha created), but I think it's imperative that everyone is on the
same page before we start out trying to determine which programs
qualify for flagship status and which don't and inevitably end up
getting accused by some of bias.

-kevin

-kevin

On Sat, Jun 7, 2014 at 4:27 AM, Jim Manico <jim.manico at owasp.org> wrote:
> Well done, thank you Josh.
>
>
> --
> Jim Manico
> @Manicode
> (808) 652-3805
>
> On Jun 6, 2014, at 9:40 PM, Josh Sokol <josh.sokol at owasp.org> wrote:
>
> I just put it out there on the leaders list along with a few other
> suggestions to get the ball rolling on this.  I doubt I'm the most qualified
> person either to tackle Flagship documentation projects, but I'm happy to
> give it a shot and hopefully the rest of the community will engage.
>
> ~josh
>
>
> On Fri, Jun 6, 2014 at 10:29 PM, Jim Manico <jim.manico at owasp.org> wrote:
>>
>> Agreed. Josh, would you mind starting that conversation on the leaders
>> list?
>>
>>
>>
>> Aloha,
>>
>> Jim
>>
>>
>>
>> From: owasp-board-bounces at lists.owasp.org
>> [mailto:owasp-board-bounces at lists.owasp.org] On Behalf Of Sarah Baso
>> Sent: Wednesday, June 04, 2014 9:31 AM
>> To: Josh Sokol
>> Cc: OWASP Board List; johanna curiel curiel
>> Subject: Re: [Owasp-board] Fwd: [Owasp_project_leader_list] Do you
>> consider your project a Flagship status candidate?
>>
>>
>>
>> All - I would suggest we have an open discussion with the leaders
>> regarding how we would evaluate quality of documentation projects including
>> use of proprietary information and data validation and much more...
>>
>>
>>
>> Johanna has let me know that while she feels qualified to help with
>> setting criteria and a framework for evaluating quality of code libraries
>> and tools, she would like someone else to take on putting together the
>> process for documentation projects.
>>
>>
>>
>> I think this is a great discussion for us to be having!
>>
>>
>>
>> Sarah
>>
>>
>>
>> On Wed, Jun 4, 2014 at 12:25 PM, Josh Sokol <josh.sokol at owasp.org> wrote:
>>
>> I tend to agree, Eoin.  Two primary concerns:
>>
>> 1) Are the materials going into these open source guides not proprietary?
>> We need validation before making a documentation project Flagship that it is
>> truly open source.
>>
>> 2) Do we have enough insight and documentation on how the guide was
>> created that someone else could replicate it in the future?  Leaders will
>> come and go, but labeling something as Flagship, at least to me, indicates
>> some level of long-term support.
>>
>> ~josh
>>
>>
>>
>> On Wed, Jun 4, 2014 at 1:14 PM, Eoin Keary <eoin.keary at owasp.org> wrote:
>>
>> I believe new releases of guides need to be reviewed before they are
>> published as final edition and flagship.
>>
>> I am happy to review either the code review or testing guide as I was
>> involved in both as lead at points in time.
>>
>> I am keen about quality of such guides given they provide direction to
>> 1000's of Dev/test/QA For many years to come.
>>
>>
>>
>> I am happy to volunteer as a reviewer for any of the guides once a
>> complete editable document is available.
>>
>>
>>
>>
>>
>>
>>
>> Eoin Keary
>>
>> Owasp Global Board
>>
>> +353 87 977 2988
>>
>>
>>
>>
>> On 4 Jun 2014, at 18:48, Jim Manico <jim.manico at owasp.org> wrote:
>>
>> Board,
>>
>>
>>
>> Someone from the testing guide and OWASP Top Ten wanted to know how
>> •documentation projects• could reapply for flagship status. The current
>> project eval reboot is for tools and libraries, documentation projects are
>> out of scope right now.
>>
>>
>>
>> Any thoughts here?
>>
>>
>>
>> Aloha,
>>
>> --
>>
>> Jim Manico
>>
>> @Manicode
>>
>> (808) 652-3805
>>
>>
>> Begin forwarded message:
>>
>> From: johanna curiel curiel <johanna.curiel at owasp.org>
>> Date: June 4, 2014 at 6:25:48 AM HST
>> To: "owasp-leaders at lists.owasp.org" <owasp-leaders at lists.owasp.org>,
>> "owasp_project_leader_list at lists.owasp.org"
>> <owasp_project_leader_list at lists.owasp.org>,
>> "owasp-projects-task-force at googlegroups.com"
>> <owasp-projects-task-force at googlegroups.com>, Enrico Branca
>> <enrico.branca at owasp.org>
>> Subject: [Owasp_project_leader_list] Do you consider your project a
>> Flagship status candidate?
>>
>> Hi Leaders
>>
>>
>>
>> In the process of reviewing projects at Quality assurance level for Tools
>> and Code projects, I want to make sure we do not exclude those projects that
>> right now are officially LABS and consider themselves ready for a review
>> process to become Flagship.
>>
>>
>>
>> Keep reading if you want your project to be a flagship candidate.
>>
>>
>>
>> The process will have these important components:
>>
>>
>>
>> Code Analysis (SWAMP) (if written in Java, C++ or C): I would need your
>> permission to load the project into SWAMP
>> Functional testing:Deploy the tool/Code in Virtual servers with a full
>> configured test environment. Project leaders will have access to these
>> Access to JIRA to review test cases
>> Analysis and use of Unit tests - Code coverage
>>
>>
>>
>> Make sure you understand what are the minimum qualifications to become
>> flagship
>>
>> See attached document Project Health Criteria. We are using Ohloh as a
>> measuring mechanism on activity and hopefully Enrico's tool will help us
>> with that part too.
>>
>>
>>
>> Please contact the OWASP Project task force to add you to this list
>>
>>
>>
>> A preliminary analysis will be done to verify the actual Project Health
>> Criteria and continue with the process of evaluation for flagship
>>
>>
>>
>> Regards
>>
>>
>>
>> Johanna
>>
>>
>>
>> <Master File- Projects Assessment Criteria V7.xlsx>
>>
>> _______________________________________________
>> Owasp-board mailing list
>> Owasp-board at lists.owasp.org
>> https://lists.owasp.org/mailman/listinfo/owasp-board
>>
>>
>> _______________________________________________
>> Owasp-board mailing list
>> Owasp-board at lists.owasp.org
>> https://lists.owasp.org/mailman/listinfo/owasp-board
>>
>>
>>
>>
>> _______________________________________________
>> Owasp-board mailing list
>> Owasp-board at lists.owasp.org
>> https://lists.owasp.org/mailman/listinfo/owasp-board
>>
>>
>>
>>
>>
>> --
>>
>> Executive Director
>>
>> OWASP Foundation
>>
>>
>>
>> sarah.baso at owasp.org
>> +1.312.869.2779
>>
>>
>>
>
>
> _______________________________________________
> Owasp-board mailing list
> Owasp-board at lists.owasp.org
> https://lists.owasp.org/mailman/listinfo/owasp-board
>



-- 
Blog: http://off-the-wall-security.blogspot.com/
NSA: All your crypto bit are belong to us.


More information about the Owasp-board mailing list