[Owasp-board] Fwd: [Owasp_project_leader_list] Do you consider your project a Flagship status candidate?

Jim Manico jim.manico at owasp.org
Sat Jun 7 18:16:37 UTC 2014


Johanna is spending a lot of effort building an objective measurement
mechanism for tools and code projects. We still need to figure out the
path to •document• flagship status. I think a professional editorial
process is the answer.

My 2 cents,
--
Jim Manico
@Manicode
(808) 652-3805

> On Jun 7, 2014, at 6:08 AM, "Kevin W. Wall" <kevin.w.wall at gmail.com> wrote:
>
> I guess my question is why is this concern only coming up now?
> I brought up this same issue back on May 7th on the discussion page of
> <https://www.owasp.org/index.php/Talk:Governance/ProjectProgramModels>
> that Samantha had asked everyone to comment on, but which seems as though
> only myself and James McGovern made any comments on.
>
> And I think that's only the tip of the iceberg. I think someone--either the
> board or a designated OWASP committee--needs to come up with a list
> of definitive criteria of what is required of a flagship product, how
> is it going
> to be measured, and what (if any) are going to be the perks / advantages
> of having a project labeled as flagship both to the community and to
> the project members themselves. I'm not opposed to starting with a clean
> slate (versus starting with the ProjectProgramModels wiki page that
> Samantha created), but I think it's imperative that everyone is on the
> same page before we start out trying to determine which programs
> qualify for flagship status and which don't and inevitably end up
> getting accused by some of bias.
>
> -kevin
>
> -kevin
>
>> On Sat, Jun 7, 2014 at 4:27 AM, Jim Manico <jim.manico at owasp.org> wrote:
>> Well done, thank you Josh.
>>
>>
>> --
>> Jim Manico
>> @Manicode
>> (808) 652-3805
>>
>> On Jun 6, 2014, at 9:40 PM, Josh Sokol <josh.sokol at owasp.org> wrote:
>>
>> I just put it out there on the leaders list along with a few other
>> suggestions to get the ball rolling on this.  I doubt I'm the most qualified
>> person either to tackle Flagship documentation projects, but I'm happy to
>> give it a shot and hopefully the rest of the community will engage.
>>
>> ~josh
>>
>>
>>> On Fri, Jun 6, 2014 at 10:29 PM, Jim Manico <jim.manico at owasp.org> wrote:
>>>
>>> Agreed. Josh, would you mind starting that conversation on the leaders
>>> list?
>>>
>>>
>>>
>>> Aloha,
>>>
>>> Jim
>>>
>>>
>>>
>>> From: owasp-board-bounces at lists.owasp.org
>>> [mailto:owasp-board-bounces at lists.owasp.org] On Behalf Of Sarah Baso
>>> Sent: Wednesday, June 04, 2014 9:31 AM
>>> To: Josh Sokol
>>> Cc: OWASP Board List; johanna curiel curiel
>>> Subject: Re: [Owasp-board] Fwd: [Owasp_project_leader_list] Do you
>>> consider your project a Flagship status candidate?
>>>
>>>
>>>
>>> All - I would suggest we have an open discussion with the leaders
>>> regarding how we would evaluate quality of documentation projects including
>>> use of proprietary information and data validation and much more...
>>>
>>>
>>>
>>> Johanna has let me know that while she feels qualified to help with
>>> setting criteria and a framework for evaluating quality of code libraries
>>> and tools, she would like someone else to take on putting together the
>>> process for documentation projects.
>>>
>>>
>>>
>>> I think this is a great discussion for us to be having!
>>>
>>>
>>>
>>> Sarah
>>>
>>>
>>>
>>> On Wed, Jun 4, 2014 at 12:25 PM, Josh Sokol <josh.sokol at owasp.org> wrote:
>>>
>>> I tend to agree, Eoin.  Two primary concerns:
>>>
>>> 1) Are the materials going into these open source guides not proprietary?
>>> We need validation before making a documentation project Flagship that it is
>>> truly open source.
>>>
>>> 2) Do we have enough insight and documentation on how the guide was
>>> created that someone else could replicate it in the future?  Leaders will
>>> come and go, but labeling something as Flagship, at least to me, indicates
>>> some level of long-term support.
>>>
>>> ~josh
>>>
>>>
>>>
>>> On Wed, Jun 4, 2014 at 1:14 PM, Eoin Keary <eoin.keary at owasp.org> wrote:
>>>
>>> I believe new releases of guides need to be reviewed before they are
>>> published as final edition and flagship.
>>>
>>> I am happy to review either the code review or testing guide as I was
>>> involved in both as lead at points in time.
>>>
>>> I am keen about quality of such guides given they provide direction to
>>> 1000's of Dev/test/QA For many years to come.
>>>
>>>
>>>
>>> I am happy to volunteer as a reviewer for any of the guides once a
>>> complete editable document is available.
>>>
>>>
>>>
>>>
>>>
>>>
>>>
>>> Eoin Keary
>>>
>>> Owasp Global Board
>>>
>>> +353 87 977 2988
>>>
>>>
>>>
>>>
>>> On 4 Jun 2014, at 18:48, Jim Manico <jim.manico at owasp.org> wrote:
>>>
>>> Board,
>>>
>>>
>>>
>>> Someone from the testing guide and OWASP Top Ten wanted to know how
>>> •documentation projects• could reapply for flagship status. The current
>>> project eval reboot is for tools and libraries, documentation projects are
>>> out of scope right now.
>>>
>>>
>>>
>>> Any thoughts here?
>>>
>>>
>>>
>>> Aloha,
>>>
>>> --
>>>
>>> Jim Manico
>>>
>>> @Manicode
>>>
>>> (808) 652-3805
>>>
>>>
>>> Begin forwarded message:
>>>
>>> From: johanna curiel curiel <johanna.curiel at owasp.org>
>>> Date: June 4, 2014 at 6:25:48 AM HST
>>> To: "owasp-leaders at lists.owasp.org" <owasp-leaders at lists.owasp.org>,
>>> "owasp_project_leader_list at lists.owasp.org"
>>> <owasp_project_leader_list at lists.owasp.org>,
>>> "owasp-projects-task-force at googlegroups.com"
>>> <owasp-projects-task-force at googlegroups.com>, Enrico Branca
>>> <enrico.branca at owasp.org>
>>> Subject: [Owasp_project_leader_list] Do you consider your project a
>>> Flagship status candidate?
>>>
>>> Hi Leaders
>>>
>>>
>>>
>>> In the process of reviewing projects at Quality assurance level for Tools
>>> and Code projects, I want to make sure we do not exclude those projects that
>>> right now are officially LABS and consider themselves ready for a review
>>> process to become Flagship.
>>>
>>>
>>>
>>> Keep reading if you want your project to be a flagship candidate.
>>>
>>>
>>>
>>> The process will have these important components:
>>>
>>>
>>>
>>> Code Analysis (SWAMP) (if written in Java, C++ or C): I would need your
>>> permission to load the project into SWAMP
>>> Functional testing:Deploy the tool/Code in Virtual servers with a full
>>> configured test environment. Project leaders will have access to these
>>> Access to JIRA to review test cases
>>> Analysis and use of Unit tests - Code coverage
>>>
>>>
>>>
>>> Make sure you understand what are the minimum qualifications to become
>>> flagship
>>>
>>> See attached document Project Health Criteria. We are using Ohloh as a
>>> measuring mechanism on activity and hopefully Enrico's tool will help us
>>> with that part too.
>>>
>>>
>>>
>>> Please contact the OWASP Project task force to add you to this list
>>>
>>>
>>>
>>> A preliminary analysis will be done to verify the actual Project Health
>>> Criteria and continue with the process of evaluation for flagship
>>>
>>>
>>>
>>> Regards
>>>
>>>
>>>
>>> Johanna
>>>
>>>
>>>
>>> <Master File- Projects Assessment Criteria V7.xlsx>
>>>
>>> _______________________________________________
>>> Owasp-board mailing list
>>> Owasp-board at lists.owasp.org
>>> https://lists.owasp.org/mailman/listinfo/owasp-board
>>>
>>>
>>> _______________________________________________
>>> Owasp-board mailing list
>>> Owasp-board at lists.owasp.org
>>> https://lists.owasp.org/mailman/listinfo/owasp-board
>>>
>>>
>>>
>>>
>>> _______________________________________________
>>> Owasp-board mailing list
>>> Owasp-board at lists.owasp.org
>>> https://lists.owasp.org/mailman/listinfo/owasp-board
>>>
>>>
>>>
>>>
>>>
>>> --
>>>
>>> Executive Director
>>>
>>> OWASP Foundation
>>>
>>>
>>>
>>> sarah.baso at owasp.org
>>> +1.312.869.2779
>>>
>>>
>>>
>>
>>
>> _______________________________________________
>> Owasp-board mailing list
>> Owasp-board at lists.owasp.org
>> https://lists.owasp.org/mailman/listinfo/owasp-board
>>
>
>
>
> --
> Blog: http://off-the-wall-security.blogspot.com/
> NSA: All your crypto bit are belong to us.


More information about the Owasp-board mailing list