[Owasp-board] Fwd: [Owasp_project_leader_list] Do you consider your project a Flagship status candidate?

Josh Sokol josh.sokol at owasp.org
Sat Jun 7 19:22:46 UTC 2014


I don't think it's necessarily a case of the concern just coming up now.
My post on a new projects model (
http://lists.owasp.org/pipermail/owasp-board/2014-April/013539.html)
actually pre-dates that discussion and there were several other discussions
even before that.  To summarize what happened, during the Board meeting
where this decision was made, the staff indicated that they did not feel
empowered to make the decision on the demotion of projects.  The Board vote
on the demotion was meant to support the staff so that they (Samantha in
particular) could push forward with a plan to bring quality back to the
definition of an OWASP Flagship project.  To her credit, the page that you
commented on was the culmination of that effort.  You had some fantastic
feedback on it and, to me at least, it appears that it fell into the void.
With Samantha's resignation, we've seen Johanna step up to lead the charge
on defining what it means to be a Flagship code project and, for lack of
anyone else leading, I've at least put a call for comments out there on
defining what it means to be a Flagship documentation project.  Once we've
come up with that set of criteria, I think our next step, as you alluded
to, is defining what the perks are of being a Flagship project.  To me,
this includes some level of support provided by the Foundation for
consumers, helping to procure grant funding, rallying the community for
contribution and support, translation assistance, etc.  Our long-term goal
here needs to be a sustainable model where Flagship equates to guaranteed
high quality output.  As Eoin said, bugs are expected with any product, but
with Flagship, they shouldn't linger very long.  Flagship should be the
Foundation's commitment to maintain a tool or document until it is no
longer relevant, IMHO.

~josh


On Sat, Jun 7, 2014 at 11:08 AM, Kevin W. Wall <kevin.w.wall at gmail.com>
wrote:

> I guess my question is why is this concern only coming up now?
> I brought up this same issue back on May 7th on the discussion page of
> <https://www.owasp.org/index.php/Talk:Governance/ProjectProgramModels>
> that Samantha had asked everyone to comment on, but which seems as though
> only myself and James McGovern made any comments on.
>
> And I think that's only the tip of the iceberg. I think someone--either the
> board or a designated OWASP committee--needs to come up with a list
> of definitive criteria of what is required of a flagship product, how
> is it going
> to be measured, and what (if any) are going to be the perks / advantages
> of having a project labeled as flagship both to the community and to
> the project members themselves. I'm not opposed to starting with a clean
> slate (versus starting with the ProjectProgramModels wiki page that
> Samantha created), but I think it's imperative that everyone is on the
> same page before we start out trying to determine which programs
> qualify for flagship status and which don't and inevitably end up
> getting accused by some of bias.
>
> -kevin
>
> -kevin
>
> On Sat, Jun 7, 2014 at 4:27 AM, Jim Manico <jim.manico at owasp.org> wrote:
> > Well done, thank you Josh.
> >
> >
> > --
> > Jim Manico
> > @Manicode
> > (808) 652-3805
> >
> > On Jun 6, 2014, at 9:40 PM, Josh Sokol <josh.sokol at owasp.org> wrote:
> >
> > I just put it out there on the leaders list along with a few other
> > suggestions to get the ball rolling on this.  I doubt I'm the most
> qualified
> > person either to tackle Flagship documentation projects, but I'm happy to
> > give it a shot and hopefully the rest of the community will engage.
> >
> > ~josh
> >
> >
> > On Fri, Jun 6, 2014 at 10:29 PM, Jim Manico <jim.manico at owasp.org>
> wrote:
> >>
> >> Agreed. Josh, would you mind starting that conversation on the leaders
> >> list?
> >>
> >>
> >>
> >> Aloha,
> >>
> >> Jim
> >>
> >>
> >>
> >> From: owasp-board-bounces at lists.owasp.org
> >> [mailto:owasp-board-bounces at lists.owasp.org] On Behalf Of Sarah Baso
> >> Sent: Wednesday, June 04, 2014 9:31 AM
> >> To: Josh Sokol
> >> Cc: OWASP Board List; johanna curiel curiel
> >> Subject: Re: [Owasp-board] Fwd: [Owasp_project_leader_list] Do you
> >> consider your project a Flagship status candidate?
> >>
> >>
> >>
> >> All - I would suggest we have an open discussion with the leaders
> >> regarding how we would evaluate quality of documentation projects
> including
> >> use of proprietary information and data validation and much more...
> >>
> >>
> >>
> >> Johanna has let me know that while she feels qualified to help with
> >> setting criteria and a framework for evaluating quality of code
> libraries
> >> and tools, she would like someone else to take on putting together the
> >> process for documentation projects.
> >>
> >>
> >>
> >> I think this is a great discussion for us to be having!
> >>
> >>
> >>
> >> Sarah
> >>
> >>
> >>
> >> On Wed, Jun 4, 2014 at 12:25 PM, Josh Sokol <josh.sokol at owasp.org>
> wrote:
> >>
> >> I tend to agree, Eoin.  Two primary concerns:
> >>
> >> 1) Are the materials going into these open source guides not
> proprietary?
> >> We need validation before making a documentation project Flagship that
> it is
> >> truly open source.
> >>
> >> 2) Do we have enough insight and documentation on how the guide was
> >> created that someone else could replicate it in the future?  Leaders
> will
> >> come and go, but labeling something as Flagship, at least to me,
> indicates
> >> some level of long-term support.
> >>
> >> ~josh
> >>
> >>
> >>
> >> On Wed, Jun 4, 2014 at 1:14 PM, Eoin Keary <eoin.keary at owasp.org>
> wrote:
> >>
> >> I believe new releases of guides need to be reviewed before they are
> >> published as final edition and flagship.
> >>
> >> I am happy to review either the code review or testing guide as I was
> >> involved in both as lead at points in time.
> >>
> >> I am keen about quality of such guides given they provide direction to
> >> 1000's of Dev/test/QA For many years to come.
> >>
> >>
> >>
> >> I am happy to volunteer as a reviewer for any of the guides once a
> >> complete editable document is available.
> >>
> >>
> >>
> >>
> >>
> >>
> >>
> >> Eoin Keary
> >>
> >> Owasp Global Board
> >>
> >> +353 87 977 2988
> >>
> >>
> >>
> >>
> >> On 4 Jun 2014, at 18:48, Jim Manico <jim.manico at owasp.org> wrote:
> >>
> >> Board,
> >>
> >>
> >>
> >> Someone from the testing guide and OWASP Top Ten wanted to know how
> >> •documentation projects• could reapply for flagship status. The current
> >> project eval reboot is for tools and libraries, documentation projects
> are
> >> out of scope right now.
> >>
> >>
> >>
> >> Any thoughts here?
> >>
> >>
> >>
> >> Aloha,
> >>
> >> --
> >>
> >> Jim Manico
> >>
> >> @Manicode
> >>
> >> (808) 652-3805
> >>
> >>
> >> Begin forwarded message:
> >>
> >> From: johanna curiel curiel <johanna.curiel at owasp.org>
> >> Date: June 4, 2014 at 6:25:48 AM HST
> >> To: "owasp-leaders at lists.owasp.org" <owasp-leaders at lists.owasp.org>,
> >> "owasp_project_leader_list at lists.owasp.org"
> >> <owasp_project_leader_list at lists.owasp.org>,
> >> "owasp-projects-task-force at googlegroups.com"
> >> <owasp-projects-task-force at googlegroups.com>, Enrico Branca
> >> <enrico.branca at owasp.org>
> >> Subject: [Owasp_project_leader_list] Do you consider your project a
> >> Flagship status candidate?
> >>
> >> Hi Leaders
> >>
> >>
> >>
> >> In the process of reviewing projects at Quality assurance level for
> Tools
> >> and Code projects, I want to make sure we do not exclude those projects
> that
> >> right now are officially LABS and consider themselves ready for a review
> >> process to become Flagship.
> >>
> >>
> >>
> >> Keep reading if you want your project to be a flagship candidate.
> >>
> >>
> >>
> >> The process will have these important components:
> >>
> >>
> >>
> >> Code Analysis (SWAMP) (if written in Java, C++ or C): I would need your
> >> permission to load the project into SWAMP
> >> Functional testing:Deploy the tool/Code in Virtual servers with a full
> >> configured test environment. Project leaders will have access to these
> >> Access to JIRA to review test cases
> >> Analysis and use of Unit tests - Code coverage
> >>
> >>
> >>
> >> Make sure you understand what are the minimum qualifications to become
> >> flagship
> >>
> >> See attached document Project Health Criteria. We are using Ohloh as a
> >> measuring mechanism on activity and hopefully Enrico's tool will help us
> >> with that part too.
> >>
> >>
> >>
> >> Please contact the OWASP Project task force to add you to this list
> >>
> >>
> >>
> >> A preliminary analysis will be done to verify the actual Project Health
> >> Criteria and continue with the process of evaluation for flagship
> >>
> >>
> >>
> >> Regards
> >>
> >>
> >>
> >> Johanna
> >>
> >>
> >>
> >> <Master File- Projects Assessment Criteria V7.xlsx>
> >>
> >> _______________________________________________
> >> Owasp-board mailing list
> >> Owasp-board at lists.owasp.org
> >> https://lists.owasp.org/mailman/listinfo/owasp-board
> >>
> >>
> >> _______________________________________________
> >> Owasp-board mailing list
> >> Owasp-board at lists.owasp.org
> >> https://lists.owasp.org/mailman/listinfo/owasp-board
> >>
> >>
> >>
> >>
> >> _______________________________________________
> >> Owasp-board mailing list
> >> Owasp-board at lists.owasp.org
> >> https://lists.owasp.org/mailman/listinfo/owasp-board
> >>
> >>
> >>
> >>
> >>
> >> --
> >>
> >> Executive Director
> >>
> >> OWASP Foundation
> >>
> >>
> >>
> >> sarah.baso at owasp.org
> >> +1.312.869.2779
> >>
> >>
> >>
> >
> >
> > _______________________________________________
> > Owasp-board mailing list
> > Owasp-board at lists.owasp.org
> > https://lists.owasp.org/mailman/listinfo/owasp-board
> >
>
>
>
> --
> Blog: http://off-the-wall-security.blogspot.com/
> NSA: All your crypto bit are belong to us.
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/owasp-board/attachments/20140607/2d267bc2/attachment-0001.html>


More information about the Owasp-board mailing list