[Owasp-board] Fwd: [Owasp_project_leader_list] Do you consider your project a Flagship status candidate?

johanna curiel curiel johanna.curiel at owasp.org
Sat Jun 7 22:38:00 UTC 2014


and the conclusion of those developments are sumamrized here and why the QA
approach

https://www.owasp.org/index.php/Proposal_Project_Review_QA_Approach


On Sat, Jun 7, 2014 at 6:32 PM, johanna curiel curiel <
johanna.curiel at owasp.org> wrote:

> > OWASP committee--needs to come up with a list of definitive criteria of
> what is required of a flagship product, how
> is it going to be measured, and what (if any) are going to be the perks /
> advantages of having a project labeled as flagship both to the community
> and to
> the project members themselves
>
> I believe that the Project Health and Quality criteria was an approach to
> this.
> I think the Project Health Criteria definition is a very good one and this
> has been sent by Samantha multiple times. This was the work of the Project
> Review Advisory Board. Again the problem is volunteers don't have time to
> review this, neither to spend time testing tools and verifying the quality,
> thats why I proposed the QA approach.
>
> *Kevin*, are you aware of the existence of the Project Health Criteria
> and Quality Criteria created by this Advisory board last year? I was part
> of that board.
> This is now re-shape into a new group called the Project review Task force.
>
> I think that we still need to define what kind of benefits does a flagship
> project get, but one of them should be proper QA testing to improve its
> quality.
>
> Here some history about these developments:
>
> http://owasp.blogspot.com/2013/11/owasp-project-review-criteria-and-2013.html
>
>
> On Sat, Jun 7, 2014 at 3:22 PM, Josh Sokol <josh.sokol at owasp.org> wrote:
>
>> I don't think it's necessarily a case of the concern just coming up now.
>> My post on a new projects model (
>> http://lists.owasp.org/pipermail/owasp-board/2014-April/013539.html)
>> actually pre-dates that discussion and there were several other discussions
>> even before that.  To summarize what happened, during the Board meeting
>> where this decision was made, the staff indicated that they did not feel
>> empowered to make the decision on the demotion of projects.  The Board vote
>> on the demotion was meant to support the staff so that they (Samantha in
>> particular) could push forward with a plan to bring quality back to the
>> definition of an OWASP Flagship project.  To her credit, the page that you
>> commented on was the culmination of that effort.  You had some fantastic
>> feedback on it and, to me at least, it appears that it fell into the void.
>> With Samantha's resignation, we've seen Johanna step up to lead the charge
>> on defining what it means to be a Flagship code project and, for lack of
>> anyone else leading, I've at least put a call for comments out there on
>> defining what it means to be a Flagship documentation project.  Once we've
>> come up with that set of criteria, I think our next step, as you alluded
>> to, is defining what the perks are of being a Flagship project.  To me,
>> this includes some level of support provided by the Foundation for
>> consumers, helping to procure grant funding, rallying the community for
>> contribution and support, translation assistance, etc.  Our long-term goal
>> here needs to be a sustainable model where Flagship equates to guaranteed
>> high quality output.  As Eoin said, bugs are expected with any product, but
>> with Flagship, they shouldn't linger very long.  Flagship should be the
>> Foundation's commitment to maintain a tool or document until it is no
>> longer relevant, IMHO.
>>
>> ~josh
>>
>>
>> On Sat, Jun 7, 2014 at 11:08 AM, Kevin W. Wall <kevin.w.wall at gmail.com>
>> wrote:
>>
>>> I guess my question is why is this concern only coming up now?
>>> I brought up this same issue back on May 7th on the discussion page of
>>> <https://www.owasp.org/index.php/Talk:Governance/ProjectProgramModels>
>>> that Samantha had asked everyone to comment on, but which seems as though
>>> only myself and James McGovern made any comments on.
>>>
>>> And I think that's only the tip of the iceberg. I think someone--either
>>> the
>>> board or a designated OWASP committee--needs to come up with a list
>>> of definitive criteria of what is required of a flagship product, how
>>> is it going
>>> to be measured, and what (if any) are going to be the perks / advantages
>>> of having a project labeled as flagship both to the community and to
>>> the project members themselves. I'm not opposed to starting with a clean
>>> slate (versus starting with the ProjectProgramModels wiki page that
>>> Samantha created), but I think it's imperative that everyone is on the
>>> same page before we start out trying to determine which programs
>>> qualify for flagship status and which don't and inevitably end up
>>> getting accused by some of bias.
>>>
>>> -kevin
>>>
>>> -kevin
>>>
>>> On Sat, Jun 7, 2014 at 4:27 AM, Jim Manico <jim.manico at owasp.org> wrote:
>>> > Well done, thank you Josh.
>>> >
>>> >
>>> > --
>>> > Jim Manico
>>> > @Manicode
>>> > (808) 652-3805
>>> >
>>> > On Jun 6, 2014, at 9:40 PM, Josh Sokol <josh.sokol at owasp.org> wrote:
>>> >
>>> > I just put it out there on the leaders list along with a few other
>>> > suggestions to get the ball rolling on this.  I doubt I'm the most
>>> qualified
>>> > person either to tackle Flagship documentation projects, but I'm happy
>>> to
>>> > give it a shot and hopefully the rest of the community will engage.
>>> >
>>> > ~josh
>>> >
>>> >
>>> > On Fri, Jun 6, 2014 at 10:29 PM, Jim Manico <jim.manico at owasp.org>
>>> wrote:
>>> >>
>>> >> Agreed. Josh, would you mind starting that conversation on the leaders
>>> >> list?
>>> >>
>>> >>
>>> >>
>>> >> Aloha,
>>> >>
>>> >> Jim
>>> >>
>>> >>
>>> >>
>>> >> From: owasp-board-bounces at lists.owasp.org
>>> >> [mailto:owasp-board-bounces at lists.owasp.org] On Behalf Of Sarah Baso
>>> >> Sent: Wednesday, June 04, 2014 9:31 AM
>>> >> To: Josh Sokol
>>> >> Cc: OWASP Board List; johanna curiel curiel
>>> >> Subject: Re: [Owasp-board] Fwd: [Owasp_project_leader_list] Do you
>>> >> consider your project a Flagship status candidate?
>>> >>
>>> >>
>>> >>
>>> >> All - I would suggest we have an open discussion with the leaders
>>> >> regarding how we would evaluate quality of documentation projects
>>> including
>>> >> use of proprietary information and data validation and much more...
>>> >>
>>> >>
>>> >>
>>> >> Johanna has let me know that while she feels qualified to help with
>>> >> setting criteria and a framework for evaluating quality of code
>>> libraries
>>> >> and tools, she would like someone else to take on putting together the
>>> >> process for documentation projects.
>>> >>
>>> >>
>>> >>
>>> >> I think this is a great discussion for us to be having!
>>> >>
>>> >>
>>> >>
>>> >> Sarah
>>> >>
>>> >>
>>> >>
>>> >> On Wed, Jun 4, 2014 at 12:25 PM, Josh Sokol <josh.sokol at owasp.org>
>>> wrote:
>>> >>
>>> >> I tend to agree, Eoin.  Two primary concerns:
>>> >>
>>> >> 1) Are the materials going into these open source guides not
>>> proprietary?
>>> >> We need validation before making a documentation project Flagship
>>> that it is
>>> >> truly open source.
>>> >>
>>> >> 2) Do we have enough insight and documentation on how the guide was
>>> >> created that someone else could replicate it in the future?  Leaders
>>> will
>>> >> come and go, but labeling something as Flagship, at least to me,
>>> indicates
>>> >> some level of long-term support.
>>> >>
>>> >> ~josh
>>> >>
>>> >>
>>> >>
>>> >> On Wed, Jun 4, 2014 at 1:14 PM, Eoin Keary <eoin.keary at owasp.org>
>>> wrote:
>>> >>
>>> >> I believe new releases of guides need to be reviewed before they are
>>> >> published as final edition and flagship.
>>> >>
>>> >> I am happy to review either the code review or testing guide as I was
>>> >> involved in both as lead at points in time.
>>> >>
>>> >> I am keen about quality of such guides given they provide direction to
>>> >> 1000's of Dev/test/QA For many years to come.
>>> >>
>>> >>
>>> >>
>>> >> I am happy to volunteer as a reviewer for any of the guides once a
>>> >> complete editable document is available.
>>> >>
>>> >>
>>> >>
>>> >>
>>> >>
>>> >>
>>> >>
>>> >> Eoin Keary
>>> >>
>>> >> Owasp Global Board
>>> >>
>>> >> +353 87 977 2988
>>> >>
>>> >>
>>> >>
>>> >>
>>> >> On 4 Jun 2014, at 18:48, Jim Manico <jim.manico at owasp.org> wrote:
>>> >>
>>> >> Board,
>>> >>
>>> >>
>>> >>
>>> >> Someone from the testing guide and OWASP Top Ten wanted to know how
>>> >> •documentation projects• could reapply for flagship status. The
>>> current
>>> >> project eval reboot is for tools and libraries, documentation
>>> projects are
>>> >> out of scope right now.
>>> >>
>>> >>
>>> >>
>>> >> Any thoughts here?
>>> >>
>>> >>
>>> >>
>>> >> Aloha,
>>> >>
>>> >> --
>>> >>
>>> >> Jim Manico
>>> >>
>>> >> @Manicode
>>> >>
>>> >> (808) 652-3805
>>> >>
>>> >>
>>> >> Begin forwarded message:
>>> >>
>>> >> From: johanna curiel curiel <johanna.curiel at owasp.org>
>>> >> Date: June 4, 2014 at 6:25:48 AM HST
>>> >> To: "owasp-leaders at lists.owasp.org" <owasp-leaders at lists.owasp.org>,
>>> >> "owasp_project_leader_list at lists.owasp.org"
>>> >> <owasp_project_leader_list at lists.owasp.org>,
>>> >> "owasp-projects-task-force at googlegroups.com"
>>> >> <owasp-projects-task-force at googlegroups.com>, Enrico Branca
>>> >> <enrico.branca at owasp.org>
>>> >> Subject: [Owasp_project_leader_list] Do you consider your project a
>>> >> Flagship status candidate?
>>> >>
>>> >> Hi Leaders
>>> >>
>>> >>
>>> >>
>>> >> In the process of reviewing projects at Quality assurance level for
>>> Tools
>>> >> and Code projects, I want to make sure we do not exclude those
>>> projects that
>>> >> right now are officially LABS and consider themselves ready for a
>>> review
>>> >> process to become Flagship.
>>> >>
>>> >>
>>> >>
>>> >> Keep reading if you want your project to be a flagship candidate.
>>> >>
>>> >>
>>> >>
>>> >> The process will have these important components:
>>> >>
>>> >>
>>> >>
>>> >> Code Analysis (SWAMP) (if written in Java, C++ or C): I would need
>>> your
>>> >> permission to load the project into SWAMP
>>> >> Functional testing:Deploy the tool/Code in Virtual servers with a full
>>> >> configured test environment. Project leaders will have access to these
>>> >> Access to JIRA to review test cases
>>> >> Analysis and use of Unit tests - Code coverage
>>> >>
>>> >>
>>> >>
>>> >> Make sure you understand what are the minimum qualifications to become
>>> >> flagship
>>> >>
>>> >> See attached document Project Health Criteria. We are using Ohloh as a
>>> >> measuring mechanism on activity and hopefully Enrico's tool will help
>>> us
>>> >> with that part too.
>>> >>
>>> >>
>>> >>
>>> >> Please contact the OWASP Project task force to add you to this list
>>> >>
>>> >>
>>> >>
>>> >> A preliminary analysis will be done to verify the actual Project
>>> Health
>>> >> Criteria and continue with the process of evaluation for flagship
>>> >>
>>> >>
>>> >>
>>> >> Regards
>>> >>
>>> >>
>>> >>
>>> >> Johanna
>>> >>
>>> >>
>>> >>
>>> >> <Master File- Projects Assessment Criteria V7.xlsx>
>>> >>
>>> >> _______________________________________________
>>> >> Owasp-board mailing list
>>> >> Owasp-board at lists.owasp.org
>>> >> https://lists.owasp.org/mailman/listinfo/owasp-board
>>> >>
>>> >>
>>> >> _______________________________________________
>>> >> Owasp-board mailing list
>>> >> Owasp-board at lists.owasp.org
>>> >> https://lists.owasp.org/mailman/listinfo/owasp-board
>>> >>
>>> >>
>>> >>
>>> >>
>>> >> _______________________________________________
>>> >> Owasp-board mailing list
>>> >> Owasp-board at lists.owasp.org
>>> >> https://lists.owasp.org/mailman/listinfo/owasp-board
>>> >>
>>> >>
>>> >>
>>> >>
>>> >>
>>> >> --
>>> >>
>>> >> Executive Director
>>> >>
>>> >> OWASP Foundation
>>> >>
>>> >>
>>> >>
>>> >> sarah.baso at owasp.org
>>> >> +1.312.869.2779
>>> >>
>>> >>
>>> >>
>>> >
>>> >
>>> > _______________________________________________
>>> > Owasp-board mailing list
>>> > Owasp-board at lists.owasp.org
>>> > https://lists.owasp.org/mailman/listinfo/owasp-board
>>> >
>>>
>>>
>>>
>>> --
>>> Blog: http://off-the-wall-security.blogspot.com/
>>> NSA: All your crypto bit are belong to us.
>>>
>>
>>
>> _______________________________________________
>> Owasp-board mailing list
>> Owasp-board at lists.owasp.org
>> https://lists.owasp.org/mailman/listinfo/owasp-board
>>
>>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/owasp-board/attachments/20140607/e2dd8ebe/attachment-0001.html>


More information about the Owasp-board mailing list