[Owasp-board] Flagship Code Products

martin.knobloch at owasp.org martin.knobloch at owasp.org
Fri Mar 28 13:14:03 UTC 2014

The team got intruded and abused,  to be frank quite you could say insulted. This behaviour killed enthusiasm of the team.


Sent from my BlackBerry® smartphone

-----Original Message-----
From: Jim Manico <jim.manico at owasp.org>
Date: Fri, 28 Mar 2014 18:27:28 
To: <martin.knobloch at owasp.org>; Josh Sokol<josh.sokol at owasp.org>; <owasp-board-bounces at lists.owasp.org>
Cc: OWASP Board List<owasp-board at lists.owasp.org>
Subject: Re: [Owasp-board] Flagship Code Products

What happened was we hired Samantha who is responsible for these things 
so I *backed off *while she got our house in order*. *

The quality of many aspects of our projects has improved. New wiki 
pages, new criteria and other things that make the /wrapping/ of 
projects look better. We also have a better OWASP project "front gate" 
to make sure proposed new projects fit the OWASP criteria better.  
Samantha has rejected many project proposals from folks who refused to 
open source their projects, but wanted the OWASP logo, *and I applaud 
her for her efforts*.

But recently, one of our (real) flagship projects, Dependency Check, 
approached me to get above "incubator". Samantha gave me a form to send 
around the internet to get people to evaluate the Dependency Check 
project. But the evaluation form was all about OpenSAMM categories that 
had absolutely nothing to do with project quality, I got smacked around 
on social media a bit for sending out that like, I was like WTF is going 
on, and it awakened the project quality police beast in me.

Samantha DOES have a bunch of really good QUALITY criteria evaluation 
and THAT is what we should be using to get projects evaluated.

Also, although we are have the potential of evaluating new projects for 
quality, what are we going to do about the projects that are on a 
pedestal that do not deserve it?

While I normally agree we should keep out of operational issues, but 
this is such a problem, and it's been a long time with little progress 
on the *quality measurement* front, that I would like the board to step 
in and start demoting quite a few projects that are an embarrassment to 
life, liberty, application security and the OWASP way.


On 3/28/14, 6:17 PM, martin.knobloch at owasp.org wrote:
> There was a meeting with the board during the AppSec-EU 2013 in Hamburg. If I recall correctly Michael, Sarah, Jim, Tobias and Seba where present as board / global representatives.
> The question about quality and progress was one of the major items during that meeting. Sub-question, should OWASP pay for contribution to projects?
> IIRC, the outcomes general agreed to was to pay for project contribution."if you want to get something done probably, you got to pay for it".
> This is not 'pay all contributors' but to pay for thing being developed (lead developers with the example of Simon Bennetts with ZAP).
> Haven't heard about this ever since!
> Cheers,
> -martin
> Sent from my BlackBerry® smartphone
> -----Original Message-----
> From: Josh Sokol <josh.sokol at owasp.org>
> Sender: owasp-board-bounces at lists.owasp.org
> Date: Fri, 28 Mar 2014 07:25:31
> To: Jim Manico<jim.manico at owasp.org>
> Cc: OWASP Board List<owasp-board at lists.owasp.org>
> Subject: Re: [Owasp-board] Flagship Code Products
> _______________________________________________
> Owasp-board mailing list
> Owasp-board at lists.owasp.org
> https://lists.owasp.org/mailman/listinfo/owasp-board

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/owasp-board/attachments/20140328/d145bdc3/attachment.html>

More information about the Owasp-board mailing list