[Owasp-board] Flagship Announcement

Jim Manico jim.manico at owasp.org
Sat May 24 02:08:53 UTC 2014

Here is the proposed text for the flagship announcement to the leaders 
and community lists. Is everyone from the board and staff happy with 
this text? I took everyone's comment from Google Docs and made the 
requested changes.




On April 30 2014, the OWASP Board voted to change all projects with 
Flagship Status to Labs status. This message is intended to explain why 
we did this and what the future of OWASP projects and project evaluation is.

It's critical that the OWASP Foundation is sincere about the 
classification of our project inventory. Our "customers" depend upon 
these projects to provide a wide variety of critical security services. 
These include discovery of security vulnerabilities, cryptographic 
services, developer security education and a number of critical security 
controls. Some OWASP projects are used in the very heart of our 
customers infrastructure!

Our current methodology of project classification is based on three 
categories: Incubator Projects, Labs Projectsand Flagship Projects. 
Let's take a moment to explore what these categories mean as they stand 

OWASP Incubator Projectsare "proofs of concept, experimental, and 
classified as prototypes" in their current state.

OWASP Labs Projectsrepresent projects that have produced a deliverable 
of significant value but are not guaranteed to be production ready.

OWASP Flagship Projectsclearly denote production quality projects that 
organizations can trust and depend on.

Evaluating almost 200 projects is no small task. The OWASP project list 
has not changed much over the last 2 years. Unfortunately, some of our 
flagship projects have not been active and have languished to a point 
where flagship status may not be appropriate.  Also, as OWASP continues 
to mature its project management and review capabilities, these 
categories may go away.

In an effort to present a more accurate and up-to-date status of OWASP 
projects, the OWASP Board has voted to reduce all Flagships projects to 
LABS status and will require projects to go through an evaluation 
process in order to be deemed flagship once again. This message states 
that current flagship projects are still important projects that deliver 
significant value, but may not be production ready or up to date.

OWASP is in the midst of building a new project review infrastructure 
and the processes to go with that. Our new project review mechanism is 
not finalized yet, but the OWASP Communityis working to build that new 
strategy. But we need to realize that while many of our projects are 
great ideas, not all of them are "production quality projects". Please 
look for a proposal with options for comment and a community vote in the 
upcoming weeks.

We know this may upset some in our community, but we want to emphasize 
that we felt that several OWASP Flagship projects (which are of great 
value) were languishing in a variety of ways. Our goal was to present 
OWASP projects in a more honest light. OWASP Labs status again denotes 
great value.

Thanks you for your consideration over this matter. We are eager to hear 
any feedback from the community to help make OWASP projects better in 
the future.


The OWASP Board and Staff*
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/owasp-board/attachments/20140523/1c3ac0f0/attachment.html>

More information about the Owasp-board mailing list