[Owasp-board] Staring projects - incubators new guidelines, process and rules

johanna curiel curiel johanna.curiel at owasp.org
Wed Sep 10 12:11:20 UTC 2014

Hi All

Based on the last discussion regarding the process of starting a new
project, I have created an Ideas Page:

The steps to start a new project are
*Submit your idea to the project ideas group and research*
This group will be moderated by the Committee, so I can guide leaders on
similar type of projects when submitting ideas
I hope in the coming months to develop a mapping of the areas projects are
working on, so this will make it easier for new people to start a project
and cover an area that has a big gap. For example, we have a lot of Broken
apps in  languages such as  php and java and maybe someone would like to
create one in Rails for example and be aware that there are already 5
broken apps in PHP but none in Ruby on rails.

We need to think strategically to guide people into producing projects with
real value for the community. There are right now many projects that have
little audience(basically no one is using them)  because of this or because
they tend to create projects that are based on other projects and a
tendency to repeat the same without a unique selling proposition or angle.
We need to guide projects into producing a "product" of value and think
more as entrepreneur and researchers instead of fun hobby projects. The
most successful ones are definitely not treating their projects as a pure
fun hobby but as serious products. So what do we want? be a nest for
hobbies or be a nest of valuable projects for the community?

 We want to be able to see the submissions of New projects and I have asked
Kate to FWD the submissions.I assume with this new process, we will have a
higher bar so we get less empty projects.

I have also updated this info on

and will keep updating this in the coming months

I appreciate your comments and feedback although when providing feedback
keep in mind that any changes you would like to see must be based on
realistic situation and resources.

We struggle to get volunteers to do reviews and any thing that we would
like to see, think on how to execute realistically based on actual
resources. I based my strategy on this.I cant do much with wonderful ideas
but no resources to execute them



On Fri, Aug 29, 2014 at 11:28 AM, Michael Coates <michael.coates at owasp.org>

> Great idea. Happy to be the test case too. I had grand visions with the
> framework security project but just couldn't get enough time on it. Happy
> to use that as an example and clear out the incubator project and put it
> back into the idea pile for anyone to take!
> On Aug 29, 2014, at 8:25 AM, johanna curiel curiel <
> johanna.curiel at owasp.org> wrote:
> Josh, I think thats the best approach.
> I will prepare an implementation plan so we can get this, including a
> process for the new project coordinator
> Regards
> johanna
> On Friday, August 29, 2014, Josh Sokol <josh.sokol at owasp.org> wrote:
>> +1 Johanna.  Maybe we should create an "Ideas" wiki page with a list of
>> ideas and leaders.  A simple way to try to get like-minded people to work
>> together on a concept.  No overhead, add yourself, remove yourself.  Make
>> it clear at the top that it's just a list of ideas and none have completed
>> the steps to be an OWASP project yet.  Then, once some code or a draft is
>> created, we can move them to the incubator and go from there.  Would that
>> make sense?
>> ~josh
>> On Thu, Aug 28, 2014 at 10:19 PM, johanna curiel curiel <
>> johanna.curiel at owasp.org> wrote:
>>> Yes I think projects should start with at least some code or draft
>>> documentation.
>>> But I think after all the free for all that existed starting projects ,
>>> we should set the bar higher progressively, as you saw on the same
>>> reactions, some people really felt intimidated by this requirement
>>> By setting higher requirements on roadmap and descriptions, we will
>>> filter a group of them, however , by end of the year , as a new set of
>>> incubator projects fail to create a release, it will then be clear for
>>> everyone that we really need to request a first prototype or draft when
>>> lauching a new project.
>>> Also the content  of some of these projects, is often less than
>>> satisfactory. Some of them are are total puzzle and no wonder why they are
>>> not even downloaded or used. Thats also an ingredient for unsustainability.
>>> This is definetly just the beginning, if we want to improve the quality
>>> of projects there is still a lot of work to do.
>>> On Thursday, August 28, 2014, Jim Manico <jim.manico at owasp.org> wrote:
>>>>  Johanna,
>>>> I think your list is quite reasonable from what I have seen on the
>>>> project list. While you are setting the bar higher that it was before, it's
>>>> still VERY low for new projects. We want to support innovation and make it
>>>> easy to get a new project rolling, but after so much abuse and after so
>>>> many non-projects were let slip through, I think it's prudent to set the
>>>> bar a *little* higher.
>>>> Aloha,
>>>> Jim
>>>> On 8/28/14, 6:30 PM, johanna curiel curiel wrote:
>>>> Board members and Paul
>>>>  When Samantha used to work as Project Manager, she was allowed to
>>>> create and start many incubator projects alone. After reviewing all of
>>>> them, I see that many projects never really started properly with all the
>>>> necessary information such as a basic description or a clear roadmap.
>>>>  The community has also express disagreement on the amount of projects
>>>> and the incredible low quality of them. We want  quality, sustainable
>>>> projects, but not half empty wiki pages with no releases.
>>>>  I don't think OWASP has benefit at all with a humongous incubators
>>>> list of half empty projects, some of them concerns me because most probably
>>>> they will fail and die next year
>>>>  Therefore I don't think we should allow one single person to start
>>>> new projects without even controlling the content, especially there should
>>>> be an announcement on the leaders list and allow people to review and
>>>> feedback before starting it.
>>>>  I would like to develop together with the Project review team and
>>>> Leaders,  a checklist containing the minimum requirements to allow
>>>> incubator projects to start, which I already did this week and hope to keep
>>>> developing the coming weeks.
>>>>   I don't think OWASP community wants projects appearing as mushrooms
>>>> in the inventory list, and I think , once again, that starting projects
>>>> without enough requirements creates confusion and lowers the quality of
>>>> projects inventory, apart from all the burden to track them and monitor
>>>> them.
>>>>  regards
>>>>  Johanna
>>>> _______________________________________________
>>>> Owasp-board mailing listOwasp-board at lists.owasp.orghttps://lists.owasp.org/mailman/listinfo/owasp-board
>>> _______________________________________________
>>> Owasp-board mailing list
>>> Owasp-board at lists.owasp.org
>>> https://lists.owasp.org/mailman/listinfo/owasp-board
>>  _______________________________________________
> Owasp-board mailing list
> Owasp-board at lists.owasp.org
> https://lists.owasp.org/mailman/listinfo/owasp-board
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/owasp-board/attachments/20140910/f4dc4719/attachment.html>

More information about the Owasp-board mailing list