[Owasp-board] Staring projects - incubators new guidelines, process and rules

Josh Sokol josh.sokol at owasp.org
Wed Sep 10 14:15:23 UTC 2014

This is exactly like I was thinking.  Great job!


On Wed, Sep 10, 2014 at 7:11 AM, johanna curiel curiel <
johanna.curiel at owasp.org> wrote:

> Hi All
> Based on the last discussion regarding the process of starting a new
> project, I have created an Ideas Page:
> https://www.owasp.org/index.php/Project_Ideas_Board
> The steps to start a new project are
> *Submit your idea to the project ideas group and research*
> This group will be moderated by the Committee, so I can guide leaders on
> similar type of projects when submitting ideas
> I hope in the coming months to develop a mapping of the areas projects are
> working on, so this will make it easier for new people to start a project
> and cover an area that has a big gap. For example, we have a lot of Broken
> apps in  languages such as  php and java and maybe someone would like to
> create one in Rails for example and be aware that there are already 5
> broken apps in PHP but none in Ruby on rails.
> We need to think strategically to guide people into producing projects
> with real value for the community. There are right now many projects that
> have little audience(basically no one is using them)  because of this or
> because they tend to create projects that are based on other projects and a
> tendency to repeat the same without a unique selling proposition or angle.
> We need to guide projects into producing a "product" of value and think
> more as entrepreneur and researchers instead of fun hobby projects. The
> most successful ones are definitely not treating their projects as a pure
> fun hobby but as serious products. So what do we want? be a nest for
> hobbies or be a nest of valuable projects for the community?
>  We want to be able to see the submissions of New projects and I have
> asked Kate to FWD the submissions.I assume with this new process, we will
> have a higher bar so we get less empty projects.
> I have also updated this info on
> https://www.owasp.org/index.php/Category:OWASP_Project#tab=Starting_a_New_Project
> and will keep updating this in the coming months
> I appreciate your comments and feedback although when providing feedback
> keep in mind that any changes you would like to see must be based on
> realistic situation and resources.
> We struggle to get volunteers to do reviews and any thing that we would
> like to see, think on how to execute realistically based on actual
> resources. I based my strategy on this.I cant do much with wonderful ideas
> but no resources to execute them
> regards
> Johanna
> On Fri, Aug 29, 2014 at 11:28 AM, Michael Coates <michael.coates at owasp.org
> > wrote:
>> Great idea. Happy to be the test case too. I had grand visions with the
>> framework security project but just couldn't get enough time on it. Happy
>> to use that as an example and clear out the incubator project and put it
>> back into the idea pile for anyone to take!
>> On Aug 29, 2014, at 8:25 AM, johanna curiel curiel <
>> johanna.curiel at owasp.org> wrote:
>> Josh, I think thats the best approach.
>> I will prepare an implementation plan so we can get this, including a
>> process for the new project coordinator
>> Regards
>> johanna
>> On Friday, August 29, 2014, Josh Sokol <josh.sokol at owasp.org> wrote:
>>> +1 Johanna.  Maybe we should create an "Ideas" wiki page with a list of
>>> ideas and leaders.  A simple way to try to get like-minded people to work
>>> together on a concept.  No overhead, add yourself, remove yourself.  Make
>>> it clear at the top that it's just a list of ideas and none have completed
>>> the steps to be an OWASP project yet.  Then, once some code or a draft is
>>> created, we can move them to the incubator and go from there.  Would that
>>> make sense?
>>> ~josh
>>> On Thu, Aug 28, 2014 at 10:19 PM, johanna curiel curiel <
>>> johanna.curiel at owasp.org> wrote:
>>>> Yes I think projects should start with at least some code or draft
>>>> documentation.
>>>> But I think after all the free for all that existed starting projects ,
>>>> we should set the bar higher progressively, as you saw on the same
>>>> reactions, some people really felt intimidated by this requirement
>>>> By setting higher requirements on roadmap and descriptions, we will
>>>> filter a group of them, however , by end of the year , as a new set of
>>>> incubator projects fail to create a release, it will then be clear for
>>>> everyone that we really need to request a first prototype or draft when
>>>> lauching a new project.
>>>> Also the content  of some of these projects, is often less than
>>>> satisfactory. Some of them are are total puzzle and no wonder why they are
>>>> not even downloaded or used. Thats also an ingredient for unsustainability.
>>>> This is definetly just the beginning, if we want to improve the quality
>>>> of projects there is still a lot of work to do.
>>>> On Thursday, August 28, 2014, Jim Manico <jim.manico at owasp.org> wrote:
>>>>>  Johanna,
>>>>> I think your list is quite reasonable from what I have seen on the
>>>>> project list. While you are setting the bar higher that it was before, it's
>>>>> still VERY low for new projects. We want to support innovation and make it
>>>>> easy to get a new project rolling, but after so much abuse and after so
>>>>> many non-projects were let slip through, I think it's prudent to set the
>>>>> bar a *little* higher.
>>>>> Aloha,
>>>>> Jim
>>>>> On 8/28/14, 6:30 PM, johanna curiel curiel wrote:
>>>>> Board members and Paul
>>>>>  When Samantha used to work as Project Manager, she was allowed to
>>>>> create and start many incubator projects alone. After reviewing all of
>>>>> them, I see that many projects never really started properly with all the
>>>>> necessary information such as a basic description or a clear roadmap.
>>>>>  The community has also express disagreement on the amount of
>>>>> projects and the incredible low quality of them. We want  quality,
>>>>> sustainable projects, but not half empty wiki pages with no releases.
>>>>>  I don't think OWASP has benefit at all with a humongous incubators
>>>>> list of half empty projects, some of them concerns me because most probably
>>>>> they will fail and die next year
>>>>>  Therefore I don't think we should allow one single person to start
>>>>> new projects without even controlling the content, especially there should
>>>>> be an announcement on the leaders list and allow people to review and
>>>>> feedback before starting it.
>>>>>  I would like to develop together with the Project review team and
>>>>> Leaders,  a checklist containing the minimum requirements to allow
>>>>> incubator projects to start, which I already did this week and hope to keep
>>>>> developing the coming weeks.
>>>>>   I don't think OWASP community wants projects appearing as mushrooms
>>>>> in the inventory list, and I think , once again, that starting projects
>>>>> without enough requirements creates confusion and lowers the quality of
>>>>> projects inventory, apart from all the burden to track them and monitor
>>>>> them.
>>>>>  regards
>>>>>  Johanna
>>>>> _______________________________________________
>>>>> Owasp-board mailing listOwasp-board at lists.owasp.orghttps://lists.owasp.org/mailman/listinfo/owasp-board
>>>> _______________________________________________
>>>> Owasp-board mailing list
>>>> Owasp-board at lists.owasp.org
>>>> https://lists.owasp.org/mailman/listinfo/owasp-board
>>>  _______________________________________________
>> Owasp-board mailing list
>> Owasp-board at lists.owasp.org
>> https://lists.owasp.org/mailman/listinfo/owasp-board
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/owasp-board/attachments/20140910/bd6547dd/attachment-0001.html>

More information about the Owasp-board mailing list