[Owasp-board] OWASP Summer Code Sprint Proposal

johanna curiel curiel johanna.curiel at owasp.org
Wed Apr 1 12:10:23 UTC 2015

Hi Fabio

I think we need to separate the roles. All volunteers are welcome but they
should not be mentors
Example: If I'm a mentor I cannot be in the selection committee.

I agree that the selection committee cannot select the best candidates for
project leaders, therefore I propose that the pre-selection of candidates
is done by the mentors/project leaders

The selection committee evaluates the candidates that the project
leaders/mentors have chosen for the project
Project leaders/mentors must evaluate based on a criteria that the
selection committee has prepared, for example:

   - Age of the candidate (candidates older than 35 are suspicious ;-))
   - Which university/ study year attending
   - A proof of attendance on that university and we need to confirm this
   is true (Google does this)(someone must call the universities/get an email)
   - Proposal must be completely filled in to qualify
   - A clear statement and motivation why is he/she  the best candidate
   - All projects should have the same amount of slots (1 or 2)
   - History of the candidate: is he/she a contributor or is this the first
   time? if the student is already a contributor, he/she gets a plus point
   - A short CV experience of the candidate with the technology/programming
   language to be used
   - All project leaders and students must have a blog/wiki reporting their
   weekly progress, so the committee can check how is everyone doing
   - Most important of all: In order to qualify the student must commit a
   small contribution. This will help filter the students that are
   serious.(like the Outreach Program for women)

As you also know, Gsoc has a huge amount of deserting students or students
with double jobs. This is a situation we do not want to have, so anything
that sets the bar high will help to filter serious students from phoney ones



On Wed, Apr 1, 2015 at 6:53 AM, Fabio Cerullo <fcerullo at owasp.org> wrote:

> Johanna,
> I wanted to follow up regarding this initiative...
> Would you agree that other volunteers could also be part of the project
> selection committee?
> I would welcome an open & transparent process where anyone is able to
> participate.
> I think is specially important for project leaders to be part of the
> student selection process, because they know their project needs.
> If there are any deviations or misconduct from any of its members, then
> the committee could rapidly take corrective actions.
> A good starting point for looking at potential participating projects is
> below:
> https://www.owasp.org/index.php/GSoC2015_Ideas
> We need to probably rebrand it to OWASP Summer Code Sprint (in alignment
> with OWASP Winter Code Sprint run later in the year).
> For info: https://www.owasp.org/index.php/Winter_Code_Sprint
> The main difference is that we will pay students during Summer Code
> Sprint.. I’m suggesting USD 3K per student up to a max of 10 slots (30K).
> Please let me know your thoughts.
> Regards,
> Fabio Cerullo
> Global Board Member
> OWASP Foundation
> https://www.owasp.org
> On 5 Mar 2015, at 20:08, johanna curiel curiel <johanna.curiel at owasp.org>
> wrote:
> Josh
> I would like very much to help during this process but it is clear that if
> I do this (and in order to avoid any conflict of interest)
>    - I will not mentor any projects (in the past I was a mentor for ZAP,
>    WebgoatPHP, OWTF)
>    - Help create a selection criteria based on the project health
>    criteria review
>    - Have a strong selection criteria for students similar to Gsoc and
>    make sure projects follow up these guidelines
>    - Communicate this clearly so tehre are no misunderstandings
> I have added Timo who is also helpinbg us with the project reviews and
> have developer experience that can help us asses projects
> regards
> Johanna
> On Thu, Mar 5, 2015 at 3:51 PM, Josh Sokol <josh.sokol at owasp.org> wrote:
>> I didn't participate in past GSoC at any level and really don't feel
>> particularly qualified to assemble this program.  It would require way more
>> research than my time currently allows.  My stipulations for support were
>> stated in my earlier e-mail:
>>    - Have a pre-defined scope for the opportunity with specific
>>    milestones required
>>    - Have a pre-defined award for completing the opportunity
>>    - Publicly publish any and all opportunities so that anyone can
>>    express an interest in them
>>    - Have a formal selection process with ideally a committee of leaders
>>    making the selections
>>    - Those involved in the selection process cannot also submit
>>    - Those involved in the selection process are also responsible for
>>    assessing completion
>>    - All work produced is provided under the same open source license as
>>    the project
>> As long as a proposal (from whoever doesn't really matter) adheres to
>> these, then I feel that I can put my support behind it.
>> ~josh
>> On Wed, Mar 4, 2015 at 9:21 AM, Tobias <tobias.gondrom at owasp.org> wrote:
>>>  In principle, I like the idea, because I can see how it helps inspire
>>> students work in the security field.
>>> For the amount: I think we could choose any amount and number of
>>> projects that would seem meaningful and affordable. E.g. we could also
>>> scale back to 5 projects or what we feel makes sense. GSoC did not start
>>> with 10 projects at the beginning.
>>> Small thing: our pockets are not as deep as Google's, so I am a bit more
>>> cautious on what we get in return for this investment.
>>> Would maybe Fabio, Josh and someone else like to call together and hash
>>> out differences for a proposal to the board?
>>> Cheers, Tobias
>>> On 04/03/15 03:49, Fabio Cerullo wrote:
>>> Dear all,
>>>  As you probably know by now, we have not been accepted to Google
>>> Summer of Code this year.
>>>  Usually, this is a major push for projects during the year as
>>> experienced by ZAP, OWTF, Appsensor, Hackademics, Seraphimdroid, etc. For a
>>> full list of ideas in 2015 please check the following URL:
>>>  https://www.owasp.org/index.php/GSoC2015_Ideas
>>>  In order to keep the momentum going and progress those projects, I
>>> would like to request an extraordinary budget allocation of 30K USD to
>>> cover up to 10 student slots at 3K each. Usually Google pays 5500 USD per
>>> student during GSOC. We will use the same structure as previous years with
>>> Kostas/me as org admins, the project leaders who usually participate in
>>> GSOC (Core team) will pick the best student submissions and then a group of
>>> dedicated OWASP volunteers who every year act as mentors for the students.
>>> We could establish a mid-term and full term evaluation where if a student
>>> is failed mid-term he/she will only receive half the funds (1500 USD). If
>>> the student is approved full term, he/she receives the full amount (3000
>>> USD).
>>>  I understand this is a non-planned expenditure, but considering the
>>> importance of GSOC in the last couple of years to progress OWASP coding
>>> projects, I think is imperative to take some action considering the current
>>> scenario.
>>>  If you have any questions, please let us know.
>>>  Thanks
>>> Fabio
>>> _______________________________________________
>>> Owasp-board mailing listOwasp-board at lists.owasp.orghttps://lists.owasp.org/mailman/listinfo/owasp-board
>>> _______________________________________________
>>> Owasp-board mailing list
>>> Owasp-board at lists.owasp.org
>>> https://lists.owasp.org/mailman/listinfo/owasp-board
>> _______________________________________________
>> Owasp-board mailing list
>> Owasp-board at lists.owasp.org
>> https://lists.owasp.org/mailman/listinfo/owasp-board
> _______________________________________________
> Owasp-board mailing list
> Owasp-board at lists.owasp.org
> https://lists.owasp.org/mailman/listinfo/owasp-board
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/owasp-board/attachments/20150401/b3bbe723/attachment.html>

More information about the Owasp-board mailing list