[Owasp-board] OWASP Summer Code Sprint Proposal

johanna curiel curiel johanna.curiel at owasp.org
Wed Apr 1 13:34:44 UTC 2015

Its about setting rules and I based the information regarding Gsoc based on
the many threats I read in the mailing list and based on discussions when I
was at Google. I'm 40 years old and I do understand the situation regarding
age, but I already clarified my point.

Many project leaders have mentioned their dissatisfaction regarding how the
program Gsoc at OWASp has been run , the rules/criteria are just *an
example* are only a way to put some neutrality and order, I'm not saying
this *must *be this way or another

And btw I do not want to participate in this initiative. So please consider
me out of it and run it as you want it.



On Wed, Apr 1, 2015 at 9:28 AM, Konstantinos Papapanagiotou <
Konstantinos at owasp.org> wrote:

> Johanna,
> We already have a similar very successful program we are running for a few
> years now (GSOC) and a few initiatives like the code sprint. I don't
> understand why we need to reinvent the wheel here. Project leaders will
> propose the best candidates and the selection committee just oversees the
> process.
> In any case I would strongly suggest that you choose your wording more
> carefully as in some cases you are creating the wrong impressions.
> For example, Google never calls or e-mails universities to check student
> status. It even rarely asks for something more than a simple statement from
> the students.
> GSOC does not have a a_huge_ amount of deserting students. Where do you
> get this information from? Google has approx. 150 mentoring organizations
> every year and hundreds of students. Yes, some of them disappear over time
> but they are a small minority. Do you really think that they would still be
> running GSOC if they had a huge number of students that disappeared?
> I'll also have to disagree with a few of your thoughts. I am older than 35
> and I am actually consider joining another postgraduate program. Why am I
> suspicious?
> Why do all projects need to have the same amount of slots? Project A might
> only get only 1 solid proposal. Project B might get 3 excellent ideas. Why
> not give Project B 3 slots and Project A 1 slot? Contribution is important
> but should not be mandatory. Last but not least every mentor should be
> responsible for supervising his/her student and making sure that progress
> is made. Having a formal wiki/blog or similar to formally report progress
> on a weekly basis just adds up on the workload without providing any real
> and valuable feedback.
> Let me get back to what I originally said: we are already running this for
> GSOC every year. Why do we need to reinvent this now that we only want to
> run it on a much smaller scale?
> Kostas
> On Wed, Apr 1, 2015 at 3:10 PM, johanna curiel curiel <
> johanna.curiel at owasp.org> wrote:
>> Hi Fabio
>> I think we need to separate the roles. All volunteers are welcome but
>> they should not be mentors
>> Example: If I'm a mentor I cannot be in the selection committee.
>> I agree that the selection committee cannot select the best candidates
>> for project leaders, therefore I propose that the pre-selection of
>> candidates is done by the mentors/project leaders
>> The selection committee evaluates the candidates that the project
>> leaders/mentors have chosen for the project
>> Project leaders/mentors must evaluate based on a criteria that the
>> selection committee has prepared, for example:
>>    - Age of the candidate (candidates older than 35 are suspicious ;-))
>>    - Which university/ study year attending
>>    - A proof of attendance on that university and we need to confirm
>>    this is true (Google does this)(someone must call the universities/get an
>>    email)
>>    - Proposal must be completely filled in to qualify
>>    - A clear statement and motivation why is he/she  the best candidate
>>    - All projects should have the same amount of slots (1 or 2)
>>    - History of the candidate: is he/she a contributor or is this the
>>    first time? if the student is already a contributor, he/she gets a plus
>>    point
>>    - A short CV experience of the candidate with the
>>    technology/programming language to be used
>>    - All project leaders and students must have a blog/wiki reporting
>>    their weekly progress, so the committee can check how is everyone doing
>>    - Most important of all: In order to qualify the student must commit
>>    a small contribution. This will help filter the students that are
>>    serious.(like the Outreach Program for women)
>> As you also know, Gsoc has a huge amount of deserting students or
>> students with double jobs. This is a situation we do not want to have, so
>> anything that sets the bar high will help to filter serious students from
>> phoney ones
>> Regards
>> Johanna
>> On Wed, Apr 1, 2015 at 6:53 AM, Fabio Cerullo <fcerullo at owasp.org> wrote:
>>> Johanna,
>>> I wanted to follow up regarding this initiative...
>>> Would you agree that other volunteers could also be part of the project
>>> selection committee?
>>> I would welcome an open & transparent process where anyone is able to
>>> participate.
>>> I think is specially important for project leaders to be part of the
>>> student selection process, because they know their project needs.
>>> If there are any deviations or misconduct from any of its members, then
>>> the committee could rapidly take corrective actions.
>>> A good starting point for looking at potential participating projects is
>>> below:
>>> https://www.owasp.org/index.php/GSoC2015_Ideas
>>> We need to probably rebrand it to OWASP Summer Code Sprint (in alignment
>>> with OWASP Winter Code Sprint run later in the year).
>>> For info: https://www.owasp.org/index.php/Winter_Code_Sprint
>>> The main difference is that we will pay students during Summer Code
>>> Sprint.. I’m suggesting USD 3K per student up to a max of 10 slots (30K).
>>> Please let me know your thoughts.
>>> Regards,
>>> Fabio Cerullo
>>> Global Board Member
>>> OWASP Foundation
>>> https://www.owasp.org
>>> On 5 Mar 2015, at 20:08, johanna curiel curiel <johanna.curiel at owasp.org>
>>> wrote:
>>> Josh
>>> I would like very much to help during this process but it is clear that
>>> if I do this (and in order to avoid any conflict of interest)
>>>    - I will not mentor any projects (in the past I was a mentor for
>>>    ZAP, WebgoatPHP, OWTF)
>>>    - Help create a selection criteria based on the project health
>>>    criteria review
>>>    - Have a strong selection criteria for students similar to Gsoc and
>>>    make sure projects follow up these guidelines
>>>    - Communicate this clearly so tehre are no misunderstandings
>>> I have added Timo who is also helpinbg us with the project reviews and
>>> have developer experience that can help us asses projects
>>> regards
>>> Johanna
>>> On Thu, Mar 5, 2015 at 3:51 PM, Josh Sokol <josh.sokol at owasp.org> wrote:
>>>> I didn't participate in past GSoC at any level and really don't feel
>>>> particularly qualified to assemble this program.  It would require way more
>>>> research than my time currently allows.  My stipulations for support were
>>>> stated in my earlier e-mail:
>>>>    - Have a pre-defined scope for the opportunity with specific
>>>>    milestones required
>>>>    - Have a pre-defined award for completing the opportunity
>>>>    - Publicly publish any and all opportunities so that anyone can
>>>>    express an interest in them
>>>>    - Have a formal selection process with ideally a committee of
>>>>    leaders making the selections
>>>>    - Those involved in the selection process cannot also submit
>>>>    - Those involved in the selection process are also responsible for
>>>>    assessing completion
>>>>    - All work produced is provided under the same open source license
>>>>    as the project
>>>> As long as a proposal (from whoever doesn't really matter) adheres to
>>>> these, then I feel that I can put my support behind it.
>>>> ~josh
>>>> On Wed, Mar 4, 2015 at 9:21 AM, Tobias <tobias.gondrom at owasp.org>
>>>> wrote:
>>>>>  In principle, I like the idea, because I can see how it helps
>>>>> inspire students work in the security field.
>>>>> For the amount: I think we could choose any amount and number of
>>>>> projects that would seem meaningful and affordable. E.g. we could also
>>>>> scale back to 5 projects or what we feel makes sense. GSoC did not start
>>>>> with 10 projects at the beginning.
>>>>> Small thing: our pockets are not as deep as Google's, so I am a bit
>>>>> more cautious on what we get in return for this investment.
>>>>> Would maybe Fabio, Josh and someone else like to call together and
>>>>> hash out differences for a proposal to the board?
>>>>> Cheers, Tobias
>>>>> On 04/03/15 03:49, Fabio Cerullo wrote:
>>>>> Dear all,
>>>>>  As you probably know by now, we have not been accepted to Google
>>>>> Summer of Code this year.
>>>>>  Usually, this is a major push for projects during the year as
>>>>> experienced by ZAP, OWTF, Appsensor, Hackademics, Seraphimdroid, etc. For a
>>>>> full list of ideas in 2015 please check the following URL:
>>>>>  https://www.owasp.org/index.php/GSoC2015_Ideas
>>>>>  In order to keep the momentum going and progress those projects, I
>>>>> would like to request an extraordinary budget allocation of 30K USD to
>>>>> cover up to 10 student slots at 3K each. Usually Google pays 5500 USD per
>>>>> student during GSOC. We will use the same structure as previous years with
>>>>> Kostas/me as org admins, the project leaders who usually participate in
>>>>> GSOC (Core team) will pick the best student submissions and then a group of
>>>>> dedicated OWASP volunteers who every year act as mentors for the students.
>>>>> We could establish a mid-term and full term evaluation where if a student
>>>>> is failed mid-term he/she will only receive half the funds (1500 USD). If
>>>>> the student is approved full term, he/she receives the full amount (3000
>>>>> USD).
>>>>>  I understand this is a non-planned expenditure, but considering the
>>>>> importance of GSOC in the last couple of years to progress OWASP coding
>>>>> projects, I think is imperative to take some action considering the current
>>>>> scenario.
>>>>>  If you have any questions, please let us know.
>>>>>  Thanks
>>>>> Fabio
>>>>> _______________________________________________
>>>>> Owasp-board mailing listOwasp-board at lists.owasp.orghttps://lists.owasp.org/mailman/listinfo/owasp-board
>>>>> _______________________________________________
>>>>> Owasp-board mailing list
>>>>> Owasp-board at lists.owasp.org
>>>>> https://lists.owasp.org/mailman/listinfo/owasp-board
>>>> _______________________________________________
>>>> Owasp-board mailing list
>>>> Owasp-board at lists.owasp.org
>>>> https://lists.owasp.org/mailman/listinfo/owasp-board
>>> _______________________________________________
>>> Owasp-board mailing list
>>> Owasp-board at lists.owasp.org
>>> https://lists.owasp.org/mailman/listinfo/owasp-board
>> _______________________________________________
>> Owasp-board mailing list
>> Owasp-board at lists.owasp.org
>> https://lists.owasp.org/mailman/listinfo/owasp-board
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/owasp-board/attachments/20150401/ee26cfbb/attachment-0001.html>

More information about the Owasp-board mailing list