[Owasp-board] OWASP Summer Code Sprint Proposal
jim.manico at owasp.org
Wed Apr 1 14:18:28 UTC 2015
+1 We have a legal obligation to keep age out of the criteria. Perhaps make
attending college a criteria instead?
On Apr 1, 2015, at 5:43 AM, Noreen Whysel <noreen.whysel at owasp.org> wrote:
I hope you will reconsider <35 as a requirement. As someone who earned a
graduate degree at age 45 I am a bit sensitive to this. You could make it
high school only or undergrad only but, as a US organization, any overt age
discrimination might run afoul of US law, unless it is specifically for
under age 18.
On Apr 1, 2015, at 8:10 AM, johanna curiel curiel <johanna.curiel at owasp.org>
I think we need to separate the roles. All volunteers are welcome but they
should not be mentors
Example: If I'm a mentor I cannot be in the selection committee.
I agree that the selection committee cannot select the best candidates for
project leaders, therefore I propose that the pre-selection of candidates
is done by the mentors/project leaders
The selection committee evaluates the candidates that the project
leaders/mentors have chosen for the project
Project leaders/mentors must evaluate based on a criteria that the
selection committee has prepared, for example:
- Age of the candidate (candidates older than 35 are suspicious ;-))
- Which university/ study year attending
- A proof of attendance on that university and we need to confirm this
is true (Google does this)(someone must call the universities/get an email)
- Proposal must be completely filled in to qualify
- A clear statement and motivation why is he/she the best candidate
- All projects should have the same amount of slots (1 or 2)
- History of the candidate: is he/she a contributor or is this the first
time? if the student is already a contributor, he/she gets a plus point
- A short CV experience of the candidate with the technology/programming
language to be used
- All project leaders and students must have a blog/wiki reporting their
weekly progress, so the committee can check how is everyone doing
- Most important of all: In order to qualify the student must commit a
small contribution. This will help filter the students that are
serious.(like the Outreach Program for women)
As you also know, Gsoc has a huge amount of deserting students or students
with double jobs. This is a situation we do not want to have, so anything
that sets the bar high will help to filter serious students from phoney ones
On Wed, Apr 1, 2015 at 6:53 AM, Fabio Cerullo <fcerullo at owasp.org> wrote:
> I wanted to follow up regarding this initiative...
> Would you agree that other volunteers could also be part of the project
> selection committee?
> I would welcome an open & transparent process where anyone is able to
> I think is specially important for project leaders to be part of the
> student selection process, because they know their project needs.
> If there are any deviations or misconduct from any of its members, then
> the committee could rapidly take corrective actions.
> A good starting point for looking at potential participating projects is
> We need to probably rebrand it to OWASP Summer Code Sprint (in alignment
> with OWASP Winter Code Sprint run later in the year).
> For info: https://www.owasp.org/index.php/Winter_Code_Sprint
> The main difference is that we will pay students during Summer Code
> Sprint.. I’m suggesting USD 3K per student up to a max of 10 slots (30K).
> Please let me know your thoughts.
> Fabio Cerullo
> Global Board Member
> OWASP Foundation
> On 5 Mar 2015, at 20:08, johanna curiel curiel <johanna.curiel at owasp.org>
> I would like very much to help during this process but it is clear that if
> I do this (and in order to avoid any conflict of interest)
> - I will not mentor any projects (in the past I was a mentor for ZAP,
> WebgoatPHP, OWTF)
> - Help create a selection criteria based on the project health
> criteria review
> - Have a strong selection criteria for students similar to Gsoc and
> make sure projects follow up these guidelines
> - Communicate this clearly so tehre are no misunderstandings
> I have added Timo who is also helpinbg us with the project reviews and
> have developer experience that can help us asses projects
> On Thu, Mar 5, 2015 at 3:51 PM, Josh Sokol <josh.sokol at owasp.org> wrote:
>> I didn't participate in past GSoC at any level and really don't feel
>> particularly qualified to assemble this program. It would require way more
>> research than my time currently allows. My stipulations for support were
>> stated in my earlier e-mail:
>> - Have a pre-defined scope for the opportunity with specific
>> milestones required
>> - Have a pre-defined award for completing the opportunity
>> - Publicly publish any and all opportunities so that anyone can
>> express an interest in them
>> - Have a formal selection process with ideally a committee of leaders
>> making the selections
>> - Those involved in the selection process cannot also submit
>> - Those involved in the selection process are also responsible for
>> assessing completion
>> - All work produced is provided under the same open source license as
>> the project
>> As long as a proposal (from whoever doesn't really matter) adheres to
>> these, then I feel that I can put my support behind it.
>> On Wed, Mar 4, 2015 at 9:21 AM, Tobias <tobias.gondrom at owasp.org> wrote:
>>> In principle, I like the idea, because I can see how it helps inspire
>>> students work in the security field.
>>> For the amount: I think we could choose any amount and number of
>>> projects that would seem meaningful and affordable. E.g. we could also
>>> scale back to 5 projects or what we feel makes sense. GSoC did not start
>>> with 10 projects at the beginning.
>>> Small thing: our pockets are not as deep as Google's, so I am a bit more
>>> cautious on what we get in return for this investment.
>>> Would maybe Fabio, Josh and someone else like to call together and hash
>>> out differences for a proposal to the board?
>>> Cheers, Tobias
>>> On 04/03/15 03:49, Fabio Cerullo wrote:
>>> Dear all,
>>> As you probably know by now, we have not been accepted to Google
>>> Summer of Code this year.
>>> Usually, this is a major push for projects during the year as
>>> experienced by ZAP, OWTF, Appsensor, Hackademics, Seraphimdroid, etc. For a
>>> full list of ideas in 2015 please check the following URL:
>>> In order to keep the momentum going and progress those projects, I
>>> would like to request an extraordinary budget allocation of 30K USD to
>>> cover up to 10 student slots at 3K each. Usually Google pays 5500 USD per
>>> student during GSOC. We will use the same structure as previous years with
>>> Kostas/me as org admins, the project leaders who usually participate in
>>> GSOC (Core team) will pick the best student submissions and then a group of
>>> dedicated OWASP volunteers who every year act as mentors for the students.
>>> We could establish a mid-term and full term evaluation where if a student
>>> is failed mid-term he/she will only receive half the funds (1500 USD). If
>>> the student is approved full term, he/she receives the full amount (3000
>>> I understand this is a non-planned expenditure, but considering the
>>> importance of GSOC in the last couple of years to progress OWASP coding
>>> projects, I think is imperative to take some action considering the current
>>> If you have any questions, please let us know.
>>> Owasp-board mailing listOwasp-board at lists.owasp.orghttps://lists.owasp.org/mailman/listinfo/owasp-board
>>> Owasp-board mailing list
>>> Owasp-board at lists.owasp.org
>> Owasp-board mailing list
>> Owasp-board at lists.owasp.org
> Owasp-board mailing list
> Owasp-board at lists.owasp.org
Owasp-board mailing list
Owasp-board at lists.owasp.org
Owasp-board mailing list
Owasp-board at lists.owasp.org
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Owasp-board