[Owasp-board] OWASP Summer Code Sprint Proposal

Bev Corwin bev.corwin at owasp.org
Wed Apr 1 15:08:09 UTC 2015

Regarding education (vs schools) there are many excellent education
equivalencies by many great American organizations, as well. I think that
we should consider something similar at OWASP. Here is one example that I
think is very practical as a possible reference guide:
http://www.fairfaxcounty.gov/hr/equiv.htm . Many others exist, so I would
recommend researching the topic. Especially in USA there is a strong
tradition of equivalencies, and as a non profit, would like to see OWASP
seriously consider them. I think that it is a mistake to incorrectly assume
that "school, college, etc." = education. Best wishes, Bev

On Wed, Apr 1, 2015 at 10:42 AM, Konstantinos Papapanagiotou <
Konstantinos at owasp.org> wrote:

> Johanna,
> I'm not aware of any "threats", but I'm really sorry if there were. This
> is totally against the OWASP mentality and what we are all trying to
> achieve.
> Regarding mentors that have expressed their dissatisfaction: I have heard
> this a lot of times. Can you be more specific? Do you mean those leaders
> that were found (and actually admitted) behaving unethically by trying to
> manipulate the scoring process?
> Kostas
> On Wednesday, April 1, 2015, johanna curiel curiel <
> johanna.curiel at owasp.org> wrote:
>> Its about setting rules and I based the information regarding Gsoc based
>> on the many threats I read in the mailing list and based on discussions
>> when I was at Google. I'm 40 years old and I do understand the situation
>> regarding age, but I already clarified my point.
>> Many project leaders have mentioned their dissatisfaction regarding how
>> the program Gsoc at OWASp has been run , the rules/criteria are just *an
>> example* are only a way to put some neutrality and order, I'm not saying
>> this *must *be this way or another
>> And btw I do not want to participate in this initiative. So please
>> consider me out of it and run it as you want it.
>> regards
>> Johanna
>> On Wed, Apr 1, 2015 at 9:28 AM, Konstantinos Papapanagiotou <
>> Konstantinos at owasp.org> wrote:
>>> Johanna,
>>> We already have a similar very successful program we are running for a
>>> few years now (GSOC) and a few initiatives like the code sprint. I don't
>>> understand why we need to reinvent the wheel here. Project leaders will
>>> propose the best candidates and the selection committee just oversees the
>>> process.
>>> In any case I would strongly suggest that you choose your wording more
>>> carefully as in some cases you are creating the wrong impressions.
>>> For example, Google never calls or e-mails universities to check student
>>> status. It even rarely asks for something more than a simple statement from
>>> the students.
>>> GSOC does not have a a_huge_ amount of deserting students. Where do you
>>> get this information from? Google has approx. 150 mentoring organizations
>>> every year and hundreds of students. Yes, some of them disappear over time
>>> but they are a small minority. Do you really think that they would still be
>>> running GSOC if they had a huge number of students that disappeared?
>>> I'll also have to disagree with a few of your thoughts. I am older than
>>> 35 and I am actually consider joining another postgraduate program. Why am
>>> I suspicious?
>>> Why do all projects need to have the same amount of slots? Project A
>>> might only get only 1 solid proposal. Project B might get 3 excellent
>>> ideas. Why not give Project B 3 slots and Project A 1 slot? Contribution is
>>> important but should not be mandatory. Last but not least every mentor
>>> should be responsible for supervising his/her student and making sure that
>>> progress is made. Having a formal wiki/blog or similar to formally report
>>> progress on a weekly basis just adds up on the workload without providing
>>> any real and valuable feedback.
>>> Let me get back to what I originally said: we are already running this
>>> for GSOC every year. Why do we need to reinvent this now that we only want
>>> to run it on a much smaller scale?
>>> Kostas
>>> On Wed, Apr 1, 2015 at 3:10 PM, johanna curiel curiel <
>>> johanna.curiel at owasp.org> wrote:
>>>> Hi Fabio
>>>> I think we need to separate the roles. All volunteers are welcome but
>>>> they should not be mentors
>>>> Example: If I'm a mentor I cannot be in the selection committee.
>>>> I agree that the selection committee cannot select the best candidates
>>>> for project leaders, therefore I propose that the pre-selection of
>>>> candidates is done by the mentors/project leaders
>>>> The selection committee evaluates the candidates that the project
>>>> leaders/mentors have chosen for the project
>>>> Project leaders/mentors must evaluate based on a criteria that the
>>>> selection committee has prepared, for example:
>>>>    - Age of the candidate (candidates older than 35 are suspicious ;-))
>>>>    - Which university/ study year attending
>>>>    - A proof of attendance on that university and we need to confirm
>>>>    this is true (Google does this)(someone must call the universities/get an
>>>>    email)
>>>>    - Proposal must be completely filled in to qualify
>>>>    - A clear statement and motivation why is he/she  the best candidate
>>>>    - All projects should have the same amount of slots (1 or 2)
>>>>    - History of the candidate: is he/she a contributor or is this the
>>>>    first time? if the student is already a contributor, he/she gets a plus
>>>>    point
>>>>    - A short CV experience of the candidate with the
>>>>    technology/programming language to be used
>>>>    - All project leaders and students must have a blog/wiki reporting
>>>>    their weekly progress, so the committee can check how is everyone doing
>>>>    - Most important of all: In order to qualify the student must
>>>>    commit a small contribution. This will help filter the students that are
>>>>    serious.(like the Outreach Program for women)
>>>> As you also know, Gsoc has a huge amount of deserting students or
>>>> students with double jobs. This is a situation we do not want to have, so
>>>> anything that sets the bar high will help to filter serious students from
>>>> phoney ones
>>>> Regards
>>>> Johanna
>>>> On Wed, Apr 1, 2015 at 6:53 AM, Fabio Cerullo <fcerullo at owasp.org>
>>>> wrote:
>>>>> Johanna,
>>>>> I wanted to follow up regarding this initiative...
>>>>> Would you agree that other volunteers could also be part of the
>>>>> project selection committee?
>>>>> I would welcome an open & transparent process where anyone is able to
>>>>> participate.
>>>>> I think is specially important for project leaders to be part of the
>>>>> student selection process, because they know their project needs.
>>>>> If there are any deviations or misconduct from any of its members,
>>>>> then the committee could rapidly take corrective actions.
>>>>> A good starting point for looking at potential participating projects
>>>>> is below:
>>>>> https://www.owasp.org/index.php/GSoC2015_Ideas
>>>>> We need to probably rebrand it to OWASP Summer Code Sprint (in
>>>>> alignment with OWASP Winter Code Sprint run later in the year).
>>>>> For info: https://www.owasp.org/index.php/Winter_Code_Sprint
>>>>> The main difference is that we will pay students during Summer Code
>>>>> Sprint.. I’m suggesting USD 3K per student up to a max of 10 slots (30K).
>>>>> Please let me know your thoughts.
>>>>> Regards,
>>>>> Fabio Cerullo
>>>>> Global Board Member
>>>>> OWASP Foundation
>>>>> https://www.owasp.org
>>>>> On 5 Mar 2015, at 20:08, johanna curiel curiel <
>>>>> johanna.curiel at owasp.org> wrote:
>>>>> Josh
>>>>> I would like very much to help during this process but it is clear
>>>>> that if I do this (and in order to avoid any conflict of interest)
>>>>>    - I will not mentor any projects (in the past I was a mentor for
>>>>>    ZAP, WebgoatPHP, OWTF)
>>>>>    - Help create a selection criteria based on the project health
>>>>>    criteria review
>>>>>    - Have a strong selection criteria for students similar to Gsoc
>>>>>    and make sure projects follow up these guidelines
>>>>>    - Communicate this clearly so tehre are no misunderstandings
>>>>> I have added Timo who is also helpinbg us with the project reviews and
>>>>> have developer experience that can help us asses projects
>>>>> regards
>>>>> Johanna
>>>>> On Thu, Mar 5, 2015 at 3:51 PM, Josh Sokol <josh.sokol at owasp.org>
>>>>> wrote:
>>>>>> I didn't participate in past GSoC at any level and really don't feel
>>>>>> particularly qualified to assemble this program.  It would require way more
>>>>>> research than my time currently allows.  My stipulations for support were
>>>>>> stated in my earlier e-mail:
>>>>>>    - Have a pre-defined scope for the opportunity with specific
>>>>>>    milestones required
>>>>>>    - Have a pre-defined award for completing the opportunity
>>>>>>    - Publicly publish any and all opportunities so that anyone can
>>>>>>    express an interest in them
>>>>>>    - Have a formal selection process with ideally a committee of
>>>>>>    leaders making the selections
>>>>>>    - Those involved in the selection process cannot also submit
>>>>>>    - Those involved in the selection process are also responsible
>>>>>>    for assessing completion
>>>>>>    - All work produced is provided under the same open source
>>>>>>    license as the project
>>>>>> As long as a proposal (from whoever doesn't really matter) adheres to
>>>>>> these, then I feel that I can put my support behind it.
>>>>>> ~josh
>>>>>> On Wed, Mar 4, 2015 at 9:21 AM, Tobias <tobias.gondrom at owasp.org>
>>>>>> wrote:
>>>>>>>  In principle, I like the idea, because I can see how it helps
>>>>>>> inspire students work in the security field.
>>>>>>> For the amount: I think we could choose any amount and number of
>>>>>>> projects that would seem meaningful and affordable. E.g. we could also
>>>>>>> scale back to 5 projects or what we feel makes sense. GSoC did not start
>>>>>>> with 10 projects at the beginning.
>>>>>>> Small thing: our pockets are not as deep as Google's, so I am a bit
>>>>>>> more cautious on what we get in return for this investment.
>>>>>>> Would maybe Fabio, Josh and someone else like to call together and
>>>>>>> hash out differences for a proposal to the board?
>>>>>>> Cheers, Tobias
>>>>>>> On 04/03/15 03:49, Fabio Cerullo wrote:
>>>>>>> Dear all,
>>>>>>>  As you probably know by now, we have not been accepted to Google
>>>>>>> Summer of Code this year.
>>>>>>>  Usually, this is a major push for projects during the year as
>>>>>>> experienced by ZAP, OWTF, Appsensor, Hackademics, Seraphimdroid, etc. For a
>>>>>>> full list of ideas in 2015 please check the following URL:
>>>>>>>  https://www.owasp.org/index.php/GSoC2015_Ideas
>>>>>>>  In order to keep the momentum going and progress those projects, I
>>>>>>> would like to request an extraordinary budget allocation of 30K USD to
>>>>>>> cover up to 10 student slots at 3K each. Usually Google pays 5500 USD per
>>>>>>> student during GSOC. We will use the same structure as previous years with
>>>>>>> Kostas/me as org admins, the project leaders who usually participate in
>>>>>>> GSOC (Core team) will pick the best student submissions and then a group of
>>>>>>> dedicated OWASP volunteers who every year act as mentors for the students.
>>>>>>> We could establish a mid-term and full term evaluation where if a student
>>>>>>> is failed mid-term he/she will only receive half the funds (1500 USD). If
>>>>>>> the student is approved full term, he/she receives the full amount (3000
>>>>>>> USD).
>>>>>>>  I understand this is a non-planned expenditure, but considering
>>>>>>> the importance of GSOC in the last couple of years to progress OWASP coding
>>>>>>> projects, I think is imperative to take some action considering the current
>>>>>>> scenario.
>>>>>>>  If you have any questions, please let us know.
>>>>>>>  Thanks
>>>>>>> Fabio
>>>>>>> _______________________________________________
>>>>>>> Owasp-board mailing listOwasp-board at lists.owasp.orghttps://lists.owasp.org/mailman/listinfo/owasp-board
>>>>>>> _______________________________________________
>>>>>>> Owasp-board mailing list
>>>>>>> Owasp-board at lists.owasp.org
>>>>>>> https://lists.owasp.org/mailman/listinfo/owasp-board
>>>>>> _______________________________________________
>>>>>> Owasp-board mailing list
>>>>>> Owasp-board at lists.owasp.org
>>>>>> https://lists.owasp.org/mailman/listinfo/owasp-board
>>>>> _______________________________________________
>>>>> Owasp-board mailing list
>>>>> Owasp-board at lists.owasp.org
>>>>> https://lists.owasp.org/mailman/listinfo/owasp-board
>>>> _______________________________________________
>>>> Owasp-board mailing list
>>>> Owasp-board at lists.owasp.org
>>>> https://lists.owasp.org/mailman/listinfo/owasp-board
> _______________________________________________
> Owasp-board mailing list
> Owasp-board at lists.owasp.org
> https://lists.owasp.org/mailman/listinfo/owasp-board
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/owasp-board/attachments/20150401/1d341a81/attachment-0001.html>

More information about the Owasp-board mailing list