[Owasp-board] OWASP Summer Code Sprint Proposal

Bev Corwin bev.corwin at owasp.org
Wed Apr 1 15:26:38 UTC 2015

Re: Ethics, etc., Agreed, as well. However, also important to keep away
from even the <appearances> of religious discrimination, prejudicial /
negative incorrect assumptions, bullying, or promoting overly hubristic,
arrogant, or inquisition-like cultures.


On Wed, Apr 1, 2015 at 11:12 AM, Jim Manico <jim.manico at owasp.org> wrote:

> Well said! I agree!
> We are tasked to keep away from even the •appearances• of in appropriate
> behavior. So even when we do the right thing, if it looks bad it looks bad
> for all of OWASP.
> This is why I think separation of duties is critical, it keeps the
> nay-sayers at bay. :)
> Aloha,
> --
> Jim Manico
> @Manicode
> (808) 652-3805
> On Apr 1, 2015, at 8:08 AM, Konstantinos Papapanagiotou <
> Konstantinos at owasp.org> wrote:
> Jim,
> In my life I have learned that I have to stick on my ethical values
> regardless of how others behave, even when I feel that others are being
> unfair towards me.  As a person I do not break my core values depending on
> how others treat me. I might be wrong but I think the same about others:
> one either has or does not have ethics. Such things don't change according
> to circumstances.
> Kostas
> On Wednesday, April 1, 2015, Jim Manico <jim.manico at owasp.org> wrote:
>> Those who were deemed to be unethical did such things because they felt
>> mentor leaders were picking friends to win GSOC. I am not at all saying
>> they are right, but separation of duties will help prevent these conflicts
>> in the future.
>> --
>> Jim Manico
>> @Manicode
>> (808) 652-3805
>> On Apr 1, 2015, at 7:43 AM, Konstantinos Papapanagiotou <
>> Konstantinos at owasp.org> wrote:
>> Johanna,
>> I'm not aware of any "threats", but I'm really sorry if there were. This
>> is totally against the OWASP mentality and what we are all trying to
>> achieve.
>> Regarding mentors that have expressed their dissatisfaction: I have heard
>> this a lot of times. Can you be more specific? Do you mean those leaders
>> that were found (and actually admitted) behaving unethically by trying to
>> manipulate the scoring process?
>> Kostas
>> On Wednesday, April 1, 2015, johanna curiel curiel <
>> johanna.curiel at owasp.org> wrote:
>>> Its about setting rules and I based the information regarding Gsoc based
>>> on the many threats I read in the mailing list and based on discussions
>>> when I was at Google. I'm 40 years old and I do understand the situation
>>> regarding age, but I already clarified my point.
>>> Many project leaders have mentioned their dissatisfaction regarding how
>>> the program Gsoc at OWASp has been run , the rules/criteria are just *an
>>> example* are only a way to put some neutrality and order, I'm not
>>> saying this *must *be this way or another
>>> And btw I do not want to participate in this initiative. So please
>>> consider me out of it and run it as you want it.
>>> regards
>>> Johanna
>>> On Wed, Apr 1, 2015 at 9:28 AM, Konstantinos Papapanagiotou <
>>> Konstantinos at owasp.org> wrote:
>>>> Johanna,
>>>> We already have a similar very successful program we are running for a
>>>> few years now (GSOC) and a few initiatives like the code sprint. I don't
>>>> understand why we need to reinvent the wheel here. Project leaders will
>>>> propose the best candidates and the selection committee just oversees the
>>>> process.
>>>> In any case I would strongly suggest that you choose your wording more
>>>> carefully as in some cases you are creating the wrong impressions.
>>>> For example, Google never calls or e-mails universities to check
>>>> student status. It even rarely asks for something more than a simple
>>>> statement from the students.
>>>> GSOC does not have a a_huge_ amount of deserting students. Where do you
>>>> get this information from? Google has approx. 150 mentoring organizations
>>>> every year and hundreds of students. Yes, some of them disappear over time
>>>> but they are a small minority. Do you really think that they would still be
>>>> running GSOC if they had a huge number of students that disappeared?
>>>> I'll also have to disagree with a few of your thoughts. I am older than
>>>> 35 and I am actually consider joining another postgraduate program. Why am
>>>> I suspicious?
>>>> Why do all projects need to have the same amount of slots? Project A
>>>> might only get only 1 solid proposal. Project B might get 3 excellent
>>>> ideas. Why not give Project B 3 slots and Project A 1 slot? Contribution is
>>>> important but should not be mandatory. Last but not least every mentor
>>>> should be responsible for supervising his/her student and making sure that
>>>> progress is made. Having a formal wiki/blog or similar to formally report
>>>> progress on a weekly basis just adds up on the workload without providing
>>>> any real and valuable feedback.
>>>> Let me get back to what I originally said: we are already running this
>>>> for GSOC every year. Why do we need to reinvent this now that we only want
>>>> to run it on a much smaller scale?
>>>> Kostas
>>>> On Wed, Apr 1, 2015 at 3:10 PM, johanna curiel curiel <
>>>> johanna.curiel at owasp.org> wrote:
>>>>> Hi Fabio
>>>>> I think we need to separate the roles. All volunteers are welcome but
>>>>> they should not be mentors
>>>>> Example: If I'm a mentor I cannot be in the selection committee.
>>>>> I agree that the selection committee cannot select the best candidates
>>>>> for project leaders, therefore I propose that the pre-selection of
>>>>> candidates is done by the mentors/project leaders
>>>>> The selection committee evaluates the candidates that the project
>>>>> leaders/mentors have chosen for the project
>>>>> Project leaders/mentors must evaluate based on a criteria that the
>>>>> selection committee has prepared, for example:
>>>>>    - Age of the candidate (candidates older than 35 are suspicious
>>>>>    ;-))
>>>>>    - Which university/ study year attending
>>>>>    - A proof of attendance on that university and we need to confirm
>>>>>    this is true (Google does this)(someone must call the universities/get an
>>>>>    email)
>>>>>    - Proposal must be completely filled in to qualify
>>>>>    - A clear statement and motivation why is he/she  the best
>>>>>    candidate
>>>>>    - All projects should have the same amount of slots (1 or 2)
>>>>>    - History of the candidate: is he/she a contributor or is this the
>>>>>    first time? if the student is already a contributor, he/she gets a plus
>>>>>    point
>>>>>    - A short CV experience of the candidate with the
>>>>>    technology/programming language to be used
>>>>>    - All project leaders and students must have a blog/wiki reporting
>>>>>    their weekly progress, so the committee can check how is everyone doing
>>>>>    - Most important of all: In order to qualify the student must
>>>>>    commit a small contribution. This will help filter the students that are
>>>>>    serious.(like the Outreach Program for women)
>>>>> As you also know, Gsoc has a huge amount of deserting students or
>>>>> students with double jobs. This is a situation we do not want to have, so
>>>>> anything that sets the bar high will help to filter serious students from
>>>>> phoney ones
>>>>> Regards
>>>>> Johanna
>>>>> On Wed, Apr 1, 2015 at 6:53 AM, Fabio Cerullo <fcerullo at owasp.org>
>>>>> wrote:
>>>>>> Johanna,
>>>>>> I wanted to follow up regarding this initiative...
>>>>>> Would you agree that other volunteers could also be part of the
>>>>>> project selection committee?
>>>>>> I would welcome an open & transparent process where anyone is able to
>>>>>> participate.
>>>>>> I think is specially important for project leaders to be part of the
>>>>>> student selection process, because they know their project needs.
>>>>>> If there are any deviations or misconduct from any of its members,
>>>>>> then the committee could rapidly take corrective actions.
>>>>>> A good starting point for looking at potential participating projects
>>>>>> is below:
>>>>>> https://www.owasp.org/index.php/GSoC2015_Ideas
>>>>>> We need to probably rebrand it to OWASP Summer Code Sprint (in
>>>>>> alignment with OWASP Winter Code Sprint run later in the year).
>>>>>> For info: https://www.owasp.org/index.php/Winter_Code_Sprint
>>>>>> The main difference is that we will pay students during Summer Code
>>>>>> Sprint.. I’m suggesting USD 3K per student up to a max of 10 slots (30K).
>>>>>> Please let me know your thoughts.
>>>>>> Regards,
>>>>>> Fabio Cerullo
>>>>>> Global Board Member
>>>>>> OWASP Foundation
>>>>>> https://www.owasp.org
>>>>>> On 5 Mar 2015, at 20:08, johanna curiel curiel <
>>>>>> johanna.curiel at owasp.org> wrote:
>>>>>> Josh
>>>>>> I would like very much to help during this process but it is clear
>>>>>> that if I do this (and in order to avoid any conflict of interest)
>>>>>>    - I will not mentor any projects (in the past I was a mentor for
>>>>>>    ZAP, WebgoatPHP, OWTF)
>>>>>>    - Help create a selection criteria based on the project health
>>>>>>    criteria review
>>>>>>    - Have a strong selection criteria for students similar to Gsoc
>>>>>>    and make sure projects follow up these guidelines
>>>>>>    - Communicate this clearly so tehre are no misunderstandings
>>>>>> I have added Timo who is also helpinbg us with the project reviews
>>>>>> and have developer experience that can help us asses projects
>>>>>> regards
>>>>>> Johanna
>>>>>> On Thu, Mar 5, 2015 at 3:51 PM, Josh Sokol <josh.sokol at owasp.org>
>>>>>> wrote:
>>>>>>> I didn't participate in past GSoC at any level and really don't feel
>>>>>>> particularly qualified to assemble this program.  It would require way more
>>>>>>> research than my time currently allows.  My stipulations for support were
>>>>>>> stated in my earlier e-mail:
>>>>>>>    - Have a pre-defined scope for the opportunity with specific
>>>>>>>    milestones required
>>>>>>>    - Have a pre-defined award for completing the opportunity
>>>>>>>    - Publicly publish any and all opportunities so that anyone can
>>>>>>>    express an interest in them
>>>>>>>    - Have a formal selection process with ideally a committee of
>>>>>>>    leaders making the selections
>>>>>>>    - Those involved in the selection process cannot also submit
>>>>>>>    - Those involved in the selection process are also responsible
>>>>>>>    for assessing completion
>>>>>>>    - All work produced is provided under the same open source
>>>>>>>    license as the project
>>>>>>> As long as a proposal (from whoever doesn't really matter) adheres
>>>>>>> to these, then I feel that I can put my support behind it.
>>>>>>> ~josh
>>>>>>> On Wed, Mar 4, 2015 at 9:21 AM, Tobias <tobias.gondrom at owasp.org>
>>>>>>> wrote:
>>>>>>>>  In principle, I like the idea, because I can see how it helps
>>>>>>>> inspire students work in the security field.
>>>>>>>> For the amount: I think we could choose any amount and number of
>>>>>>>> projects that would seem meaningful and affordable. E.g. we could also
>>>>>>>> scale back to 5 projects or what we feel makes sense. GSoC did not start
>>>>>>>> with 10 projects at the beginning.
>>>>>>>> Small thing: our pockets are not as deep as Google's, so I am a bit
>>>>>>>> more cautious on what we get in return for this investment.
>>>>>>>> Would maybe Fabio, Josh and someone else like to call together and
>>>>>>>> hash out differences for a proposal to the board?
>>>>>>>> Cheers, Tobias
>>>>>>>> On 04/03/15 03:49, Fabio Cerullo wrote:
>>>>>>>> Dear all,
>>>>>>>>  As you probably know by now, we have not been accepted to Google
>>>>>>>> Summer of Code this year.
>>>>>>>>  Usually, this is a major push for projects during the year as
>>>>>>>> experienced by ZAP, OWTF, Appsensor, Hackademics, Seraphimdroid, etc. For a
>>>>>>>> full list of ideas in 2015 please check the following URL:
>>>>>>>>  https://www.owasp.org/index.php/GSoC2015_Ideas
>>>>>>>>  In order to keep the momentum going and progress those projects,
>>>>>>>> I would like to request an extraordinary budget allocation of 30K USD to
>>>>>>>> cover up to 10 student slots at 3K each. Usually Google pays 5500 USD per
>>>>>>>> student during GSOC. We will use the same structure as previous years with
>>>>>>>> Kostas/me as org admins, the project leaders who usually participate in
>>>>>>>> GSOC (Core team) will pick the best student submissions and then a group of
>>>>>>>> dedicated OWASP volunteers who every year act as mentors for the students.
>>>>>>>> We could establish a mid-term and full term evaluation where if a student
>>>>>>>> is failed mid-term he/she will only receive half the funds (1500 USD). If
>>>>>>>> the student is approved full term, he/she receives the full amount (3000
>>>>>>>> USD).
>>>>>>>>  I understand this is a non-planned expenditure, but considering
>>>>>>>> the importance of GSOC in the last couple of years to progress OWASP coding
>>>>>>>> projects, I think is imperative to take some action considering the current
>>>>>>>> scenario.
>>>>>>>>  If you have any questions, please let us know.
>>>>>>>>  Thanks
>>>>>>>> Fabio
>>>>>>>> _______________________________________________
>>>>>>>> Owasp-board mailing listOwasp-board at lists.owasp.orghttps://lists.owasp.org/mailman/listinfo/owasp-board
>>>>>>>> _______________________________________________
>>>>>>>> Owasp-board mailing list
>>>>>>>> Owasp-board at lists.owasp.org
>>>>>>>> https://lists.owasp.org/mailman/listinfo/owasp-board
>>>>>>> _______________________________________________
>>>>>>> Owasp-board mailing list
>>>>>>> Owasp-board at lists.owasp.org
>>>>>>> https://lists.owasp.org/mailman/listinfo/owasp-board
>>>>>> _______________________________________________
>>>>>> Owasp-board mailing list
>>>>>> Owasp-board at lists.owasp.org
>>>>>> https://lists.owasp.org/mailman/listinfo/owasp-board
>>>>> _______________________________________________
>>>>> Owasp-board mailing list
>>>>> Owasp-board at lists.owasp.org
>>>>> https://lists.owasp.org/mailman/listinfo/owasp-board
>>>  _______________________________________________
>> Owasp-board mailing list
>> Owasp-board at lists.owasp.org
>> https://lists.owasp.org/mailman/listinfo/owasp-board
> _______________________________________________
> Owasp-board mailing list
> Owasp-board at lists.owasp.org
> https://lists.owasp.org/mailman/listinfo/owasp-board
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/owasp-board/attachments/20150401/711609ca/attachment-0001.html>

More information about the Owasp-board mailing list