[Owasp-board] OWASP Summer Code Sprint Proposal

Abraham Aranguren abraham.aranguren at owasp.org
Mon Apr 6 23:13:20 UTC 2015


I think the approach Fabio describes is awesome and would work.

I agree that there is a conflict of interest if project leaders vote on
proposals unrelated to their project. In addition to that, project leaders
might not be aware of important specifics while they vote.
Examples:
- Last year there was a ZAP proposal that seemed average on the surface,
however, this was put together by a strong old ZAP contributor (2+ years),
I had no idea until Simon said that.
- Last year, there was a great proposal for OWTF that I knew was a
copy-paste from somebody else's proposal and down-ranked it flagging the
issue straightaway, pretty much nobody else would have known about this.

This is in part why project leaders should vote / be able to choose the
students they want, *on their own projects*, given a slot allocation.
Because we know more specifics about our own projects, we know the
contributors better, if that person really wrote that proposal, the quality
of their pull requests, etc.

If there is anything I can do to help out this excellent OWASP initiative
to move forward, please do let me know,

Thank you,

Abe

http://owtf.org


On Mon, Apr 6, 2015 at 11:33 PM, Fabio Cerullo <fcerullo at owasp.org> wrote:

> Jim,
>
> Please allow me to explain a submission process might work for everyone:
>
> 1) Student review the ideas suggested by mentors. For example, GSOC 2015
> Ideas: https://www.owasp.org/index.php/GSoC2015_Ideas
> 2) Based on those ideas, the students submit their own ideas/projects.
> Usually there are dozens of ideas submitted by students, some are good,
> some are poor, and some are completely new. The mentors are not involved at
> this stage other than answering questions to the students. There is a
> deadline for the students submission.
> 3) The 'project leaders/mentors team' are the ones who evaluate and pick
> the best students proposals because they know about their projects. In the
> past, we allowed all mentors to score all proposals and that is what caused
> an issue because some people ‘down voted’ other proposals to let their own
> proposals to score higher.
> 4) The 'org team' makes sure that there is no wrong doing by reviewing
> scores/etc. Last year, the issue above was identified by Kostas/staff and
> it was promptly addressed. An additional control that could be implemented,
> and we were hoping to implement this year at GSOC, is that no mentor could
> vote on other project proposals (e.g. ZAP mentors cannot down vote on OWTF
> proposals and viceversa). So that will bubble up naturally all the best
> proposals for each corresponding project based on scores from the project
> leaders/mentors.
> 5) Finally, the org team in conjunction with the project mentors team then
> decide how many slots each project will get.
>
> Does it sound fair?
>
> Fabio Cerullo
> Global Board Member
> OWASP Foundation
> https://www.owasp.org
>
> On 6 Apr 2015, at 20:07, Jim Manico <jim.manico at owasp.org> wrote:
>
> I suggest the mentors work with students to make great proposals and
> have a •different group vote on who wins•. The whole issue was mentors
> voting on projects and we should consider avoiding that if we
> replicate a similar program at OWASP.
>
> --
> Jim Manico
> @Manicode
> (808) 652-3805
>
> On Apr 6, 2015, at 10:04 AM, Fabio Cerullo <fcerullo at owasp.org> wrote:
>
> The ‘Mentors team’ will review/score the proposals and select the best
> ones with an oversight from the ‘Organisation Team’.
>
>
>
> _______________________________________________
> Owasp-board mailing list
> Owasp-board at lists.owasp.org
> https://lists.owasp.org/mailman/listinfo/owasp-board
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/owasp-board/attachments/20150407/de273858/attachment.html>


More information about the Owasp-board mailing list