[Owasp-board] OWASP Summer Code Sprint Proposal

johanna curiel curiel johanna.curiel at owasp.org
Tue Apr 7 15:01:56 UTC 2015


I would definitely support Kostas as overall program admin in case he is
interested. Do you agree?

I think this should be submitted to a vote, especially depending if Kostas
wants to mentor a project or if hackademics is also participating

On Tue, Apr 7, 2015 at 10:56 AM, Fabio Cerullo <fcerullo at owasp.org> wrote:

> I think the 2 mentors per student slot makes sense. In case one of the
> mentors get sick, etc.
>
> Based on the feedback received and the iterations so far, it seems we have
> a strong proposal to put up for voting.
>
> I would definitely support Kostas as overall program admin in case he is
> interested. Do you agree?
>
> Thanks,
>
> Fabio Cerullo
> Global Board Member
> OWASP Foundation
> https://www.owasp.org
>
> On 7 Apr 2015, at 15:46, johanna curiel curiel <johanna.curiel at owasp.org>
> wrote:
>
> What do you think? I don’t have time to setup the wiki, etc at present but
> would welcome your help.
>
> I think the rules based on stages seems quite fair to me, however, that is
> my opinion ;-), another important criteria should be how many mentors are
> available per project to provide guidance. I think 1 project leader per
> student should be the minimum (Google uses 2 mentors per project/proposal)
>
> Also it should be clear , in case a mentor is not able to followup or
> continue with mentoring what should be done and who should follow up this
> (the org team), therefore , when volunteers want to be part of the
> program(whether org team/mentor) they must know their responsibilities,
> after all , we don't want to waste money well intended.
>
> Fabio, if you have no time to set the wiki, someone must take the lead to
> do this, based on what you have proposed, it seems to me that the
> person responsible or in-charge of the program should do this. Is it clear
> who is this person? (will it be Kostas? other ones?)
>
> When i take an initiative, I have always followed these steps
> (wiki-proposal, publish info, get reactions/adapt) so it is as much
> transparent as I can do. It is a lot of work but this is part of
> our responsibilities when managing these kind of initiatives.
>
> regards
>
> Johanna
>
> On Tue, Apr 7, 2015 at 10:37 AM, Fabio Cerullo <fcerullo at owasp.org> wrote:
>
>> Johanna,
>>
>> Thanks for asking.
>>
>> I thought about the slot allocation and maybe the criteria is the
>> ‘maturity’ of the project.
>>
>> https://www.owasp.org/index.php/OWASP_Project_Stages
>>
>> So, based on the project current status: Incubator, Lab, Flagship it is
>> decided the max amount of slots.
>>
>> Flagship: Max 3 slots
>> Lab: Max 2 slots
>> Incubator: Max 1 slot
>>
>> What do you think? I don’t have time to setup the wiki, etc at present
>> but would welcome your help.
>>
>> Thanks,
>>
>> Fabio Cerullo
>> Global Board Member
>> OWASP Foundation
>> https://www.owasp.org
>>
>> On 7 Apr 2015, at 15:24, johanna curiel curiel <johanna.curiel at owasp.org>
>> wrote:
>>
>> 5) Finally, the org team in conjunction with the project mentors team
>> then decide how many slots each project will get.
>>
>> I think , in order to avoid any conflict of interest, the org team
>> members should be an independent member with no ties to any of
>> the participating projects
>>
>> So I would like to formally request a budget of USD 30K (3K per slot with
>> a max of 10 slots) to move ahead with this process.
>>
>> A clear criteria should exist before any approvals are exercised.
>> The board should ask :
>> *Do we have clear criteria for this program?*
>> In my opinion, no, just a bunch of emails.
>>
>> *Has it been openly defined for all potential participating members and
>> project leaders?*
>> No, it should be published on a Wiki and send through the community
>> /owasp-leaders list for people to comment and agree. At least a clear
>> proposal should be setup and published.
>>
>> After this process then I think we could go ahead and approve, because
>> its clear what are the rules for participation. There are still some
>> issues that I see as potential conflicts such as *for example*:
>>
>>    - How many slots can a project get?
>>    - Should a project get more slots than others?
>>    - Based on what *exact*  criteria should we provide slots?
>>    - Should the org team have tights (such as being an active volunteer)
>>    to the participating project(this can be conflict of interest)
>>
>>
>>
>> regards
>>
>> Johanna
>>
>>
>>
>> On Tue, Apr 7, 2015 at 9:28 AM, Fabio Cerullo <fcerullo at owasp.org> wrote:
>>
>>> Tobias,
>>>
>>> Thanks for your comments.
>>>
>>> I think an escalation procedure on step #5 is in order in case there is
>>> a disagreement between the org team and the project mentors team about
>>> slots.
>>>
>>> So I would like to formally request a budget of USD 30K (3K per slot
>>> with a max of 10 slots) to move ahead with this process.
>>>
>>> I will appreciate the support from fellow Board members to make this
>>> happen.
>>>
>>> Thanks,
>>>
>>> Fabio Cerullo
>>> Global Board Member
>>> OWASP Foundation
>>> https://www.owasp.org
>>>
>>> On 7 Apr 2015, at 13:49, Tobias <tobias.gondrom at owasp.org> wrote:
>>>
>>>  Sounds fair to me.
>>>
>>> With one suggested addition: if there is disagreement in step #5, I like
>>> to see this reported to the org team / board / community for resolution
>>> without conflict of interest.
>>> If the teams agree with the resolution of step #5, I am happy and favour
>>> to go ahead. If there is serious disagreement, I like to hear about it.
>>>
>>> Best, Tobias
>>>
>>>
>>> On 07/04/15 05:33, Fabio Cerullo wrote:
>>>
>>> Jim,
>>>
>>>  Please allow me to explain a submission process might work for
>>> everyone:
>>>
>>>  1) Student review the ideas suggested by mentors. For example, GSOC
>>> 2015 Ideas: https://www.owasp.org/index.php/GSoC2015_Ideas
>>> 2) Based on those ideas, the students submit their own ideas/projects.
>>> Usually there are dozens of ideas submitted by students, some are good,
>>> some are poor, and some are completely new. The mentors are not involved at
>>> this stage other than answering questions to the students. There is a
>>> deadline for the students submission.
>>> 3) The 'project leaders/mentors team' are the ones who evaluate and pick
>>> the best students proposals because they know about their projects. In the
>>> past, we allowed all mentors to score all proposals and that is what caused
>>> an issue because some people ‘down voted’ other proposals to let their own
>>> proposals to score higher.
>>> 4) The 'org team' makes sure that there is no wrong doing by reviewing
>>> scores/etc. Last year, the issue above was identified by Kostas/staff and
>>> it was promptly addressed. An additional control that could be implemented,
>>> and we were hoping to implement this year at GSOC, is that no mentor could
>>> vote on other project proposals (e.g. ZAP mentors cannot down vote on OWTF
>>> proposals and viceversa). So that will bubble up naturally all the best
>>> proposals for each corresponding project based on scores from the project
>>> leaders/mentors.
>>> 5) Finally, the org team in conjunction with the project mentors team
>>> then decide how many slots each project will get.
>>>
>>>  Does it sound fair?
>>>
>>>  Fabio Cerullo
>>> Global Board Member
>>> OWASP Foundation
>>> https://www.owasp.org
>>>
>>>  On 6 Apr 2015, at 20:07, Jim Manico <jim.manico at owasp.org> wrote:
>>>
>>> I suggest the mentors work with students to make great proposals and
>>> have a •different group vote on who wins•. The whole issue was mentors
>>> voting on projects and we should consider avoiding that if we
>>> replicate a similar program at OWASP.
>>>
>>> --
>>> Jim Manico
>>> @Manicode
>>> (808) 652-3805
>>>
>>> On Apr 6, 2015, at 10:04 AM, Fabio Cerullo <fcerullo at owasp.org> wrote:
>>>
>>> The ‘Mentors team’ will review/score the proposals and select the best
>>> ones with an oversight from the ‘Organisation Team’.
>>>
>>>
>>>
>>>
>>> _______________________________________________
>>> Owasp-board mailing listOwasp-board at lists.owasp.orghttps://lists.owasp.org/mailman/listinfo/owasp-board
>>>
>>>
>>>
>>>
>>> _______________________________________________
>>> Owasp-board mailing list
>>> Owasp-board at lists.owasp.org
>>> https://lists.owasp.org/mailman/listinfo/owasp-board
>>>
>>>
>>
>>
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/owasp-board/attachments/20150407/67a68f1d/attachment.html>


More information about the Owasp-board mailing list