[Owasp-board] OWASP Summer Code Sprint Proposal

Jim Manico jim.manico at owasp.org
Tue Apr 7 21:03:19 UTC 2015


+1 Thank you Paul.

- Jim

On 4/7/15 3:52 PM, Paul Ritchie wrote:
> Team:
>
> This thread is now over 70 comments long and its moved from strong 
> passion to get a project up & running......to strong passion about 
> each other's opinions on how to implement.  Strong opinions are a good 
> thing when focused on the issue, rather than the person....especially 
> in a volunteer community.
>
> And now....I'd like to see a new thread started with the project 
> criteria based on everyone's input, some schedule milestones & key 
> tasks, with a BLANK under the name for 'responsible party'.   Once 
> "the plan" looks good, we can add people's names to handle each 
> area....with the goal of technical competency balanced with 
> transparency and fairness. I think that is a 'winning' project plan 
> that will get approved for the funding request.
>
> I am happy to commit some of our staff resource to the project since 
> it directly aligns with OWASP 2015 Strategic Goals in areas of 
> Training and Developer engagement.
>
> Add my name to the list of people on the 'planning team' or task force 
> to help define & finalize the project criteria.
> Project Coordinator resumes are being evaluated now by a small team 
> from the community and we hope to have someone hired by end of month.
>
> I trust that this will help us move forward.
> Cheers Paul
>
> Best Regards, Paul Ritchie
> OWASP Interim Executive Director
> paul.ritchie at owasp.org <mailto:paul.ritchie at owasp.org>
>
>
> On Tue, Apr 7, 2015 at 1:11 PM, Konstantinos Papapanagiotou 
> <Konstantinos at owasp.org <mailto:Konstantinos at owasp.org>> wrote:
>
>     All,
>
>     I'd like to help but before that I'd like to be 100% certain that
>     there is no CoI if hackademic participates in the same sense it
>     participated in last year's GSOC.
>
>     Kostas
>
>     On Tue, Apr 7, 2015 at 7:31 PM, psiinon <psiinon at gmail.com
>     <mailto:psiinon at gmail.com>> wrote:
>
>         If it come to a vote then I'd be very happy to back Kostas.
>         I think he did an excellent job with GSoC.
>
>         Simon
>
>         On Tue, Apr 7, 2015 at 5:26 PM, Fabio Cerullo
>         <fcerullo at owasp.org <mailto:fcerullo at owasp.org>> wrote:
>
>             Johanna
>
>             Anybody is welcome to participate and don’t like to
>             establish rules about ‘who’ should be participating as the
>             ones you are suggesting.
>
>             As mentioned earlier, I trust Kostas to do a great job and
>             you are also welcome to participate in the org team /
>             project mentor teams.
>
>             Having said that, I will progress with the project
>             proposal working with him which to my view is transparent
>             and open to everyone.
>
>             If someone from the Global Board disagrees, please let me
>             know. Otherwise I will seek budget approval for this to
>             move ahead.
>
>             Thanks,
>
>             Fabio Cerullo
>             Global Board Member
>             OWASP Foundation
>             https://www.owasp.org
>
>>             On 7 Apr 2015, at 16:01, johanna curiel curiel
>>             <johanna.curiel at owasp.org
>>             <mailto:johanna.curiel at owasp.org>> wrote:
>>
>>             I would definitely support Kostas as overall program
>>             admin in case he is interested. Do you agree?
>>
>>             I think this should be submitted to a
>>             vote, especially depending if Kostas wants to mentor a
>>             project or if hackademics is also participating
>>
>>             On Tue, Apr 7, 2015 at 10:56 AM, Fabio Cerullo
>>             <fcerullo at owasp.org <mailto:fcerullo at owasp.org>> wrote:
>>
>>                 I think the 2 mentors per student slot makes sense.
>>                 In case one of the mentors get sick, etc.
>>
>>                 Based on the feedback received and the iterations so
>>                 far, it seems we have a strong proposal to put up for
>>                 voting.
>>
>>                 I would definitely support Kostas as overall program
>>                 admin in case he is interested. Do you agree?
>>
>>                 Thanks,
>>
>>                 Fabio Cerullo
>>                 Global Board Member
>>                 OWASP Foundation
>>                 https://www.owasp.org <https://www.owasp.org/>
>>
>>>                 On 7 Apr 2015, at 15:46, johanna curiel curiel
>>>                 <johanna.curiel at owasp.org
>>>                 <mailto:johanna.curiel at owasp.org>> wrote:
>>>
>>>                 What do you think? I don’t have time to setup the
>>>                 wiki, etc at present but would welcome your help.
>>>
>>>                 I think the rules based on stages seems quite fair
>>>                 to me, however, that is my opinion ;-), another
>>>                 important criteria should be how many mentors are
>>>                 available per project to provide guidance. I think 1
>>>                 project leader per student should be the minimum
>>>                 (Google uses 2 mentors per project/proposal)
>>>
>>>                 Also it should be clear , in case a mentor is not
>>>                 able to followup or continue with mentoring what
>>>                 should be done and who should follow up this (the
>>>                 org team), therefore , when volunteers want to be
>>>                 part of the program(whether org team/mentor) they
>>>                 must know their responsibilities, after all ,
>>>                 we don't want to waste money well intended.
>>>
>>>                 Fabio, if you have no time to set the wiki, someone
>>>                 must take the lead to do this, based on what you
>>>                 have proposed, it seems to me that the
>>>                 person responsible or in-charge of the program
>>>                 should do this. Is it clear who is this person?
>>>                 (will it be Kostas? other ones?)
>>>
>>>                 When i take an initiative, I have always followed
>>>                 these steps (wiki-proposal, publish info, get
>>>                 reactions/adapt) so it is as much transparent as I
>>>                 can do. It is a lot of work but this is part of
>>>                 our responsibilities when managing these kind of
>>>                 initiatives.
>>>
>>>                 regards
>>>
>>>                 Johanna
>>>
>>>                 On Tue, Apr 7, 2015 at 10:37 AM, Fabio Cerullo
>>>                 <fcerullo at owasp.org <mailto:fcerullo at owasp.org>> wrote:
>>>
>>>                     Johanna,
>>>
>>>                     Thanks for asking.
>>>
>>>                     I thought about the slot allocation and maybe
>>>                     the criteria is the ‘maturity’ of the project.
>>>
>>>                     https://www.owasp.org/index.php/OWASP_Project_Stages
>>>
>>>                     So, based on the project current status:
>>>                     Incubator, Lab, Flagship it is decided the max
>>>                     amount of slots.
>>>
>>>                     Flagship: Max 3 slots
>>>                     Lab: Max 2 slots
>>>                     Incubator: Max 1 slot
>>>
>>>                     What do you think? I don’t have time to setup
>>>                     the wiki, etc at present but would welcome your
>>>                     help.
>>>
>>>                     Thanks,
>>>
>>>                     Fabio Cerullo
>>>                     Global Board Member
>>>                     OWASP Foundation
>>>                     https://www.owasp.org <https://www.owasp.org/>
>>>
>>>>                     On 7 Apr 2015, at 15:24, johanna curiel curiel
>>>>                     <johanna.curiel at owasp.org
>>>>                     <mailto:johanna.curiel at owasp.org>> wrote:
>>>>
>>>>                     5) Finally, the org team in conjunction with
>>>>                     the project mentors team then decide how many
>>>>                     slots each project will get.
>>>>
>>>>                     I think , in order to avoid any conflict of
>>>>                     interest, the org team members should be an
>>>>                     independent member with no ties to any of
>>>>                     the participating projects
>>>>
>>>>                     So I would like to formally request a budget of
>>>>                     USD 30K (3K per slot with a max of 10 slots) to
>>>>                     move ahead with this process.
>>>>
>>>>                     A clear criteria should exist before any
>>>>                     approvals are exercised.
>>>>                     The board should ask :
>>>>                     /Do we have clear criteria for this program?/
>>>>                     In my opinion, no, just a bunch of emails.
>>>>
>>>>                     /Has it been openly defined for all potential
>>>>                     participating members and project leaders?/
>>>>                     No, it should be published on a Wiki and send
>>>>                     through the community /owasp-leaders list for
>>>>                     people to comment and agree. At least a clear
>>>>                     proposal should be setup and published.
>>>>
>>>>                     After this process then I think we could go
>>>>                     ahead and approve, because its clear what are
>>>>                     the rules for participation. There are still
>>>>                     some issues that I see as potential conflicts
>>>>                     such as /for example/:
>>>>
>>>>                       * How many slots can a project get?
>>>>                       * Should a project get more slots than others?
>>>>                       * Based on what /exact/  criteria should we
>>>>                         provide slots?
>>>>                       * Should the org team have tights (such as
>>>>                         being an active volunteer) to the
>>>>                         participating project(this can be conflict
>>>>                         of interest)
>>>>
>>>>
>>>>
>>>>                     regards
>>>>
>>>>                     Johanna
>>>>
>>>>
>>>>
>>>>                     On Tue, Apr 7, 2015 at 9:28 AM, Fabio Cerullo
>>>>                     <fcerullo at owasp.org
>>>>                     <mailto:fcerullo at owasp.org>> wrote:
>>>>
>>>>                         Tobias,
>>>>
>>>>                         Thanks for your comments.
>>>>
>>>>                         I think an escalation procedure on step #5
>>>>                         is in order in case there is a disagreement
>>>>                         between the org team and the project
>>>>                         mentors team about slots.
>>>>
>>>>                         So I would like to formally request a
>>>>                         budget of USD 30K (3K per slot with a max
>>>>                         of 10 slots) to move ahead with this process.
>>>>
>>>>                         I will appreciate the support from fellow
>>>>                         Board members to make this happen.
>>>>
>>>>                         Thanks,
>>>>
>>>>                         Fabio Cerullo
>>>>                         Global Board Member
>>>>                         OWASP Foundation
>>>>                         https://www.owasp.org <https://www.owasp.org/>
>>>>
>>>>>                         On 7 Apr 2015, at 13:49, Tobias
>>>>>                         <tobias.gondrom at owasp.org
>>>>>                         <mailto:tobias.gondrom at owasp.org>> wrote:
>>>>>
>>>>>                         Sounds fair to me.
>>>>>
>>>>>                         With one suggested addition: if there is
>>>>>                         disagreement in step #5, I like to see
>>>>>                         this reported to the org team / board /
>>>>>                         community for resolution without conflict
>>>>>                         of interest.
>>>>>                         If the teams agree with the resolution of
>>>>>                         step #5, I am happy and favour to go
>>>>>                         ahead. If there is serious disagreement, I
>>>>>                         like to hear about it.
>>>>>
>>>>>                         Best, Tobias
>>>>>
>>>>>
>>>>>                         On 07/04/15 05:33, Fabio Cerullo wrote:
>>>>>>                         Jim,
>>>>>>
>>>>>>                         Please allow me to explain a submission
>>>>>>                         process might work for everyone:
>>>>>>
>>>>>>                         1) Student review the ideas suggested by
>>>>>>                         mentors. For example, GSOC 2015 Ideas:
>>>>>>                         https://www.owasp.org/index.php/GSoC2015_Ideas
>>>>>>                         2) Based on those ideas, the students
>>>>>>                         submit their own ideas/projects. Usually
>>>>>>                         there are dozens of ideas submitted by
>>>>>>                         students, some are good, some are poor,
>>>>>>                         and some are completely new. The mentors
>>>>>>                         are not involved at this stage other than
>>>>>>                         answering questions to the students.
>>>>>>                         There is a deadline for the students
>>>>>>                         submission.
>>>>>>                         3) The 'project leaders/mentors team' are
>>>>>>                         the ones who evaluate and pick the best
>>>>>>                         students proposals because they know
>>>>>>                         about their projects. In the past, we
>>>>>>                         allowed all mentors to score all
>>>>>>                         proposals and that is what caused an
>>>>>>                         issue because some people ‘down voted’
>>>>>>                         other proposals to let their own
>>>>>>                         proposals to score higher.
>>>>>>                         4) The 'org team' makes sure that there
>>>>>>                         is no wrong doing by reviewing
>>>>>>                         scores/etc. Last year, the issue above
>>>>>>                         was identified by Kostas/staff and it was
>>>>>>                         promptly addressed. An additional control
>>>>>>                         that could be implemented, and we were
>>>>>>                         hoping to implement this year at GSOC, is
>>>>>>                         that no mentor could vote on other
>>>>>>                         project proposals (e.g. ZAP mentors
>>>>>>                         cannot down vote on OWTF proposals and
>>>>>>                         viceversa). So that will bubble up
>>>>>>                         naturally all the best proposals for each
>>>>>>                         corresponding project based on scores
>>>>>>                         from the project leaders/mentors.
>>>>>>                         5) Finally, the org team in conjunction
>>>>>>                         with the project mentors team then decide
>>>>>>                         how many slots each project will get.
>>>>>>
>>>>>>                         Does it sound fair?
>>>>>>
>>>>>>                         Fabio Cerullo
>>>>>>                         Global Board Member
>>>>>>                         OWASP Foundation
>>>>>>                         https://www.owasp.org
>>>>>>                         <https://www.owasp.org/>
>>>>>>
>>>>>>>                         On 6 Apr 2015, at 20:07, Jim Manico
>>>>>>>                         <jim.manico at owasp.org
>>>>>>>                         <mailto:jim.manico at owasp.org>> wrote:
>>>>>>>
>>>>>>>                         I suggest the mentors work with students
>>>>>>>                         to make great proposals and
>>>>>>>                         have a •different group vote on who
>>>>>>>                         wins•. The whole issue was mentors
>>>>>>>                         voting on projects and we should
>>>>>>>                         consider avoiding that if we
>>>>>>>                         replicate a similar program at OWASP.
>>>>>>>
>>>>>>>                         --
>>>>>>>                         Jim Manico
>>>>>>>                         @Manicode
>>>>>>>                         (808) 652-3805 <tel:%28808%29%20652-3805>
>>>>>>>
>>>>>>>>                         On Apr 6, 2015, at 10:04 AM, Fabio
>>>>>>>>                         Cerullo <fcerullo at owasp.org
>>>>>>>>                         <mailto:fcerullo at owasp.org>> wrote:
>>>>>>>>
>>>>>>>>                         The ‘Mentors team’ will review/score
>>>>>>>>                         the proposals and select the best ones
>>>>>>>>                         with an oversight from the
>>>>>>>>                         ‘Organisation Team’.
>>>>>>
>>>>>>
>>>>>>
>>>>>>                         _______________________________________________
>>>>>>                         Owasp-board mailing list
>>>>>>                         Owasp-board at lists.owasp.org  <mailto:Owasp-board at lists.owasp.org>
>>>>>>                         https://lists.owasp.org/mailman/listinfo/owasp-board
>>>>>
>>>>
>>>>
>>>>                         _______________________________________________
>>>>                         Owasp-board mailing list
>>>>                         Owasp-board at lists.owasp.org
>>>>                         <mailto:Owasp-board at lists.owasp.org>
>>>>                         https://lists.owasp.org/mailman/listinfo/owasp-board
>>>>
>>>>
>>>
>>>
>>
>>
>
>
>             _______________________________________________
>             Owasp-board mailing list
>             Owasp-board at lists.owasp.org
>             <mailto:Owasp-board at lists.owasp.org>
>             https://lists.owasp.org/mailman/listinfo/owasp-board
>
>
>
>
>         -- 
>         OWASP ZAP <https://www.owasp.org/index.php/ZAP> Project leader
>
>         _______________________________________________
>         Owasp-board mailing list
>         Owasp-board at lists.owasp.org <mailto:Owasp-board at lists.owasp.org>
>         https://lists.owasp.org/mailman/listinfo/owasp-board
>
>
>
>     _______________________________________________
>     Owasp-board mailing list
>     Owasp-board at lists.owasp.org <mailto:Owasp-board at lists.owasp.org>
>     https://lists.owasp.org/mailman/listinfo/owasp-board
>
>
>
>
> _______________________________________________
> Owasp-board mailing list
> Owasp-board at lists.owasp.org
> https://lists.owasp.org/mailman/listinfo/owasp-board

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/owasp-board/attachments/20150407/e2a69e14/attachment-0001.html>


More information about the Owasp-board mailing list