[Owasp-board] OWASP Summer Code Sprint Proposal

Kevin W. Wall kevin.w.wall at gmail.com
Wed Apr 8 00:56:57 UTC 2015


Johanna,

On Tue, Apr 7, 2015 at 4:34 PM, you wrote:
> I don't see a problem  Kostas doing the work such as setting the wiki,
> etc...He can go ahead if he wants to.
> What we must address is :
> What kind of role is Kostas taking? I see no issues he doing administrative
> work , what we need to separate here is his role
>
> Will Kostas have the role of a mentor, or part of the org team decision
> maker?
>  If mentor, that means he should not have any decision part in who gets
> slots (especially if hackademics will be participating in the program),

I'm sorry. Perhaps I am misunderstanding Fabio's post to this list addressed
specifically to Jim proposing a new process to follow. For step #3, Fabio
stated:
    3) The 'project leaders/mentors team' are the ones who evaluate and pick
       the best students proposals because they know about their projects. In
       the past, we allowed all mentors to score all proposals and that is
       what caused an issue because some people ‘down voted’ other proposals
       to let their own proposals to score higher.

Now, while Fabio did not explicitly state this, I thought that the
implications here were that 'project leaders / mentors' could ONLY
vote for student proposals for THEIR OWN project. If we restrict
people from volunteering to mentor more than one project (or at least,
to voting on only one project), I fail to see how if Kostas has a
mentor role for Hackademics and he can ONLY vote for Hacakademics
proposals how that can be a potential conflict of interest. I mean,
isn't it fair that he can downgrade some proposals for his OWN project
as long as he cannot do that to other projects?

Like I said, maybe I am misunderstanding something of Fabio's intent or
reading something between the lines that isn't there, but I thought that
avoiding the potential conflict of interest of certain individuals downgrading
other projects in order to boost ones they were interested was the very
reason Fabio suggested this step.

> If org team decision maker (decision making who gets the slots), hackademics
> should not participating as project
>
> and off course Hackademics can participate but he cannot be part of the Org
> team (decision makers), simple as that
>
If the selection process never goes beyond the 'project leader / mentor'
level, then I would contend that their is no potential conflict of interest
here. (That is, if there is a unanimous consensus of everyone at the
'project leader / mentor' team level, then there are no disputes, right?)

If that is not the case--any it is likely that it won't be--
then I think that one way to reduce the potential conflict for org
team decision makers is to have one representative from each contending
project. (Ideally, it would be better to have OWASP volunteers who are
not associated with ANY of the projects and completely neutral, but I
think you may be lacking for volunteers if that is the approach taken.)
As long as you have a "majority rules" or some other specifically
*pre-agreed* to plan for resolving conflicts and choosing ties amongst
the participating projects, then I think you will have eliminated any
conflict of interest as much as humanly possible...especially
if Tobias and the board is willing to step in and act as the final
mediator.

Just my $.02,
-kevin
-- 
Blog: http://off-the-wall-security.blogspot.com/
NSA: All your crypto bit are belong to us.


More information about the Owasp-board mailing list