[Owasp-board] OWASP Summer Code Sprint Proposal

johanna curiel curiel johanna.curiel at owasp.org
Wed Apr 8 01:32:52 UTC 2015


Ideally, it would be better to have OWASP volunteers who are
not associated with ANY of the projects and completely neutral, but I
think you may be lacking for volunteers if that is the approach taken.)

Indeed

This is a situation that could happen:
IF we have 10 slots only available and 30 projects have chosen their
candidates,
3 projects are Flaghsip so they have the right for 3 slots
So 3x3 = 9
Then we can finance only 3 projects and the rest , just 1?
What about if we have 5 Flagship projects with 3 proposals each one
fighting for a slot?

In order to decide which project get the final slots it must be an
intervention as a Organization Admin for neutrality

I have setup a draft, and lets try to be fair
We don't want to end up financing 30K for 3 projects meaning 10K for each
one,
If they deserve it, fine, but I think the best is to limit the slots to 2
for flagship

More on the proposal read here:
https://www.owasp.org/index.php/Proposal_OWASP_SummerofCode_2015

Just keep in mind


   - Running this program is a lot of work
   - Submissions, proposals forms etc, the entire workflow
   - *Do we have enough volunteers to run this show?*


With all due respect to Kostas, this is not something he can run alone. The
Gsoc is run by Google and we only do a small portion as organisation admin
and Mentoring, compared to the entire program
Here is an entire administration, back office, payment, revision of
progress etc..so lets be honest, can we run this with a small bunch of
volunteers?
Are these volunteers committed?
Most people do not have time, so lets be realistic, especially and
considering we also have a responsibility with this money


regards

Johanna


On Tue, Apr 7, 2015 at 8:56 PM, Kevin W. Wall <kevin.w.wall at gmail.com>
wrote:

> Johanna,
>
> On Tue, Apr 7, 2015 at 4:34 PM, you wrote:
> > I don't see a problem  Kostas doing the work such as setting the wiki,
> > etc...He can go ahead if he wants to.
> > What we must address is :
> > What kind of role is Kostas taking? I see no issues he doing
> administrative
> > work , what we need to separate here is his role
> >
> > Will Kostas have the role of a mentor, or part of the org team decision
> > maker?
> >  If mentor, that means he should not have any decision part in who gets
> > slots (especially if hackademics will be participating in the program),
>
> I'm sorry. Perhaps I am misunderstanding Fabio's post to this list
> addressed
> specifically to Jim proposing a new process to follow. For step #3, Fabio
> stated:
>     3) The 'project leaders/mentors team' are the ones who evaluate and
> pick
>        the best students proposals because they know about their projects.
> In
>        the past, we allowed all mentors to score all proposals and that is
>        what caused an issue because some people ‘down voted’ other
> proposals
>        to let their own proposals to score higher.
>
> Now, while Fabio did not explicitly state this, I thought that the
> implications here were that 'project leaders / mentors' could ONLY
> vote for student proposals for THEIR OWN project. If we restrict
> people from volunteering to mentor more than one project (or at least,
> to voting on only one project), I fail to see how if Kostas has a
> mentor role for Hackademics and he can ONLY vote for Hacakademics
> proposals how that can be a potential conflict of interest. I mean,
> isn't it fair that he can downgrade some proposals for his OWN project
> as long as he cannot do that to other projects?
>
> Like I said, maybe I am misunderstanding something of Fabio's intent or
> reading something between the lines that isn't there, but I thought that
> avoiding the potential conflict of interest of certain individuals
> downgrading
> other projects in order to boost ones they were interested was the very
> reason Fabio suggested this step.
>
> > If org team decision maker (decision making who gets the slots),
> hackademics
> > should not participating as project
> >
> > and off course Hackademics can participate but he cannot be part of the
> Org
> > team (decision makers), simple as that
> >
> If the selection process never goes beyond the 'project leader / mentor'
> level, then I would contend that their is no potential conflict of interest
> here. (That is, if there is a unanimous consensus of everyone at the
> 'project leader / mentor' team level, then there are no disputes, right?)
>
> If that is not the case--any it is likely that it won't be--
> then I think that one way to reduce the potential conflict for org
> team decision makers is to have one representative from each contending
> project. (Ideally, it would be better to have OWASP volunteers who are
> not associated with ANY of the projects and completely neutral, but I
> think you may be lacking for volunteers if that is the approach taken.)
> As long as you have a "majority rules" or some other specifically
> *pre-agreed* to plan for resolving conflicts and choosing ties amongst
> the participating projects, then I think you will have eliminated any
> conflict of interest as much as humanly possible...especially
> if Tobias and the board is willing to step in and act as the final
> mediator.
>
> Just my $.02,
> -kevin
> --
> Blog: http://off-the-wall-security.blogspot.com/
> NSA: All your crypto bit are belong to us.
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/owasp-board/attachments/20150407/7877dc5f/attachment.html>


More information about the Owasp-board mailing list