[Owasp-board] OWASP Summer Code Sprint Proposal

Konstantinos Papapanagiotou Konstantinos at owasp.org
Wed Apr 8 05:40:20 UTC 2015


I thought you were not interested in getting involved with this. Now it
seems you are.
I think Paul's proposal was clear and in fact it was what we did during the
first years of GSOC: one "independent" org admin/board member and one


On Wed, Apr 8, 2015 at 4:32 AM, johanna curiel curiel <
johanna.curiel at owasp.org> wrote:

> Ideally, it would be better to have OWASP volunteers who are
> not associated with ANY of the projects and completely neutral, but I
> think you may be lacking for volunteers if that is the approach taken.)
> Indeed
> This is a situation that could happen:
> IF we have 10 slots only available and 30 projects have chosen their
> candidates,
> 3 projects are Flaghsip so they have the right for 3 slots
> So 3x3 = 9
> Then we can finance only 3 projects and the rest , just 1?
> What about if we have 5 Flagship projects with 3 proposals each one
> fighting for a slot?
> In order to decide which project get the final slots it must be an
> intervention as a Organization Admin for neutrality
> I have setup a draft, and lets try to be fair
> We don't want to end up financing 30K for 3 projects meaning 10K for each
> one,
> If they deserve it, fine, but I think the best is to limit the slots to 2
> for flagship
> More on the proposal read here:
> https://www.owasp.org/index.php/Proposal_OWASP_SummerofCode_2015
> Just keep in mind
>    - Running this program is a lot of work
>    - Submissions, proposals forms etc, the entire workflow
>    - *Do we have enough volunteers to run this show?*
> With all due respect to Kostas, this is not something he can run alone.
> The Gsoc is run by Google and we only do a small portion as organisation
> admin and Mentoring, compared to the entire program
> Here is an entire administration, back office, payment, revision of
> progress etc..so lets be honest, can we run this with a small bunch of
> volunteers?
> Are these volunteers committed?
> Most people do not have time, so lets be realistic, especially and
> considering we also have a responsibility with this money
> regards
> Johanna
> On Tue, Apr 7, 2015 at 8:56 PM, Kevin W. Wall <kevin.w.wall at gmail.com>
> wrote:
>> Johanna,
>> On Tue, Apr 7, 2015 at 4:34 PM, you wrote:
>> > I don't see a problem  Kostas doing the work such as setting the wiki,
>> > etc...He can go ahead if he wants to.
>> > What we must address is :
>> > What kind of role is Kostas taking? I see no issues he doing
>> administrative
>> > work , what we need to separate here is his role
>> >
>> > Will Kostas have the role of a mentor, or part of the org team decision
>> > maker?
>> >  If mentor, that means he should not have any decision part in who gets
>> > slots (especially if hackademics will be participating in the program),
>> I'm sorry. Perhaps I am misunderstanding Fabio's post to this list
>> addressed
>> specifically to Jim proposing a new process to follow. For step #3, Fabio
>> stated:
>>     3) The 'project leaders/mentors team' are the ones who evaluate and
>> pick
>>        the best students proposals because they know about their
>> projects. In
>>        the past, we allowed all mentors to score all proposals and that is
>>        what caused an issue because some people ‘down voted’ other
>> proposals
>>        to let their own proposals to score higher.
>> Now, while Fabio did not explicitly state this, I thought that the
>> implications here were that 'project leaders / mentors' could ONLY
>> vote for student proposals for THEIR OWN project. If we restrict
>> people from volunteering to mentor more than one project (or at least,
>> to voting on only one project), I fail to see how if Kostas has a
>> mentor role for Hackademics and he can ONLY vote for Hacakademics
>> proposals how that can be a potential conflict of interest. I mean,
>> isn't it fair that he can downgrade some proposals for his OWN project
>> as long as he cannot do that to other projects?
>> Like I said, maybe I am misunderstanding something of Fabio's intent or
>> reading something between the lines that isn't there, but I thought that
>> avoiding the potential conflict of interest of certain individuals
>> downgrading
>> other projects in order to boost ones they were interested was the very
>> reason Fabio suggested this step.
>> > If org team decision maker (decision making who gets the slots),
>> hackademics
>> > should not participating as project
>> >
>> > and off course Hackademics can participate but he cannot be part of the
>> Org
>> > team (decision makers), simple as that
>> >
>> If the selection process never goes beyond the 'project leader / mentor'
>> level, then I would contend that their is no potential conflict of
>> interest
>> here. (That is, if there is a unanimous consensus of everyone at the
>> 'project leader / mentor' team level, then there are no disputes, right?)
>> If that is not the case--any it is likely that it won't be--
>> then I think that one way to reduce the potential conflict for org
>> team decision makers is to have one representative from each contending
>> project. (Ideally, it would be better to have OWASP volunteers who are
>> not associated with ANY of the projects and completely neutral, but I
>> think you may be lacking for volunteers if that is the approach taken.)
>> As long as you have a "majority rules" or some other specifically
>> *pre-agreed* to plan for resolving conflicts and choosing ties amongst
>> the participating projects, then I think you will have eliminated any
>> conflict of interest as much as humanly possible...especially
>> if Tobias and the board is willing to step in and act as the final
>> mediator.
>> Just my $.02,
>> -kevin
>> --
>> Blog: http://off-the-wall-security.blogspot.com/
>> NSA: All your crypto bit are belong to us.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/owasp-board/attachments/20150408/5ac832d2/attachment.html>

More information about the Owasp-board mailing list