[Owasp-board] OWASP Summer Code Sprint Proposal

johanna curiel curiel johanna.curiel at owasp.org
Wed Apr 8 11:18:54 UTC 2015


I thought you were not interested in getting involved with this.

No, I have always been interested, I have always shown my collaboration and
interested and offered my help before this discussion.
I was discouraged at some point, that is something different. I don't
behave in my interest *only* but in the interest of the entire team. *Thats
why I propose the following:*

I think we still need to run a similar program, because we don't know if we
will ever get Google the next time, no guarantees. Therefore I propose a
program, for only for Flagships.

*Why?*
We preach that these projects get more benefits as stated in the OWASP
project book,they have shown their handwork, they deserve it.In that case I
think a special program, for flagships to get students to work during the
summer is a perfect case.

we have in total 8 Flagship projects (Code/Tools)
Tools [Reviewed September 2014]

   - OWASP Zed Attack Proxy
   <https://www.owasp.org/index.php/OWASP_Zed_Attack_Proxy_Project>==>
   Active
   - OWASP Web Testing Environment Project
   <https://www.owasp.org/index.php/OWASP_Web_Testing_Environment_Project>
   ==>Dormant
   - OWASP OWTF <https://www.owasp.org/index.php/OWASP_OWTF>==>Active
   - OWASP Dependency Check
   <https://www.owasp.org/index.php/OWASP_Dependency_Check>==>Active

Code [Reviewed November 2014]

   - OWASP ModSecurity Core Rule Set Project
   <https://www.owasp.org/index.php/Category:OWASP_ModSecurity_Core_Rule_Set_Project>
   ==>Active
   - OWASP CSRFGuard Project
   <https://www.owasp.org/index.php/Category:OWASP_CSRFGuard_Project>
   ==>Active
   - OWASP AppSensor Project
   <https://www.owasp.org/index.php/OWASP_AppSensor_Project>==>Active


All these projects have the opportunity to apply for 1 slot

6 projects are active, that makes 3000 x 6 = USD18,000
1 is dormant and is an image(not really a code project)

if everyone gets a student, one slot , there is no fights who deserve them,
no need for org decision teams, no discussions.

Again, they all can submit a student of their choice and substantiate why.
The projects are responsible for doing their midterm evaluation and we just
need to do 2 checks:

   - Substantiation of why the student was chosen
   - Submission proposals completed
   - Students have submitted  a Student Participation Agreement and submit
   their Proof of Enrollment forms.
   - Must be submitted by end of April
   - End of the program make sure the code has been place in an pen
   repository

We only need staff support for paying the students at 2 points:

   - During the midterm evaluation
   - at the end of the internship


*IF you vote for this plan, I'll personal help move this forward and make
sure that all Flagships are updated with this info, so they can go ahead a
place a submission.This is my proposal, everyone is welcome to help.*


Regards

Johanna


On Wed, Apr 8, 2015 at 1:47 AM, Konstantinos Papapanagiotou <
Konstantinos at owasp.org> wrote:

> Hopefully next year we might get selected again by GSOC so we might not
> need this program. Or we might choose to run it in ay case, taking care
> that it doesn't happen the same time as GSOC, if selected.
>
> Kostas
>
> On Wed, Apr 8, 2015 at 5:12 AM, Jim Manico <jim.manico at owasp.org> wrote:
>
>> I think this is fair input Kevin.
>>
>> What if we plan this year with the intention of making it a yearly
>> endeavor and roll it out in 2016? That way we are not rushing to spend
>> 30k and instead we do careful planning, get these funds formally in
>> the budget and then roll it out with more grace? I think that's better
>> for the foundation.
>>
>> Aloha,
>> --
>> Jim Manico
>> @Manicode
>> (808) 652-3805
>>
>> > On Apr 7, 2015, at 8:49 PM, Kevin W. Wall <kevin.w.wall at gmail.com>
>> wrote:
>> >
>> > On Tue, Apr 7, 2015 at 9:32 PM, johanna curiel curiel
>> > <johanna.curiel at owasp.org> wrote:
>> > [...snip...]
>> >> Just keep in mind
>> >>
>> >> Running this program is a lot of work
>> >> Submissions, proposals forms etc, the entire workflow
>> >> Do we have enough volunteers to run this show?
>> >>
>> >>
>> >> With all due respect to Kostas, this is not something he can run
>> alone. The
>> >> Gsoc is run by Google and we only do a small portion as organisation
>> admin
>> >> and Mentoring, compared to the entire program
>> >> Here is an entire administration, back office, payment, revision of
>> progress
>> >> etc..so lets be honest, can we run this with a small bunch of
>> volunteers?
>> >> Are these volunteers committed?
>> >> Most people do not have time, so lets be realistic, especially and
>> >> considering we also have a responsibility with this money
>> >
>> > All good points and I have seriously doubted whether OWASP would be
>> > unable to do all of the things necessary to pull this off at least for
>> THIS
>> > SUMMER. Time certainly is not something that is on our side.  I fear
>> > that all we are seeing with respect to the # of volunteer hours is but
>> > the tip of the iceberg and it as you say that we are missing the much
>> > bigger effort that goes on behind the scenes. If we had a whole year
>> > to prepare for this, then, yeah, we probably could pull it off, but with
>> > only a few months remaining until traditional summer break, I personally
>> > don't see it as very realistic expectations.
>> >
>> > I'll go crawl back under my rock again now and just sit back and watch,
>> > because I did not intend to participate as a GSoC (tor)mentor this
>> > yes so I will be sitting this out as well. However, I wish you all the
>> > best and applaud your good intentions.
>> >
>> > -kevin
>> > --
>> > Blog: http://off-the-wall-security.blogspot.com/
>> > NSA: All your crypto bit are belong to us.
>> > _______________________________________________
>> > Owasp-board mailing list
>> > Owasp-board at lists.owasp.org
>> > https://lists.owasp.org/mailman/listinfo/owasp-board
>> _______________________________________________
>> Owasp-board mailing list
>> Owasp-board at lists.owasp.org
>> https://lists.owasp.org/mailman/listinfo/owasp-board
>>
>
>
> _______________________________________________
> Owasp-board mailing list
> Owasp-board at lists.owasp.org
> https://lists.owasp.org/mailman/listinfo/owasp-board
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/owasp-board/attachments/20150408/0948e748/attachment.html>


More information about the Owasp-board mailing list