[Owasp-board] OWASP Summer Code Sprint Proposal

Konstantinos Papapanagiotou Konstantinos at owasp.org
Wed Apr 8 11:31:01 UTC 2015


I'm sorry but I cannot support this. Flagship projects are already
advanced, stable projects with a lot of development effort behind them and
a large team of volunteers to support them. Yes, as an organization we
should award them but at the same time and maybe even more importantly we
should help smaller and not so advanced projects by giving them a chance to
get some work done and also provide visibility. This is why this should be
open to all projects.

Kostas


On Wednesday, April 8, 2015, johanna curiel curiel <johanna.curiel at owasp.org>
wrote:

> I thought you were not interested in getting involved with this.
>
> No, I have always been interested, I have always shown my collaboration
> and interested and offered my help before this discussion.
> I was discouraged at some point, that is something different. I don't
> behave in my interest *only* but in the interest of the entire team. *Thats
> why I propose the following:*
>
> I think we still need to run a similar program, because we don't know if
> we will ever get Google the next time, no guarantees. Therefore I propose a
> program, for only for Flagships.
>
> *Why?*
> We preach that these projects get more benefits as stated in the OWASP
> project book,they have shown their handwork, they deserve it.In that case I
> think a special program, for flagships to get students to work during the
> summer is a perfect case.
>
> we have in total 8 Flagship projects (Code/Tools)
> Tools [Reviewed September 2014]
>
>    - OWASP Zed Attack Proxy
>    <https://www.owasp.org/index.php/OWASP_Zed_Attack_Proxy_Project>==>
>    Active
>    - OWASP Web Testing Environment Project
>    <https://www.owasp.org/index.php/OWASP_Web_Testing_Environment_Project>
>    ==>Dormant
>    - OWASP OWTF <https://www.owasp.org/index.php/OWASP_OWTF>==>Active
>    - OWASP Dependency Check
>    <https://www.owasp.org/index.php/OWASP_Dependency_Check>==>Active
>
> Code [Reviewed November 2014]
>
>    - OWASP ModSecurity Core Rule Set Project
>    <https://www.owasp.org/index.php/Category:OWASP_ModSecurity_Core_Rule_Set_Project>
>    ==>Active
>    - OWASP CSRFGuard Project
>    <https://www.owasp.org/index.php/Category:OWASP_CSRFGuard_Project>
>    ==>Active
>    - OWASP AppSensor Project
>    <https://www.owasp.org/index.php/OWASP_AppSensor_Project>==>Active
>
>
> All these projects have the opportunity to apply for 1 slot
>
> 6 projects are active, that makes 3000 x 6 = USD18,000
> 1 is dormant and is an image(not really a code project)
>
> if everyone gets a student, one slot , there is no fights who deserve
> them, no need for org decision teams, no discussions.
>
> Again, they all can submit a student of their choice and substantiate why.
> The projects are responsible for doing their midterm evaluation and we
> just need to do 2 checks:
>
>    - Substantiation of why the student was chosen
>    - Submission proposals completed
>    - Students have submitted  a Student Participation Agreement and
>    submit their Proof of Enrollment forms.
>    - Must be submitted by end of April
>    - End of the program make sure the code has been place in an pen
>    repository
>
> We only need staff support for paying the students at 2 points:
>
>    - During the midterm evaluation
>    - at the end of the internship
>
>
> *IF you vote for this plan, I'll personal help move this forward and make
> sure that all Flagships are updated with this info, so they can go ahead a
> place a submission.This is my proposal, everyone is welcome to help.*
>
>
> Regards
>
> Johanna
>
>
> On Wed, Apr 8, 2015 at 1:47 AM, Konstantinos Papapanagiotou <
> Konstantinos at owasp.org
> <javascript:_e(%7B%7D,'cvml','Konstantinos at owasp.org');>> wrote:
>
>> Hopefully next year we might get selected again by GSOC so we might not
>> need this program. Or we might choose to run it in ay case, taking care
>> that it doesn't happen the same time as GSOC, if selected.
>>
>> Kostas
>>
>> On Wed, Apr 8, 2015 at 5:12 AM, Jim Manico <jim.manico at owasp.org
>> <javascript:_e(%7B%7D,'cvml','jim.manico at owasp.org');>> wrote:
>>
>>> I think this is fair input Kevin.
>>>
>>> What if we plan this year with the intention of making it a yearly
>>> endeavor and roll it out in 2016? That way we are not rushing to spend
>>> 30k and instead we do careful planning, get these funds formally in
>>> the budget and then roll it out with more grace? I think that's better
>>> for the foundation.
>>>
>>> Aloha,
>>> --
>>> Jim Manico
>>> @Manicode
>>> (808) 652-3805
>>>
>>> > On Apr 7, 2015, at 8:49 PM, Kevin W. Wall <kevin.w.wall at gmail.com
>>> <javascript:_e(%7B%7D,'cvml','kevin.w.wall at gmail.com');>> wrote:
>>> >
>>> > On Tue, Apr 7, 2015 at 9:32 PM, johanna curiel curiel
>>> > <johanna.curiel at owasp.org
>>> <javascript:_e(%7B%7D,'cvml','johanna.curiel at owasp.org');>> wrote:
>>> > [...snip...]
>>> >> Just keep in mind
>>> >>
>>> >> Running this program is a lot of work
>>> >> Submissions, proposals forms etc, the entire workflow
>>> >> Do we have enough volunteers to run this show?
>>> >>
>>> >>
>>> >> With all due respect to Kostas, this is not something he can run
>>> alone. The
>>> >> Gsoc is run by Google and we only do a small portion as organisation
>>> admin
>>> >> and Mentoring, compared to the entire program
>>> >> Here is an entire administration, back office, payment, revision of
>>> progress
>>> >> etc..so lets be honest, can we run this with a small bunch of
>>> volunteers?
>>> >> Are these volunteers committed?
>>> >> Most people do not have time, so lets be realistic, especially and
>>> >> considering we also have a responsibility with this money
>>> >
>>> > All good points and I have seriously doubted whether OWASP would be
>>> > unable to do all of the things necessary to pull this off at least for
>>> THIS
>>> > SUMMER. Time certainly is not something that is on our side.  I fear
>>> > that all we are seeing with respect to the # of volunteer hours is but
>>> > the tip of the iceberg and it as you say that we are missing the much
>>> > bigger effort that goes on behind the scenes. If we had a whole year
>>> > to prepare for this, then, yeah, we probably could pull it off, but
>>> with
>>> > only a few months remaining until traditional summer break, I
>>> personally
>>> > don't see it as very realistic expectations.
>>> >
>>> > I'll go crawl back under my rock again now and just sit back and watch,
>>> > because I did not intend to participate as a GSoC (tor)mentor this
>>> > yes so I will be sitting this out as well. However, I wish you all the
>>> > best and applaud your good intentions.
>>> >
>>> > -kevin
>>> > --
>>> > Blog: http://off-the-wall-security.blogspot.com/
>>> > NSA: All your crypto bit are belong to us.
>>> > _______________________________________________
>>> > Owasp-board mailing list
>>> > Owasp-board at lists.owasp.org
>>> <javascript:_e(%7B%7D,'cvml','Owasp-board at lists.owasp.org');>
>>> > https://lists.owasp.org/mailman/listinfo/owasp-board
>>> _______________________________________________
>>> Owasp-board mailing list
>>> Owasp-board at lists.owasp.org
>>> <javascript:_e(%7B%7D,'cvml','Owasp-board at lists.owasp.org');>
>>> https://lists.owasp.org/mailman/listinfo/owasp-board
>>>
>>
>>
>> _______________________________________________
>> Owasp-board mailing list
>> Owasp-board at lists.owasp.org
>> <javascript:_e(%7B%7D,'cvml','Owasp-board at lists.owasp.org');>
>> https://lists.owasp.org/mailman/listinfo/owasp-board
>>
>>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/owasp-board/attachments/20150408/88f77531/attachment-0001.html>


More information about the Owasp-board mailing list