[Owasp-board] OWASP Summer of Code Sprint Proposal

Konstantinos Papapanagiotou Konstantinos at owasp.org
Wed Apr 22 12:42:27 UTC 2015


Projects can already spend their money any way they want. As a project
leader, why should I give my budget to this initiative, go through all this
process and not hire instead a professional developer?
I believe that this should be an organization-level initiative that can
include projects with no budget; driven as an OWASP initiative not a (for
example) ZAP-OWTF-Hackademic side-project. Projects that have budget can go
out on their own and look for students or developers in a probably more
effective way.

Kostas


On Wednesday, April 22, 2015, Josh Sokol <josh.sokol at owasp.org> wrote:

>  I would like to see a couple of changes:
>
> 1) I'm not sure it makes sense to use $30k of the project funding for this
> one initiative.  It consumes 60% of the funding for a far smaller
> percentage of our active projects.  OWASP also has no history with running
> this initiative ourselves so I would prefer to limit our exposure here the
> first time around.  I would rather see us allocate $12,000, roughly 25% of
> the overall budget allocated to projects.  This burns our budget for one
> quarter, but leaves sufficient budget for the rest of the year.  It is
> enough to fully fund 8 students at the $1500/student price tag which seems
> like a reasonable place for us to start this initiative.  If the initiative
> is successful, then I would consider increasing the funding when budgeting
> for next year.
>
> 2) I have not seen any stipulation here stating that projects must use
> their project funds before being able to use Foundation funds.  This is a
> requirement for all chapters using community engagement funding and should
> apply equally to the projects.  Saying that project a with money can buy
> additional slots is not the same thing as saying that they need to use
> their funds first.  If we all agree that funds are allocated to be spent,
> not saved, then I see no reason why projects with funds should not be
> encouraged to spend funds in their account first and foremost.
>
> I fully support the initiative, but would like to see these limitations
> placed on it before voting yes on it.
>
> ~josh
>
> On Mon, Apr 20, 2015 at 6:00 PM, Fabio Cerullo <fcerullo at owasp.org
> <javascript:_e(%7B%7D,'cvml','fcerullo at owasp.org');>> wrote:
>
>> Hi
>>
>> I fully endorse this initiative and think is aligned with our mission and
>> strategic goals.
>>
>> I appreciate the comments regarding the budgeting and we could lower them
>> to a level which everyone feels comfortable with.. What about 10 slots at
>> USD 1500 each.. Total budget USD 15000
>>
>> Paul, I think the proposal by Kostas supports that approach. Any project
>> leader could decide to get an additional slot/s by using their project
>> funds. The only clarification is that Summer of Code is about 'code' so the
>> documentation projects are out of scope.
>>
>> Is everyone satisfied with the overall contents of the proposal? Can we
>> bring this to a vote by the Board and move forward?
>>
>> Thanks Kostas for putting this together.
>>
>> Regards,
>>
>> Fabio
>>
>> Sent from my iPhone
>>
>> On 20 Apr 2015, at 14:39, Paul Ritchie <paul.ritchie at owasp.org
>> <javascript:_e(%7B%7D,'cvml','paul.ritchie at owasp.org');>> wrote:
>>
>> Hi Josh, all:
>>
>> So you are suggesting that a couple of the well funded Projects like
>> AppSensor, OpenSAMM, ZAP, etc., could make a decision to 'sponsor' a
>> student under the Summer of Code program to the tune or $1500 or $3000 or
>> whatever they wanted to contribute.  And, they could ensure that those
>> funds were used on student work benefiting their project.
>>
>> I like that approach.  Funded projects support their own work effort, and
>> then the Foundation could support other high-value student proposals that
>> focus on new projects or under-funded projects.
>> Paul
>>
>> Best Regards, Paul Ritchie
>> OWASP Interim Executive Director
>> paul.ritchie at owasp.org
>> <javascript:_e(%7B%7D,'cvml','paul.ritchie at owasp.org');>
>>
>>
>> On Mon, Apr 20, 2015 at 1:21 PM, Josh Sokol <josh.sokol at owasp.org
>> <javascript:_e(%7B%7D,'cvml','josh.sokol at owasp.org');>> wrote:
>>
>>> I think we should treat it like we do the chapters.  If a project has
>>> money in their account, then they are not eligible for Foundation funds
>>> until that money has been allocated.  I'd also agree that $30k of
>>> unbudgeted funds is a lot to spend like this considering I don't see any
>>> reason to hurry here.  It literally means robbing another budgeted project
>>> in order to account for this.  That said, I support the idea, in concept.
>>> Maybe the projects with some money can front it for their slots, the
>>> Foundation can use this as an experiment for our own program, and we can
>>> see how it goes.  Minimal risk with a high reward and we can budget for
>>> more next year?
>>>
>>> ~josh
>>>
>>> On Mon, Apr 20, 2015 at 2:59 PM, Tobias <tobias.gondrom at owasp.org
>>> <javascript:_e(%7B%7D,'cvml','tobias.gondrom at owasp.org');>> wrote:
>>>
>>>>  Well, I don't know.
>>>>
>>>> IMHO the criteria should be based on quality of proposal and bang for
>>>> the buck for OWASP.
>>>>
>>>> incubator/lab/flagship seems not so useful. E.g. if we get three good
>>>> in one category, I would not see a point selecting one from another one
>>>> just to serve all categories.
>>>>
>>>> Cheers, Tobias
>>>>
>>>>
>>>>
>>>> On 20/04/15 19:49, johanna curiel curiel wrote:
>>>>
>>>> >Not sure we need to split this in incubator/lab/flagship categories.
>>>>
>>>>  Tobias, this could be a option If we would like to provide a fair
>>>> chance to all project categories. Woudl you suggest other criteria for
>>>> selection?
>>>>
>>>>  cheers
>>>>
>>>>  Johanna
>>>>
>>>> On Mon, Apr 20, 2015 at 2:44 PM, Tobias <tobias.gondrom at owasp.org
>>>> <javascript:_e(%7B%7D,'cvml','tobias.gondrom at owasp.org');>> wrote:
>>>>
>>>>>  3 x 2500USD sounds reasonable.
>>>>>
>>>>> Not sure we need to split this in incubator/lab/flagship categories.
>>>>>
>>>>> Best, Tobias
>>>>>
>>>>>
>>>>>
>>>>> On 20/04/15 19:39, johanna curiel curiel wrote:
>>>>>
>>>>> Consider maybe a small pilot with 3 types of projects:
>>>>> 1 Incubator, 1 LAB, 1 Flagship
>>>>>
>>>>>  Do a pre selection of the most active on each category  and then
>>>>> select at random the participating one.
>>>>>
>>>>>  just an idea
>>>>>
>>>>>  Total for the pilot 9,000USD (3 x 3000USD) or
>>>>> USD2500x 3 = 7500USD
>>>>>
>>>>>  regards
>>>>>
>>>>>  Johanna
>>>>>
>>>>> On Mon, Apr 20, 2015 at 2:21 PM, Jim Manico <jim.manico at owasp.org
>>>>> <javascript:_e(%7B%7D,'cvml','jim.manico at owasp.org');>> wrote:
>>>>>
>>>>>>  A suggestion. Because this is the first time OWASP is directly
>>>>>> funding this initiative, can we start with a smaller financial amount,
>>>>>> measure success, and then consider larger funding next year? I want to see
>>>>>> how we do first and would feel more comfortable with a smaller experiment.
>>>>>>
>>>>>> - Jim
>>>>>>
>>>>>>
>>>>>>
>>>>>> On 4/19/15 8:27 AM, Konstantinos Papapanagiotou wrote:
>>>>>>
>>>>>>    Dear board,
>>>>>>
>>>>>>  Following recent conversations I would like to formally submit a
>>>>>> proposal for the OWASP Summer of Code Sprint, requesting a budget of
>>>>>> $30,000.
>>>>>>
>>>>>>  The details of the proposal can be found here:
>>>>>> https://docs.google.com/document/d/1FTC-zh__i6ft6uyZRw4rZHxOA44U6T7i33r8RkN0AXk/edit?usp=sharing
>>>>>>
>>>>>>  I believe that such initiatives are important for our mission as
>>>>>> they combine project contributions and reaching out to students who are
>>>>>> future developers.
>>>>>>
>>>>>>  Looking forward to your comments,
>>>>>>
>>>>>>  Kostas
>>>>>>
>>>>>>
>>>>>>  _______________________________________________
>>>>>> Owasp-board mailing listOwasp-board at lists.owasp.org <javascript:_e(%7B%7D,'cvml','Owasp-board at lists.owasp.org');>https://lists.owasp.org/mailman/listinfo/owasp-board
>>>>>>
>>>>>>
>>>>>>
>>>>>> _______________________________________________
>>>>>> Owasp-board mailing list
>>>>>> Owasp-board at lists.owasp.org
>>>>>> <javascript:_e(%7B%7D,'cvml','Owasp-board at lists.owasp.org');>
>>>>>> https://lists.owasp.org/mailman/listinfo/owasp-board
>>>>>>
>>>>>>
>>>>>
>>>>>
>>>>> _______________________________________________
>>>>> Owasp-board mailing listOwasp-board at lists.owasp.org <javascript:_e(%7B%7D,'cvml','Owasp-board at lists.owasp.org');>https://lists.owasp.org/mailman/listinfo/owasp-board
>>>>>
>>>>>
>>>>>
>>>>
>>>>
>>>> _______________________________________________
>>>> Owasp-board mailing list
>>>> Owasp-board at lists.owasp.org
>>>> <javascript:_e(%7B%7D,'cvml','Owasp-board at lists.owasp.org');>
>>>> https://lists.owasp.org/mailman/listinfo/owasp-board
>>>>
>>>>
>>>
>>> _______________________________________________
>>> Owasp-board mailing list
>>> Owasp-board at lists.owasp.org
>>> <javascript:_e(%7B%7D,'cvml','Owasp-board at lists.owasp.org');>
>>> https://lists.owasp.org/mailman/listinfo/owasp-board
>>>
>>>
>> _______________________________________________
>> Owasp-board mailing list
>> Owasp-board at lists.owasp.org
>> <javascript:_e(%7B%7D,'cvml','Owasp-board at lists.owasp.org');>
>> https://lists.owasp.org/mailman/listinfo/owasp-board
>>
>>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/owasp-board/attachments/20150422/43fe5f6e/attachment-0001.html>


More information about the Owasp-board mailing list