[Owasp-board] OWASP Summer of Code Sprint Proposal

Konstantinos Papapanagiotou Konstantinos at owasp.org
Wed Apr 22 16:01:58 UTC 2015


Josh,

When putting together this proposal, I tried to make it a win case for all
parties. This is why I believe it's very important for the foundation's
mission: we reach out to students and universities, get work done on our
projects and "recruit" enthusiastic contributors that will most likely keep
volunteering in the future.
Being a project leader myself, I think the initial proposal will get more
support from the project leaders. At the same time Fabio's approach is
equally or even more appealing and better balanced. I would like to have
support from a vast majority of the board if possible, so if you feel more
comfortable with Fabio's approach, we can adopt it.

Kostas


On Wednesday, April 22, 2015, Josh Sokol <josh.sokol at owasp.org> wrote:

> So, if projects can already spend their money any way they want (obviously
> with some caveats), and they haven't prioritized paying others to help with
> the code (whether they are students or professionals), then why should the
> Foundation care to spend it's money on something that the projects don't
> value enough to spend their money on?  I draw a lot of parallels here
> between projects and chapters because the conversation around money
> ultimately comes down to a discussion about the "ring-fenced funds" in our
> accounts.  Basically, funds that are currently allocated to a chapter or
> project, but aren't in active use, and can't be used for something else.
> And with rules in place (and others being added) designed to make the
> chapters spend their money to avoid this situation, I see no reason why we
> should treat the projects any differently.  If a project has money, they
> need to spend it.  In addition, if it we made the assumption that it was
> important to invest money in our projects for such an initiative, and some
> projects already have this money and aren't spending it in this way, then I
> would choose to instead fund the projects who do not have the money to even
> make this choice.  In other words, we should be allocating this money to
> the projects who don't have money, not the ones that do.  If we cannot
> agree that the projects need to spend their account funds first, then we
> cannot agree that this money should be allocated at all.  Based on this, my
> vote will be "no" if a vote is requested.
>
> ~josh
>
> On Wed, Apr 22, 2015 at 7:42 AM, Konstantinos Papapanagiotou <
> Konstantinos at owasp.org
> <javascript:_e(%7B%7D,'cvml','Konstantinos at owasp.org');>> wrote:
>
>> Projects can already spend their money any way they want. As a project
>> leader, why should I give my budget to this initiative, go through all this
>> process and not hire instead a professional developer?
>> I believe that this should be an organization-level initiative that can
>> include projects with no budget; driven as an OWASP initiative not a (for
>> example) ZAP-OWTF-Hackademic side-project. Projects that have budget can go
>> out on their own and look for students or developers in a probably more
>> effective way.
>>
>> Kostas
>>
>>
>> On Wednesday, April 22, 2015, Josh Sokol <josh.sokol at owasp.org
>> <javascript:_e(%7B%7D,'cvml','josh.sokol at owasp.org');>> wrote:
>>
>>>  I would like to see a couple of changes:
>>>
>>> 1) I'm not sure it makes sense to use $30k of the project funding for
>>> this one initiative.  It consumes 60% of the funding for a far smaller
>>> percentage of our active projects.  OWASP also has no history with running
>>> this initiative ourselves so I would prefer to limit our exposure here the
>>> first time around.  I would rather see us allocate $12,000, roughly 25% of
>>> the overall budget allocated to projects.  This burns our budget for one
>>> quarter, but leaves sufficient budget for the rest of the year.  It is
>>> enough to fully fund 8 students at the $1500/student price tag which seems
>>> like a reasonable place for us to start this initiative.  If the initiative
>>> is successful, then I would consider increasing the funding when budgeting
>>> for next year.
>>>
>>> 2) I have not seen any stipulation here stating that projects must use
>>> their project funds before being able to use Foundation funds.  This is a
>>> requirement for all chapters using community engagement funding and should
>>> apply equally to the projects.  Saying that project a with money can buy
>>> additional slots is not the same thing as saying that they need to use
>>> their funds first.  If we all agree that funds are allocated to be spent,
>>> not saved, then I see no reason why projects with funds should not be
>>> encouraged to spend funds in their account first and foremost.
>>>
>>> I fully support the initiative, but would like to see these limitations
>>> placed on it before voting yes on it.
>>>
>>> ~josh
>>>
>>> On Mon, Apr 20, 2015 at 6:00 PM, Fabio Cerullo <fcerullo at owasp.org>
>>> wrote:
>>>
>>>> Hi
>>>>
>>>> I fully endorse this initiative and think is aligned with our mission
>>>> and strategic goals.
>>>>
>>>> I appreciate the comments regarding the budgeting and we could lower
>>>> them to a level which everyone feels comfortable with.. What about 10 slots
>>>> at USD 1500 each.. Total budget USD 15000
>>>>
>>>> Paul, I think the proposal by Kostas supports that approach. Any
>>>> project leader could decide to get an additional slot/s by using their
>>>> project funds. The only clarification is that Summer of Code is about
>>>> 'code' so the documentation projects are out of scope.
>>>>
>>>> Is everyone satisfied with the overall contents of the proposal? Can we
>>>> bring this to a vote by the Board and move forward?
>>>>
>>>> Thanks Kostas for putting this together.
>>>>
>>>> Regards,
>>>>
>>>> Fabio
>>>>
>>>> Sent from my iPhone
>>>>
>>>> On 20 Apr 2015, at 14:39, Paul Ritchie <paul.ritchie at owasp.org> wrote:
>>>>
>>>> Hi Josh, all:
>>>>
>>>> So you are suggesting that a couple of the well funded Projects like
>>>> AppSensor, OpenSAMM, ZAP, etc., could make a decision to 'sponsor' a
>>>> student under the Summer of Code program to the tune or $1500 or $3000 or
>>>> whatever they wanted to contribute.  And, they could ensure that those
>>>> funds were used on student work benefiting their project.
>>>>
>>>> I like that approach.  Funded projects support their own work effort,
>>>> and then the Foundation could support other high-value student proposals
>>>> that focus on new projects or under-funded projects.
>>>> Paul
>>>>
>>>> Best Regards, Paul Ritchie
>>>> OWASP Interim Executive Director
>>>> paul.ritchie at owasp.org
>>>>
>>>>
>>>> On Mon, Apr 20, 2015 at 1:21 PM, Josh Sokol <josh.sokol at owasp.org>
>>>> wrote:
>>>>
>>>>> I think we should treat it like we do the chapters.  If a project has
>>>>> money in their account, then they are not eligible for Foundation funds
>>>>> until that money has been allocated.  I'd also agree that $30k of
>>>>> unbudgeted funds is a lot to spend like this considering I don't see any
>>>>> reason to hurry here.  It literally means robbing another budgeted project
>>>>> in order to account for this.  That said, I support the idea, in concept.
>>>>> Maybe the projects with some money can front it for their slots, the
>>>>> Foundation can use this as an experiment for our own program, and we can
>>>>> see how it goes.  Minimal risk with a high reward and we can budget for
>>>>> more next year?
>>>>>
>>>>> ~josh
>>>>>
>>>>> On Mon, Apr 20, 2015 at 2:59 PM, Tobias <tobias.gondrom at owasp.org>
>>>>> wrote:
>>>>>
>>>>>>  Well, I don't know.
>>>>>>
>>>>>> IMHO the criteria should be based on quality of proposal and bang for
>>>>>> the buck for OWASP.
>>>>>>
>>>>>> incubator/lab/flagship seems not so useful. E.g. if we get three good
>>>>>> in one category, I would not see a point selecting one from another one
>>>>>> just to serve all categories.
>>>>>>
>>>>>> Cheers, Tobias
>>>>>>
>>>>>>
>>>>>>
>>>>>> On 20/04/15 19:49, johanna curiel curiel wrote:
>>>>>>
>>>>>> >Not sure we need to split this in incubator/lab/flagship categories.
>>>>>>
>>>>>>  Tobias, this could be a option If we would like to provide a fair
>>>>>> chance to all project categories. Woudl you suggest other criteria for
>>>>>> selection?
>>>>>>
>>>>>>  cheers
>>>>>>
>>>>>>  Johanna
>>>>>>
>>>>>> On Mon, Apr 20, 2015 at 2:44 PM, Tobias <tobias.gondrom at owasp.org>
>>>>>> wrote:
>>>>>>
>>>>>>>  3 x 2500USD sounds reasonable.
>>>>>>>
>>>>>>> Not sure we need to split this in incubator/lab/flagship categories.
>>>>>>>
>>>>>>> Best, Tobias
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>> On 20/04/15 19:39, johanna curiel curiel wrote:
>>>>>>>
>>>>>>> Consider maybe a small pilot with 3 types of projects:
>>>>>>> 1 Incubator, 1 LAB, 1 Flagship
>>>>>>>
>>>>>>>  Do a pre selection of the most active on each category  and then
>>>>>>> select at random the participating one.
>>>>>>>
>>>>>>>  just an idea
>>>>>>>
>>>>>>>  Total for the pilot 9,000USD (3 x 3000USD) or
>>>>>>> USD2500x 3 = 7500USD
>>>>>>>
>>>>>>>  regards
>>>>>>>
>>>>>>>  Johanna
>>>>>>>
>>>>>>> On Mon, Apr 20, 2015 at 2:21 PM, Jim Manico <jim.manico at owasp.org>
>>>>>>> wrote:
>>>>>>>
>>>>>>>>  A suggestion. Because this is the first time OWASP is directly
>>>>>>>> funding this initiative, can we start with a smaller financial amount,
>>>>>>>> measure success, and then consider larger funding next year? I want to see
>>>>>>>> how we do first and would feel more comfortable with a smaller experiment.
>>>>>>>>
>>>>>>>> - Jim
>>>>>>>>
>>>>>>>>
>>>>>>>>
>>>>>>>> On 4/19/15 8:27 AM, Konstantinos Papapanagiotou wrote:
>>>>>>>>
>>>>>>>>    Dear board,
>>>>>>>>
>>>>>>>>  Following recent conversations I would like to formally submit a
>>>>>>>> proposal for the OWASP Summer of Code Sprint, requesting a budget of
>>>>>>>> $30,000.
>>>>>>>>
>>>>>>>>  The details of the proposal can be found here:
>>>>>>>> https://docs.google.com/document/d/1FTC-zh__i6ft6uyZRw4rZHxOA44U6T7i33r8RkN0AXk/edit?usp=sharing
>>>>>>>>
>>>>>>>>  I believe that such initiatives are important for our mission as
>>>>>>>> they combine project contributions and reaching out to students who are
>>>>>>>> future developers.
>>>>>>>>
>>>>>>>>  Looking forward to your comments,
>>>>>>>>
>>>>>>>>  Kostas
>>>>>>>>
>>>>>>>>
>>>>>>>>  _______________________________________________
>>>>>>>> Owasp-board mailing listOwasp-board at lists.owasp.orghttps://lists.owasp.org/mailman/listinfo/owasp-board
>>>>>>>>
>>>>>>>>
>>>>>>>>
>>>>>>>> _______________________________________________
>>>>>>>> Owasp-board mailing list
>>>>>>>> Owasp-board at lists.owasp.org
>>>>>>>> https://lists.owasp.org/mailman/listinfo/owasp-board
>>>>>>>>
>>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>> _______________________________________________
>>>>>>> Owasp-board mailing listOwasp-board at lists.owasp.orghttps://lists.owasp.org/mailman/listinfo/owasp-board
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>
>>>>>>
>>>>>> _______________________________________________
>>>>>> Owasp-board mailing list
>>>>>> Owasp-board at lists.owasp.org
>>>>>> https://lists.owasp.org/mailman/listinfo/owasp-board
>>>>>>
>>>>>>
>>>>>
>>>>> _______________________________________________
>>>>> Owasp-board mailing list
>>>>> Owasp-board at lists.owasp.org
>>>>> https://lists.owasp.org/mailman/listinfo/owasp-board
>>>>>
>>>>>
>>>> _______________________________________________
>>>> Owasp-board mailing list
>>>> Owasp-board at lists.owasp.org
>>>> https://lists.owasp.org/mailman/listinfo/owasp-board
>>>>
>>>>
>>>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/owasp-board/attachments/20150422/9888603d/attachment-0001.html>


More information about the Owasp-board mailing list