[Owasp-board] OWASP Summer of Code Sprint Proposal

Konstantinos Papapanagiotou Konstantinos at owasp.org
Sat Apr 25 19:33:38 UTC 2015


I'm afraid that this is a risk we have to take Jim. Maybe one of those new,
small projects becomes the next flagship in 5 years time. Look at Appsensor
for example.

We *have to* encourage new contributions from enthusiasts otherwise we risk
becoming a foundation of the elite. Is that where you would like to drive
OWASP to?

Kostas


On Saturday, April 25, 2015, Jim Manico <jim.manico at owasp.org> wrote:

> Another note is that if you look at all the projects this 250,000k$ funded
> in 2008...
>
> https://www.owasp.org/index.php/OWASP_Summer_of_Code_2008
>
> ...most are now dead projects.
>
> We do good at getting projects started but do poorly in bringing these
> projects to maturity.
>
> I really want us to make a big impact. I suggest we focus in on our
> flagship and lab projects with big potential. I'd hate to fund dozens of
> projects (again) that just die on the view a few years after getting
> funding.
>
> Regards,
> --
> Jim Manico
> @Manicode
> (808) 652-3805
>
> On Apr 25, 2015, at 4:32 AM, Jason Li <jason.li at owasp.org
> <javascript:_e(%7B%7D,'cvml','jason.li at owasp.org');>> wrote:
>
> Josh,
>
> I'm a little late to this thread, but I just wanted to point out that it
> is NOT the first time OWASP would be running this type of initiative
> ourselves. As an organization, we ran seasons of code for many years prior
> to Google accepting our application to participate in Google Summer of Code:
> https://www.owasp.org/index.php/OWASP_Autumn_Of_Code_2006 ($34,000 budget)
> https://www.owasp.org/index.php/OWASP_Spring_Of_Code_2007 ($117,500
> budget)
> https://www.owasp.org/index.php/OWASP_Summer_of_Code_2008 ($100,00 budget)
>
> Obviously the organization budget and expenses have changed a lot since
> then. Those events were done back when Paulo and Kate were the only paid
> employees of OWASP and before chapters and projects had their own budgets.
> We've obviously grown a lot since then, and the goals are different this
> time around. But as an organization, we do have some history running this
> type of initiative ourselves.
>
> -Jason
>
> On Wed, Apr 22, 2015 at 8:31 AM, Josh Sokol <josh.sokol at owasp.org
> <javascript:_e(%7B%7D,'cvml','josh.sokol at owasp.org');>> wrote:
>
>>  I would like to see a couple of changes:
>>
>> 1) I'm not sure it makes sense to use $30k of the project funding for
>> this one initiative.  It consumes 60% of the funding for a far smaller
>> percentage of our active projects.  OWASP also has no history with running
>> this initiative ourselves so I would prefer to limit our exposure here the
>> first time around.  I would rather see us allocate $12,000, roughly 25% of
>> the overall budget allocated to projects.  This burns our budget for one
>> quarter, but leaves sufficient budget for the rest of the year.  It is
>> enough to fully fund 8 students at the $1500/student price tag which seems
>> like a reasonable place for us to start this initiative.  If the initiative
>> is successful, then I would consider increasing the funding when budgeting
>> for next year.
>>
>> 2) I have not seen any stipulation here stating that projects must use
>> their project funds before being able to use Foundation funds.  This is a
>> requirement for all chapters using community engagement funding and should
>> apply equally to the projects.  Saying that project a with money can buy
>> additional slots is not the same thing as saying that they need to use
>> their funds first.  If we all agree that funds are allocated to be spent,
>> not saved, then I see no reason why projects with funds should not be
>> encouraged to spend funds in their account first and foremost.
>>
>> I fully support the initiative, but would like to see these limitations
>> placed on it before voting yes on it.
>>
>> ~josh
>>
>> On Mon, Apr 20, 2015 at 6:00 PM, Fabio Cerullo <fcerullo at owasp.org
>> <javascript:_e(%7B%7D,'cvml','fcerullo at owasp.org');>> wrote:
>>
>>> Hi
>>>
>>> I fully endorse this initiative and think is aligned with our mission
>>> and strategic goals.
>>>
>>> I appreciate the comments regarding the budgeting and we could lower
>>> them to a level which everyone feels comfortable with.. What about 10 slots
>>> at USD 1500 each.. Total budget USD 15000
>>>
>>> Paul, I think the proposal by Kostas supports that approach. Any project
>>> leader could decide to get an additional slot/s by using their project
>>> funds. The only clarification is that Summer of Code is about 'code' so the
>>> documentation projects are out of scope.
>>>
>>> Is everyone satisfied with the overall contents of the proposal? Can we
>>> bring this to a vote by the Board and move forward?
>>>
>>> Thanks Kostas for putting this together.
>>>
>>> Regards,
>>>
>>> Fabio
>>>
>>> Sent from my iPhone
>>>
>>> On 20 Apr 2015, at 14:39, Paul Ritchie <paul.ritchie at owasp.org
>>> <javascript:_e(%7B%7D,'cvml','paul.ritchie at owasp.org');>> wrote:
>>>
>>> Hi Josh, all:
>>>
>>> So you are suggesting that a couple of the well funded Projects like
>>> AppSensor, OpenSAMM, ZAP, etc., could make a decision to 'sponsor' a
>>> student under the Summer of Code program to the tune or $1500 or $3000 or
>>> whatever they wanted to contribute.  And, they could ensure that those
>>> funds were used on student work benefiting their project.
>>>
>>> I like that approach.  Funded projects support their own work effort,
>>> and then the Foundation could support other high-value student proposals
>>> that focus on new projects or under-funded projects.
>>> Paul
>>>
>>> Best Regards, Paul Ritchie
>>> OWASP Interim Executive Director
>>> paul.ritchie at owasp.org
>>> <javascript:_e(%7B%7D,'cvml','paul.ritchie at owasp.org');>
>>>
>>>
>>> On Mon, Apr 20, 2015 at 1:21 PM, Josh Sokol <josh.sokol at owasp.org
>>> <javascript:_e(%7B%7D,'cvml','josh.sokol at owasp.org');>> wrote:
>>>
>>>> I think we should treat it like we do the chapters.  If a project has
>>>> money in their account, then they are not eligible for Foundation funds
>>>> until that money has been allocated.  I'd also agree that $30k of
>>>> unbudgeted funds is a lot to spend like this considering I don't see any
>>>> reason to hurry here.  It literally means robbing another budgeted project
>>>> in order to account for this.  That said, I support the idea, in concept.
>>>> Maybe the projects with some money can front it for their slots, the
>>>> Foundation can use this as an experiment for our own program, and we can
>>>> see how it goes.  Minimal risk with a high reward and we can budget for
>>>> more next year?
>>>>
>>>> ~josh
>>>>
>>>> On Mon, Apr 20, 2015 at 2:59 PM, Tobias <tobias.gondrom at owasp.org
>>>> <javascript:_e(%7B%7D,'cvml','tobias.gondrom at owasp.org');>> wrote:
>>>>
>>>>>  Well, I don't know.
>>>>>
>>>>> IMHO the criteria should be based on quality of proposal and bang for
>>>>> the buck for OWASP.
>>>>>
>>>>> incubator/lab/flagship seems not so useful. E.g. if we get three good
>>>>> in one category, I would not see a point selecting one from another one
>>>>> just to serve all categories.
>>>>>
>>>>> Cheers, Tobias
>>>>>
>>>>>
>>>>>
>>>>> On 20/04/15 19:49, johanna curiel curiel wrote:
>>>>>
>>>>> >Not sure we need to split this in incubator/lab/flagship categories.
>>>>>
>>>>>  Tobias, this could be a option If we would like to provide a fair
>>>>> chance to all project categories. Woudl you suggest other criteria for
>>>>> selection?
>>>>>
>>>>>  cheers
>>>>>
>>>>>  Johanna
>>>>>
>>>>> On Mon, Apr 20, 2015 at 2:44 PM, Tobias <tobias.gondrom at owasp.org
>>>>> <javascript:_e(%7B%7D,'cvml','tobias.gondrom at owasp.org');>> wrote:
>>>>>
>>>>>>  3 x 2500USD sounds reasonable.
>>>>>>
>>>>>> Not sure we need to split this in incubator/lab/flagship categories.
>>>>>>
>>>>>> Best, Tobias
>>>>>>
>>>>>>
>>>>>>
>>>>>> On 20/04/15 19:39, johanna curiel curiel wrote:
>>>>>>
>>>>>> Consider maybe a small pilot with 3 types of projects:
>>>>>> 1 Incubator, 1 LAB, 1 Flagship
>>>>>>
>>>>>>  Do a pre selection of the most active on each category  and then
>>>>>> select at random the participating one.
>>>>>>
>>>>>>  just an idea
>>>>>>
>>>>>>  Total for the pilot 9,000USD (3 x 3000USD) or
>>>>>> USD2500x 3 = 7500USD
>>>>>>
>>>>>>  regards
>>>>>>
>>>>>>  Johanna
>>>>>>
>>>>>> On Mon, Apr 20, 2015 at 2:21 PM, Jim Manico <jim.manico at owasp.org
>>>>>> <javascript:_e(%7B%7D,'cvml','jim.manico at owasp.org');>> wrote:
>>>>>>
>>>>>>>  A suggestion. Because this is the first time OWASP is directly
>>>>>>> funding this initiative, can we start with a smaller financial amount,
>>>>>>> measure success, and then consider larger funding next year? I want to see
>>>>>>> how we do first and would feel more comfortable with a smaller experiment.
>>>>>>>
>>>>>>> - Jim
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>> On 4/19/15 8:27 AM, Konstantinos Papapanagiotou wrote:
>>>>>>>
>>>>>>>    Dear board,
>>>>>>>
>>>>>>>  Following recent conversations I would like to formally submit a
>>>>>>> proposal for the OWASP Summer of Code Sprint, requesting a budget of
>>>>>>> $30,000.
>>>>>>>
>>>>>>>  The details of the proposal can be found here:
>>>>>>> https://docs.google.com/document/d/1FTC-zh__i6ft6uyZRw4rZHxOA44U6T7i33r8RkN0AXk/edit?usp=sharing
>>>>>>>
>>>>>>>  I believe that such initiatives are important for our mission as
>>>>>>> they combine project contributions and reaching out to students who are
>>>>>>> future developers.
>>>>>>>
>>>>>>>  Looking forward to your comments,
>>>>>>>
>>>>>>>  Kostas
>>>>>>>
>>>>>>>
>>>>>>>  _______________________________________________
>>>>>>> Owasp-board mailing listOwasp-board at lists.owasp.org <javascript:_e(%7B%7D,'cvml','Owasp-board at lists.owasp.org');>https://lists.owasp.org/mailman/listinfo/owasp-board
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>> _______________________________________________
>>>>>>> Owasp-board mailing list
>>>>>>> Owasp-board at lists.owasp.org
>>>>>>> <javascript:_e(%7B%7D,'cvml','Owasp-board at lists.owasp.org');>
>>>>>>> https://lists.owasp.org/mailman/listinfo/owasp-board
>>>>>>>
>>>>>>>
>>>>>>
>>>>>>
>>>>>> _______________________________________________
>>>>>> Owasp-board mailing listOwasp-board at lists.owasp.org <javascript:_e(%7B%7D,'cvml','Owasp-board at lists.owasp.org');>https://lists.owasp.org/mailman/listinfo/owasp-board
>>>>>>
>>>>>>
>>>>>>
>>>>>
>>>>>
>>>>> _______________________________________________
>>>>> Owasp-board mailing list
>>>>> Owasp-board at lists.owasp.org
>>>>> <javascript:_e(%7B%7D,'cvml','Owasp-board at lists.owasp.org');>
>>>>> https://lists.owasp.org/mailman/listinfo/owasp-board
>>>>>
>>>>>
>>>>
>>>> _______________________________________________
>>>> Owasp-board mailing list
>>>> Owasp-board at lists.owasp.org
>>>> <javascript:_e(%7B%7D,'cvml','Owasp-board at lists.owasp.org');>
>>>> https://lists.owasp.org/mailman/listinfo/owasp-board
>>>>
>>>>
>>> _______________________________________________
>>> Owasp-board mailing list
>>> Owasp-board at lists.owasp.org
>>> <javascript:_e(%7B%7D,'cvml','Owasp-board at lists.owasp.org');>
>>> https://lists.owasp.org/mailman/listinfo/owasp-board
>>>
>>>
>>
>> _______________________________________________
>> Owasp-board mailing list
>> Owasp-board at lists.owasp.org
>> <javascript:_e(%7B%7D,'cvml','Owasp-board at lists.owasp.org');>
>> https://lists.owasp.org/mailman/listinfo/owasp-board
>>
>>
> _______________________________________________
> Owasp-board mailing list
> Owasp-board at lists.owasp.org
> <javascript:_e(%7B%7D,'cvml','Owasp-board at lists.owasp.org');>
> https://lists.owasp.org/mailman/listinfo/owasp-board
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/owasp-board/attachments/20150425/6f89e425/attachment-0001.html>


More information about the Owasp-board mailing list