[Owasp-board] OWASP Summer of Code Sprint Proposal
Jim Manico
jim.manico at owasp.org
Sat Apr 25 19:53:38 UTC 2015
Matt,
I know of folks still using OWASP WTE. :) Great work and thank you for
putting some love back into that project.
So a polite counterpoint to even my own earlier comments - even some old
unmaintained projects are of great value today. I still use Webscarab
side-to-side with Zap.
Aloha,
Jim
On 4/25/15 9:35 AM, Matt Tesauro wrote:
> It should also be noted that OWASP hasn't done an event like the
> Summer of Code over 6 years. How many projects keep going without any
> attention for 6+ years. Chapters have face to face interaction on a
> monthly/quarterly basis. The same is not true for projects. Project
> leadership can be a rather lonely business.
>
> I find it ironic that I'm currently working on a new release of OWASP
> WTE as I type this - which grew out of the OWASP LIve CD, a project
> with direct lineage to the 2008 SoC.
>
> Yeah, OWASP WTE will now be producing packaged AppSec tools in both
> .deb and .rpm formats:
> https://github.com/mtesauro/owasp-wte/commit/defb42ecb0cf5d652fcdfb9bb1608fb94048e017
>
> Cheers!
>
> --
> -- Matt Tesauro
> OWASP WTE Project Lead
> http://www.owasp.org/index.php/Category:OWASP_Live_CD_Project
> http://AppSecLive.org - Community and Download site
> OWASP OpenStack Security Project Lead
> https://www.owasp.org/index.php/OWASP_OpenStack_Security_Project
>
> On Sat, Apr 25, 2015 at 1:47 PM, Jim Manico <jim.manico at owasp.org
> <mailto:jim.manico at owasp.org>> wrote:
>
> Another note is that if you look at all the projects this
> 250,000k$ funded in 2008...
>
> https://www.owasp.org/index.php/OWASP_Summer_of_Code_2008
>
> ...most are now dead projects.
>
> We do good at getting projects started but do poorly in bringing
> these projects to maturity.
>
> I really want us to make a big impact. I suggest we focus in on
> our flagship and lab projects with big potential. I'd hate to fund
> dozens of projects (again) that just die on the view a few years
> after getting funding.
>
> Regards,
> --
> Jim Manico
> @Manicode
> (808) 652-3805 <tel:%28808%29%20652-3805>
>
> On Apr 25, 2015, at 4:32 AM, Jason Li <jason.li at owasp.org
> <mailto:jason.li at owasp.org>> wrote:
>
>> Josh,
>>
>> I'm a little late to this thread, but I just wanted to point out
>> that it is NOT the first time OWASP would be running this type of
>> initiative ourselves. As an organization, we ran seasons of code
>> for many years prior to Google accepting our application to
>> participate in Google Summer of Code:
>> https://www.owasp.org/index.php/OWASP_Autumn_Of_Code_2006
>> ($34,000 budget)
>> https://www.owasp.org/index.php/OWASP_Spring_Of_Code_2007
>> ($117,500 budget)
>> https://www.owasp.org/index.php/OWASP_Summer_of_Code_2008
>> ($100,00 budget)
>>
>> Obviously the organization budget and expenses have changed a lot
>> since then. Those events were done back when Paulo and Kate were
>> the only paid employees of OWASP and before chapters and projects
>> had their own budgets. We've obviously grown a lot since then,
>> and the goals are different this time around. But as an
>> organization, we do have some history running this type of
>> initiative ourselves.
>>
>> -Jason
>>
>> On Wed, Apr 22, 2015 at 8:31 AM, Josh Sokol <josh.sokol at owasp.org
>> <mailto:josh.sokol at owasp.org>> wrote:
>>
>> I would like to see a couple of changes:
>>
>> 1) I'm not sure it makes sense to use $30k of the project
>> funding for this one initiative. It consumes 60% of the
>> funding for a far smaller percentage of our active projects.
>> OWASP also has no history with running this initiative
>> ourselves so I would prefer to limit our exposure here the
>> first time around. I would rather see us allocate $12,000,
>> roughly 25% of the overall budget allocated to projects.
>> This burns our budget for one quarter, but leaves sufficient
>> budget for the rest of the year. It is enough to fully fund
>> 8 students at the $1500/student price tag which seems like a
>> reasonable place for us to start this initiative. If the
>> initiative is successful, then I would consider increasing
>> the funding when budgeting for next year.
>>
>> 2) I have not seen any stipulation here stating that projects
>> must use their project funds before being able to use
>> Foundation funds. This is a requirement for all chapters
>> using community engagement funding and should apply equally
>> to the projects. Saying that project a with money can buy
>> additional slots is not the same thing as saying that they
>> need to use their funds first. If we all agree that funds
>> are allocated to be spent, not saved, then I see no reason
>> why projects with funds should not be encouraged to spend
>> funds in their account first and foremost.
>>
>> I fully support the initiative, but would like to see these
>> limitations placed on it before voting yes on it.
>>
>> ~josh
>>
>> On Mon, Apr 20, 2015 at 6:00 PM, Fabio Cerullo
>> <fcerullo at owasp.org <mailto:fcerullo at owasp.org>> wrote:
>>
>> Hi
>>
>> I fully endorse this initiative and think is aligned with
>> our mission and strategic goals.
>>
>> I appreciate the comments regarding the budgeting and we
>> could lower them to a level which everyone feels
>> comfortable with.. What about 10 slots at USD 1500 each..
>> Total budget USD 15000
>>
>> Paul, I think the proposal by Kostas supports that
>> approach. Any project leader could decide to get an
>> additional slot/s by using their project funds. The only
>> clarification is that Summer of Code is about 'code' so
>> the documentation projects are out of scope.
>>
>> Is everyone satisfied with the overall contents of the
>> proposal? Can we bring this to a vote by the Board and
>> move forward?
>>
>> Thanks Kostas for putting this together.
>>
>> Regards,
>>
>> Fabio
>>
>> Sent from my iPhone
>>
>> On 20 Apr 2015, at 14:39, Paul Ritchie
>> <paul.ritchie at owasp.org <mailto:paul.ritchie at owasp.org>>
>> wrote:
>>
>>> Hi Josh, all:
>>>
>>> So you are suggesting that a couple of the well funded
>>> Projects like AppSensor, OpenSAMM, ZAP, etc., could make
>>> a decision to 'sponsor' a student under the Summer of
>>> Code program to the tune or $1500 or $3000 or whatever
>>> they wanted to contribute. And, they could ensure that
>>> those funds were used on student work benefiting their
>>> project.
>>>
>>> I like that approach. Funded projects support their own
>>> work effort, and then the Foundation could support other
>>> high-value student proposals that focus on new projects
>>> or under-funded projects.
>>> Paul
>>>
>>> Best Regards, Paul Ritchie
>>> OWASP Interim Executive Director
>>> paul.ritchie at owasp.org <mailto:paul.ritchie at owasp.org>
>>>
>>>
>>> On Mon, Apr 20, 2015 at 1:21 PM, Josh Sokol
>>> <josh.sokol at owasp.org <mailto:josh.sokol at owasp.org>> wrote:
>>>
>>> I think we should treat it like we do the chapters.
>>> If a project has money in their account, then they
>>> are not eligible for Foundation funds until that
>>> money has been allocated. I'd also agree that $30k
>>> of unbudgeted funds is a lot to spend like this
>>> considering I don't see any reason to hurry here. It
>>> literally means robbing another budgeted project in
>>> order to account for this. That said, I support the
>>> idea, in concept. Maybe the projects with some money
>>> can front it for their slots, the Foundation can use
>>> this as an experiment for our own program, and we
>>> can see how it goes. Minimal risk with a high reward
>>> and we can budget for more next year?
>>>
>>> ~josh
>>>
>>> On Mon, Apr 20, 2015 at 2:59 PM, Tobias
>>> <tobias.gondrom at owasp.org
>>> <mailto:tobias.gondrom at owasp.org>> wrote:
>>>
>>> Well, I don't know.
>>>
>>> IMHO the criteria should be based on quality of
>>> proposal and bang for the buck for OWASP.
>>>
>>> incubator/lab/flagship seems not so useful. E.g.
>>> if we get three good in one category, I would
>>> not see a point selecting one from another one
>>> just to serve all categories.
>>>
>>> Cheers, Tobias
>>>
>>>
>>>
>>> On 20/04/15 19:49, johanna curiel curiel wrote:
>>>> >Not sure we need to split this in incubator/lab/flagship categories.
>>>>
>>>> Tobias, this could be a option If we would like
>>>> to provide a fair chance to all project
>>>> categories. Woudl you suggest other criteria
>>>> for selection?
>>>>
>>>> cheers
>>>>
>>>> Johanna
>>>>
>>>> On Mon, Apr 20, 2015 at 2:44 PM, Tobias
>>>> <tobias.gondrom at owasp.org
>>>> <mailto:tobias.gondrom at owasp.org>> wrote:
>>>>
>>>> 3 x 2500USD sounds reasonable.
>>>>
>>>> Not sure we need to split this in
>>>> incubator/lab/flagship categories.
>>>>
>>>> Best, Tobias
>>>>
>>>>
>>>>
>>>> On 20/04/15 19:39, johanna curiel curiel wrote:
>>>>> Consider maybe a small pilot with 3 types
>>>>> of projects:
>>>>> 1 Incubator, 1 LAB, 1 Flagship
>>>>>
>>>>> Do a pre selection of the most active on
>>>>> each category and then select at random
>>>>> the participating one.
>>>>>
>>>>> just an idea
>>>>>
>>>>> Total for the pilot 9,000USD (3 x 3000USD) or
>>>>> USD2500x 3 = 7500USD
>>>>>
>>>>> regards
>>>>>
>>>>> Johanna
>>>>>
>>>>> On Mon, Apr 20, 2015 at 2:21 PM, Jim
>>>>> Manico <jim.manico at owasp.org
>>>>> <mailto:jim.manico at owasp.org>> wrote:
>>>>>
>>>>> A suggestion. Because this is the
>>>>> first time OWASP is directly funding
>>>>> this initiative, can we start with a
>>>>> smaller financial amount, measure
>>>>> success, and then consider larger
>>>>> funding next year? I want to see how
>>>>> we do first and would feel more
>>>>> comfortable with a smaller experiment.
>>>>>
>>>>> - Jim
>>>>>
>>>>>
>>>>>
>>>>> On 4/19/15 8:27 AM, Konstantinos
>>>>> Papapanagiotou wrote:
>>>>>> Dear board,
>>>>>>
>>>>>> Following recent conversations I
>>>>>> would like to formally submit a
>>>>>> proposal for the OWASP Summer of Code
>>>>>> Sprint, requesting a budget of $30,000.
>>>>>>
>>>>>> The details of the proposal can be
>>>>>> found here:
>>>>>> https://docs.google.com/document/d/1FTC-zh__i6ft6uyZRw4rZHxOA44U6T7i33r8RkN0AXk/edit?usp=sharing
>>>>>>
>>>>>> I believe that such initiatives are
>>>>>> important for our mission as they
>>>>>> combine project contributions and
>>>>>> reaching out to students who are
>>>>>> future developers.
>>>>>>
>>>>>> Looking forward to your comments,
>>>>>>
>>>>>> Kostas
>>>>>>
>>>>>>
>>>>>> _______________________________________________
>>>>>> Owasp-board mailing list
>>>>>> Owasp-board at lists.owasp.org <mailto:Owasp-board at lists.owasp.org>
>>>>>> https://lists.owasp.org/mailman/listinfo/owasp-board
>>>>>
>>>>>
>>>>> _______________________________________________
>>>>> Owasp-board mailing list
>>>>> Owasp-board at lists.owasp.org
>>>>> <mailto:Owasp-board at lists.owasp.org>
>>>>> https://lists.owasp.org/mailman/listinfo/owasp-board
>>>>>
>>>>>
>>>>>
>>>>>
>>>>> _______________________________________________
>>>>> Owasp-board mailing list
>>>>> Owasp-board at lists.owasp.org <mailto:Owasp-board at lists.owasp.org>
>>>>> https://lists.owasp.org/mailman/listinfo/owasp-board
>>>>
>>>>
>>>
>>>
>>> _______________________________________________
>>> Owasp-board mailing list
>>> Owasp-board at lists.owasp.org
>>> <mailto:Owasp-board at lists.owasp.org>
>>> https://lists.owasp.org/mailman/listinfo/owasp-board
>>>
>>>
>>>
>>> _______________________________________________
>>> Owasp-board mailing list
>>> Owasp-board at lists.owasp.org
>>> <mailto:Owasp-board at lists.owasp.org>
>>> https://lists.owasp.org/mailman/listinfo/owasp-board
>>>
>>>
>>> _______________________________________________
>>> Owasp-board mailing list
>>> Owasp-board at lists.owasp.org
>>> <mailto:Owasp-board at lists.owasp.org>
>>> https://lists.owasp.org/mailman/listinfo/owasp-board
>>
>>
>>
>> _______________________________________________
>> Owasp-board mailing list
>> Owasp-board at lists.owasp.org <mailto:Owasp-board at lists.owasp.org>
>> https://lists.owasp.org/mailman/listinfo/owasp-board
>>
>>
>> _______________________________________________
>> Owasp-board mailing list
>> Owasp-board at lists.owasp.org <mailto:Owasp-board at lists.owasp.org>
>> https://lists.owasp.org/mailman/listinfo/owasp-board
>
> _______________________________________________
> Owasp-board mailing list
> Owasp-board at lists.owasp.org <mailto:Owasp-board at lists.owasp.org>
> https://lists.owasp.org/mailman/listinfo/owasp-board
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/owasp-board/attachments/20150425/ab32ed5f/attachment-0001.html>
More information about the Owasp-board
mailing list