[Owasp-board] OWASP Summer of Code Sprint Proposal

Konstantinos Papapanagiotou Konstantinos at owasp.org
Sat Apr 25 20:09:53 UTC 2015


+1
We already have the project summit which is great.
We are also trying to revive the "season of code" after a 7-year hiatus.
Let's have more great ideas!

Kostas


On Saturday, April 25, 2015, johanna curiel curiel <johanna.curiel at owasp.org>
wrote:

> I think we need to sit down and think of a yearly plan for projects.
>
> That means , a complete approach on how to motivate , sponsor , support,
> and maintain project initiatives.
>
> Most activities around projects have been ad-hoc, and driven by little
> planning.
>
> we should think of activities on a yearly base that we would like to
> organise (such as summer of code ,summits etc)
>
> A complete program for projects, so they can be nurtured and be able to
> grow
>
> Clear rules and conditions for participation are important in order to
> have clear expectations
>
> regards
>
> Johanna
>
>
>
> On Sat, Apr 25, 2015 at 3:35 PM, Matt Tesauro <matt.tesauro at owasp.org
> <javascript:_e(%7B%7D,'cvml','matt.tesauro at owasp.org');>> wrote:
>
>> It should also be noted that OWASP hasn't done an event like the Summer
>> of Code over 6 years.  How many projects keep going without any attention
>> for 6+ years.  Chapters have face to face interaction on a
>> monthly/quarterly basis.  The same is not true for projects.  Project
>> leadership can be a rather lonely business.
>>
>> I find it ironic that I'm currently working on a new release of OWASP WTE
>> as I type this - which grew out of the OWASP LIve CD,  a project with
>> direct lineage to the 2008 SoC.
>>
>> Yeah, OWASP WTE will now be producing packaged AppSec tools in both .deb
>> and .rpm formats:
>>
>> https://github.com/mtesauro/owasp-wte/commit/defb42ecb0cf5d652fcdfb9bb1608fb94048e017
>>
>> Cheers!
>>
>> --
>> -- Matt Tesauro
>> OWASP WTE Project Lead
>> http://www.owasp.org/index.php/Category:OWASP_Live_CD_Project
>> http://AppSecLive.org - Community and Download site
>> OWASP OpenStack Security Project Lead
>> https://www.owasp.org/index.php/OWASP_OpenStack_Security_Project
>>
>> On Sat, Apr 25, 2015 at 1:47 PM, Jim Manico <jim.manico at owasp.org
>> <javascript:_e(%7B%7D,'cvml','jim.manico at owasp.org');>> wrote:
>>
>>> Another note is that if you look at all the projects this 250,000k$
>>> funded in 2008...
>>>
>>> https://www.owasp.org/index.php/OWASP_Summer_of_Code_2008
>>>
>>> ...most are now dead projects.
>>>
>>> We do good at getting projects started but do poorly in bringing these
>>> projects to maturity.
>>>
>>> I really want us to make a big impact. I suggest we focus in on our
>>> flagship and lab projects with big potential. I'd hate to fund dozens of
>>> projects (again) that just die on the view a few years after getting
>>> funding.
>>>
>>> Regards,
>>> --
>>> Jim Manico
>>> @Manicode
>>> (808) 652-3805
>>>
>>> On Apr 25, 2015, at 4:32 AM, Jason Li <jason.li at owasp.org
>>> <javascript:_e(%7B%7D,'cvml','jason.li at owasp.org');>> wrote:
>>>
>>> Josh,
>>>
>>> I'm a little late to this thread, but I just wanted to point out that it
>>> is NOT the first time OWASP would be running this type of initiative
>>> ourselves. As an organization, we ran seasons of code for many years prior
>>> to Google accepting our application to participate in Google Summer of Code:
>>> https://www.owasp.org/index.php/OWASP_Autumn_Of_Code_2006 ($34,000
>>> budget)
>>> https://www.owasp.org/index.php/OWASP_Spring_Of_Code_2007 ($117,500
>>> budget)
>>> https://www.owasp.org/index.php/OWASP_Summer_of_Code_2008 ($100,00
>>> budget)
>>>
>>> Obviously the organization budget and expenses have changed a lot since
>>> then. Those events were done back when Paulo and Kate were the only paid
>>> employees of OWASP and before chapters and projects had their own budgets.
>>> We've obviously grown a lot since then, and the goals are different this
>>> time around. But as an organization, we do have some history running this
>>> type of initiative ourselves.
>>>
>>> -Jason
>>>
>>> On Wed, Apr 22, 2015 at 8:31 AM, Josh Sokol <josh.sokol at owasp.org
>>> <javascript:_e(%7B%7D,'cvml','josh.sokol at owasp.org');>> wrote:
>>>
>>>>  I would like to see a couple of changes:
>>>>
>>>> 1) I'm not sure it makes sense to use $30k of the project funding for
>>>> this one initiative.  It consumes 60% of the funding for a far smaller
>>>> percentage of our active projects.  OWASP also has no history with running
>>>> this initiative ourselves so I would prefer to limit our exposure here the
>>>> first time around.  I would rather see us allocate $12,000, roughly 25% of
>>>> the overall budget allocated to projects.  This burns our budget for one
>>>> quarter, but leaves sufficient budget for the rest of the year.  It is
>>>> enough to fully fund 8 students at the $1500/student price tag which seems
>>>> like a reasonable place for us to start this initiative.  If the initiative
>>>> is successful, then I would consider increasing the funding when budgeting
>>>> for next year.
>>>>
>>>> 2) I have not seen any stipulation here stating that projects must use
>>>> their project funds before being able to use Foundation funds.  This is a
>>>> requirement for all chapters using community engagement funding and should
>>>> apply equally to the projects.  Saying that project a with money can buy
>>>> additional slots is not the same thing as saying that they need to use
>>>> their funds first.  If we all agree that funds are allocated to be spent,
>>>> not saved, then I see no reason why projects with funds should not be
>>>> encouraged to spend funds in their account first and foremost.
>>>>
>>>> I fully support the initiative, but would like to see these limitations
>>>> placed on it before voting yes on it.
>>>>
>>>> ~josh
>>>>
>>>> On Mon, Apr 20, 2015 at 6:00 PM, Fabio Cerullo <fcerullo at owasp.org
>>>> <javascript:_e(%7B%7D,'cvml','fcerullo at owasp.org');>> wrote:
>>>>
>>>>> Hi
>>>>>
>>>>> I fully endorse this initiative and think is aligned with our mission
>>>>> and strategic goals.
>>>>>
>>>>> I appreciate the comments regarding the budgeting and we could lower
>>>>> them to a level which everyone feels comfortable with.. What about 10 slots
>>>>> at USD 1500 each.. Total budget USD 15000
>>>>>
>>>>> Paul, I think the proposal by Kostas supports that approach. Any
>>>>> project leader could decide to get an additional slot/s by using their
>>>>> project funds. The only clarification is that Summer of Code is about
>>>>> 'code' so the documentation projects are out of scope.
>>>>>
>>>>> Is everyone satisfied with the overall contents of the proposal? Can
>>>>> we bring this to a vote by the Board and move forward?
>>>>>
>>>>> Thanks Kostas for putting this together.
>>>>>
>>>>> Regards,
>>>>>
>>>>> Fabio
>>>>>
>>>>> Sent from my iPhone
>>>>>
>>>>> On 20 Apr 2015, at 14:39, Paul Ritchie <paul.ritchie at owasp.org
>>>>> <javascript:_e(%7B%7D,'cvml','paul.ritchie at owasp.org');>> wrote:
>>>>>
>>>>> Hi Josh, all:
>>>>>
>>>>> So you are suggesting that a couple of the well funded Projects like
>>>>> AppSensor, OpenSAMM, ZAP, etc., could make a decision to 'sponsor' a
>>>>> student under the Summer of Code program to the tune or $1500 or $3000 or
>>>>> whatever they wanted to contribute.  And, they could ensure that those
>>>>> funds were used on student work benefiting their project.
>>>>>
>>>>> I like that approach.  Funded projects support their own work effort,
>>>>> and then the Foundation could support other high-value student proposals
>>>>> that focus on new projects or under-funded projects.
>>>>> Paul
>>>>>
>>>>> Best Regards, Paul Ritchie
>>>>> OWASP Interim Executive Director
>>>>> paul.ritchie at owasp.org
>>>>> <javascript:_e(%7B%7D,'cvml','paul.ritchie at owasp.org');>
>>>>>
>>>>>
>>>>> On Mon, Apr 20, 2015 at 1:21 PM, Josh Sokol <josh.sokol at owasp.org
>>>>> <javascript:_e(%7B%7D,'cvml','josh.sokol at owasp.org');>> wrote:
>>>>>
>>>>>> I think we should treat it like we do the chapters.  If a project has
>>>>>> money in their account, then they are not eligible for Foundation funds
>>>>>> until that money has been allocated.  I'd also agree that $30k of
>>>>>> unbudgeted funds is a lot to spend like this considering I don't see any
>>>>>> reason to hurry here.  It literally means robbing another budgeted project
>>>>>> in order to account for this.  That said, I support the idea, in concept.
>>>>>> Maybe the projects with some money can front it for their slots, the
>>>>>> Foundation can use this as an experiment for our own program, and we can
>>>>>> see how it goes.  Minimal risk with a high reward and we can budget for
>>>>>> more next year?
>>>>>>
>>>>>> ~josh
>>>>>>
>>>>>> On Mon, Apr 20, 2015 at 2:59 PM, Tobias <tobias.gondrom at owasp.org
>>>>>> <javascript:_e(%7B%7D,'cvml','tobias.gondrom at owasp.org');>> wrote:
>>>>>>
>>>>>>>  Well, I don't know.
>>>>>>>
>>>>>>> IMHO the criteria should be based on quality of proposal and bang
>>>>>>> for the buck for OWASP.
>>>>>>>
>>>>>>> incubator/lab/flagship seems not so useful. E.g. if we get three
>>>>>>> good in one category, I would not see a point selecting one from another
>>>>>>> one just to serve all categories.
>>>>>>>
>>>>>>> Cheers, Tobias
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>> On 20/04/15 19:49, johanna curiel curiel wrote:
>>>>>>>
>>>>>>> >Not sure we need to split this in incubator/lab/flagship
>>>>>>> categories.
>>>>>>>
>>>>>>>  Tobias, this could be a option If we would like to provide a fair
>>>>>>> chance to all project categories. Woudl you suggest other criteria for
>>>>>>> selection?
>>>>>>>
>>>>>>>  cheers
>>>>>>>
>>>>>>>  Johanna
>>>>>>>
>>>>>>> On Mon, Apr 20, 2015 at 2:44 PM, Tobias <tobias.gondrom at owasp.org
>>>>>>> <javascript:_e(%7B%7D,'cvml','tobias.gondrom at owasp.org');>> wrote:
>>>>>>>
>>>>>>>>  3 x 2500USD sounds reasonable.
>>>>>>>>
>>>>>>>> Not sure we need to split this in incubator/lab/flagship
>>>>>>>> categories.
>>>>>>>>
>>>>>>>> Best, Tobias
>>>>>>>>
>>>>>>>>
>>>>>>>>
>>>>>>>> On 20/04/15 19:39, johanna curiel curiel wrote:
>>>>>>>>
>>>>>>>> Consider maybe a small pilot with 3 types of projects:
>>>>>>>> 1 Incubator, 1 LAB, 1 Flagship
>>>>>>>>
>>>>>>>>  Do a pre selection of the most active on each category  and then
>>>>>>>> select at random the participating one.
>>>>>>>>
>>>>>>>>  just an idea
>>>>>>>>
>>>>>>>>  Total for the pilot 9,000USD (3 x 3000USD) or
>>>>>>>> USD2500x 3 = 7500USD
>>>>>>>>
>>>>>>>>  regards
>>>>>>>>
>>>>>>>>  Johanna
>>>>>>>>
>>>>>>>> On Mon, Apr 20, 2015 at 2:21 PM, Jim Manico <jim.manico at owasp.org
>>>>>>>> <javascript:_e(%7B%7D,'cvml','jim.manico at owasp.org');>> wrote:
>>>>>>>>
>>>>>>>>>  A suggestion. Because this is the first time OWASP is directly
>>>>>>>>> funding this initiative, can we start with a smaller financial amount,
>>>>>>>>> measure success, and then consider larger funding next year? I want to see
>>>>>>>>> how we do first and would feel more comfortable with a smaller experiment.
>>>>>>>>>
>>>>>>>>> - Jim
>>>>>>>>>
>>>>>>>>>
>>>>>>>>>
>>>>>>>>> On 4/19/15 8:27 AM, Konstantinos Papapanagiotou wrote:
>>>>>>>>>
>>>>>>>>>    Dear board,
>>>>>>>>>
>>>>>>>>>  Following recent conversations I would like to formally submit a
>>>>>>>>> proposal for the OWASP Summer of Code Sprint, requesting a budget of
>>>>>>>>> $30,000.
>>>>>>>>>
>>>>>>>>>  The details of the proposal can be found here:
>>>>>>>>> https://docs.google.com/document/d/1FTC-zh__i6ft6uyZRw4rZHxOA44U6T7i33r8RkN0AXk/edit?usp=sharing
>>>>>>>>>
>>>>>>>>>  I believe that such initiatives are important for our mission as
>>>>>>>>> they combine project contributions and reaching out to students who are
>>>>>>>>> future developers.
>>>>>>>>>
>>>>>>>>>  Looking forward to your comments,
>>>>>>>>>
>>>>>>>>>  Kostas
>>>>>>>>>
>>>>>>>>>
>>>>>>>>>  _______________________________________________
>>>>>>>>> Owasp-board mailing listOwasp-board at lists.owasp.org <javascript:_e(%7B%7D,'cvml','Owasp-board at lists.owasp.org');>https://lists.owasp.org/mailman/listinfo/owasp-board
>>>>>>>>>
>>>>>>>>>
>>>>>>>>>
>>>>>>>>> _______________________________________________
>>>>>>>>> Owasp-board mailing list
>>>>>>>>> Owasp-board at lists.owasp.org
>>>>>>>>> <javascript:_e(%7B%7D,'cvml','Owasp-board at lists.owasp.org');>
>>>>>>>>> https://lists.owasp.org/mailman/listinfo/owasp-board
>>>>>>>>>
>>>>>>>>>
>>>>>>>>
>>>>>>>>
>>>>>>>> _______________________________________________
>>>>>>>> Owasp-board mailing listOwasp-board at lists.owasp.org <javascript:_e(%7B%7D,'cvml','Owasp-board at lists.owasp.org');>https://lists.owasp.org/mailman/listinfo/owasp-board
>>>>>>>>
>>>>>>>>
>>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>> _______________________________________________
>>>>>>> Owasp-board mailing list
>>>>>>> Owasp-board at lists.owasp.org
>>>>>>> <javascript:_e(%7B%7D,'cvml','Owasp-board at lists.owasp.org');>
>>>>>>> https://lists.owasp.org/mailman/listinfo/owasp-board
>>>>>>>
>>>>>>>
>>>>>>
>>>>>> _______________________________________________
>>>>>> Owasp-board mailing list
>>>>>> Owasp-board at lists.owasp.org
>>>>>> <javascript:_e(%7B%7D,'cvml','Owasp-board at lists.owasp.org');>
>>>>>> https://lists.owasp.org/mailman/listinfo/owasp-board
>>>>>>
>>>>>>
>>>>> _______________________________________________
>>>>> Owasp-board mailing list
>>>>> Owasp-board at lists.owasp.org
>>>>> <javascript:_e(%7B%7D,'cvml','Owasp-board at lists.owasp.org');>
>>>>> https://lists.owasp.org/mailman/listinfo/owasp-board
>>>>>
>>>>>
>>>>
>>>> _______________________________________________
>>>> Owasp-board mailing list
>>>> Owasp-board at lists.owasp.org
>>>> <javascript:_e(%7B%7D,'cvml','Owasp-board at lists.owasp.org');>
>>>> https://lists.owasp.org/mailman/listinfo/owasp-board
>>>>
>>>>
>>> _______________________________________________
>>> Owasp-board mailing list
>>> Owasp-board at lists.owasp.org
>>> <javascript:_e(%7B%7D,'cvml','Owasp-board at lists.owasp.org');>
>>> https://lists.owasp.org/mailman/listinfo/owasp-board
>>>
>>>
>>> _______________________________________________
>>> Owasp-board mailing list
>>> Owasp-board at lists.owasp.org
>>> <javascript:_e(%7B%7D,'cvml','Owasp-board at lists.owasp.org');>
>>> https://lists.owasp.org/mailman/listinfo/owasp-board
>>>
>>>
>>
>> _______________________________________________
>> Owasp-board mailing list
>> Owasp-board at lists.owasp.org
>> <javascript:_e(%7B%7D,'cvml','Owasp-board at lists.owasp.org');>
>> https://lists.owasp.org/mailman/listinfo/owasp-board
>>
>>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/owasp-board/attachments/20150425/c4de8be3/attachment-0001.html>


More information about the Owasp-board mailing list