[Owasp-board] OWASP Summer of Code Sprint Proposal

Tobias tobias.gondrom at owasp.org
Mon Apr 27 16:59:09 UTC 2015


Hi Johanna,

I agree.
Maybe a small informal update:
- we are currently working hard on getting a staff position for project 
coordinator filled ASAP to help
- we are planning the project summit in Amsterdam
- and if the community agrees, I would in the meantime also use some 
money on a Summer of Code Sprint to experiment and get us rolling until 
we get a full plan.

And I like your point "Clear rules and conditions for participation are 
important in order to have clear expectations". Is this something that 
the projects committee would like to work on?

Cheers, Tobias



On 25/04/15 21:02, johanna curiel curiel wrote:
> I think we need to sit down and think of a yearly plan for projects.
>
> That means , a complete approach on how to motivate , sponsor , 
> support, and maintain project initiatives.
>
> Most activities around projects have been ad-hoc, and driven by little 
> planning.
>
> we should think of activities on a yearly base that we would like to 
> organise (such as summer of code ,summits etc)
>
> A complete program for projects, so they can be nurtured and be able 
> to grow
>
> Clear rules and conditions for participation are important in order to 
> have clear expectations
>
> regards
>
> Johanna
>
>
>
> On Sat, Apr 25, 2015 at 3:35 PM, Matt Tesauro <matt.tesauro at owasp.org 
> <mailto:matt.tesauro at owasp.org>> wrote:
>
>     It should also be noted that OWASP hasn't done an event like the
>     Summer of Code over 6 years.  How many projects keep going without
>     any attention for 6+ years.  Chapters have face to face
>     interaction on a monthly/quarterly basis.  The same is not true
>     for projects.  Project leadership can be a rather lonely business.
>
>     I find it ironic that I'm currently working on a new release of
>     OWASP WTE as I type this - which grew out of the OWASP LIve CD,  a
>     project with direct lineage to the 2008 SoC.
>
>     Yeah, OWASP WTE will now be producing packaged AppSec tools in
>     both .deb and .rpm formats:
>     https://github.com/mtesauro/owasp-wte/commit/defb42ecb0cf5d652fcdfb9bb1608fb94048e017
>
>     Cheers!
>
>     --
>     -- Matt Tesauro
>     OWASP WTE Project Lead
>     http://www.owasp.org/index.php/Category:OWASP_Live_CD_Project
>     http://AppSecLive.org - Community and Download site
>     OWASP OpenStack Security Project Lead
>     https://www.owasp.org/index.php/OWASP_OpenStack_Security_Project
>
>     On Sat, Apr 25, 2015 at 1:47 PM, Jim Manico <jim.manico at owasp.org
>     <mailto:jim.manico at owasp.org>> wrote:
>
>         Another note is that if you look at all the projects this
>         250,000k$ funded in 2008...
>
>         https://www.owasp.org/index.php/OWASP_Summer_of_Code_2008
>
>         ...most are now dead projects.
>
>         We do good at getting projects started but do poorly in
>         bringing these projects to maturity.
>
>         I really want us to make a big impact. I suggest we focus in
>         on our flagship and lab projects with big potential. I'd hate
>         to fund dozens of projects (again) that just die on the view a
>         few years after getting funding.
>
>         Regards,
>         --
>         Jim Manico
>         @Manicode
>         (808) 652-3805 <tel:%28808%29%20652-3805>
>
>         On Apr 25, 2015, at 4:32 AM, Jason Li <jason.li at owasp.org
>         <mailto:jason.li at owasp.org>> wrote:
>
>>         Josh,
>>
>>         I'm a little late to this thread, but I just wanted to point
>>         out that it is NOT the first time OWASP would be running this
>>         type of initiative ourselves. As an organization, we ran
>>         seasons of code for many years prior to Google accepting our
>>         application to participate in Google Summer of Code:
>>         https://www.owasp.org/index.php/OWASP_Autumn_Of_Code_2006
>>         ($34,000 budget)
>>         https://www.owasp.org/index.php/OWASP_Spring_Of_Code_2007
>>         ($117,500 budget)
>>         https://www.owasp.org/index.php/OWASP_Summer_of_Code_2008
>>         ($100,00 budget)
>>
>>         Obviously the organization budget and expenses have changed a
>>         lot since then. Those events were done back when Paulo and
>>         Kate were the only paid employees of OWASP and before
>>         chapters and projects had their own budgets. We've obviously
>>         grown a lot since then, and the goals are different this time
>>         around. But as an organization, we do have some history
>>         running this type of initiative ourselves.
>>
>>         -Jason
>>
>>         On Wed, Apr 22, 2015 at 8:31 AM, Josh Sokol
>>         <josh.sokol at owasp.org <mailto:josh.sokol at owasp.org>> wrote:
>>
>>              I would like to see a couple of changes:
>>
>>             1) I'm not sure it makes sense to use $30k of the project
>>             funding for this one initiative.  It consumes 60% of the
>>             funding for a far smaller percentage of our active
>>             projects.  OWASP also has no history with running this
>>             initiative ourselves so I would prefer to limit our
>>             exposure here the first time around.  I would rather see
>>             us allocate $12,000, roughly 25% of the overall budget
>>             allocated to projects.  This burns our budget for one
>>             quarter, but leaves sufficient budget for the rest of the
>>             year.  It is enough to fully fund 8 students at the
>>             $1500/student price tag which seems like a reasonable
>>             place for us to start this initiative.  If the initiative
>>             is successful, then I would consider increasing the
>>             funding when budgeting for next year.
>>
>>             2) I have not seen any stipulation here stating that
>>             projects must use their project funds before being able
>>             to use Foundation funds.  This is a requirement for all
>>             chapters using community engagement funding and should
>>             apply equally to the projects. Saying that project a with
>>             money can buy additional slots is not the same thing as
>>             saying that they need to use their funds first.  If we
>>             all agree that funds are allocated to be spent, not
>>             saved, then I see no reason why projects with funds
>>             should not be encouraged to spend funds in their account
>>             first and foremost.
>>
>>             I fully support the initiative, but would like to see
>>             these limitations placed on it before voting yes on it.
>>
>>             ~josh
>>
>>             On Mon, Apr 20, 2015 at 6:00 PM, Fabio Cerullo
>>             <fcerullo at owasp.org <mailto:fcerullo at owasp.org>> wrote:
>>
>>                 Hi
>>
>>                 I fully endorse this initiative and think is aligned
>>                 with our mission and strategic goals.
>>
>>                 I appreciate the comments regarding the budgeting and
>>                 we could lower them to a level which everyone feels
>>                 comfortable with.. What about 10 slots at USD 1500
>>                 each.. Total budget USD 15000
>>
>>                 Paul, I think the proposal by Kostas supports that
>>                 approach. Any project leader could decide to get an
>>                 additional slot/s by using their project funds. The
>>                 only clarification is that Summer of Code is about
>>                 'code' so the documentation projects are out of scope.
>>
>>                 Is everyone satisfied with the overall contents of
>>                 the proposal? Can we bring this to a vote by the
>>                 Board and move forward?
>>
>>                 Thanks Kostas for putting this together.
>>
>>                 Regards,
>>
>>                 Fabio
>>
>>                 Sent from my iPhone
>>
>>                 On 20 Apr 2015, at 14:39, Paul Ritchie
>>                 <paul.ritchie at owasp.org
>>                 <mailto:paul.ritchie at owasp.org>> wrote:
>>
>>>                 Hi Josh, all:
>>>
>>>                 So you are suggesting that a couple of the well
>>>                 funded Projects like AppSensor, OpenSAMM, ZAP, etc.,
>>>                 could make a decision to 'sponsor' a student under
>>>                 the Summer of Code program to the tune or $1500 or
>>>                 $3000 or whatever they wanted to contribute. And,
>>>                 they could ensure that those funds were used on
>>>                 student work benefiting their project.
>>>
>>>                 I like that approach. Funded projects support their
>>>                 own work effort, and then the Foundation could
>>>                 support other high-value student proposals that
>>>                 focus on new projects or under-funded projects.
>>>                 Paul
>>>
>>>                 Best Regards, Paul Ritchie
>>>                 OWASP Interim Executive Director
>>>                 paul.ritchie at owasp.org <mailto:paul.ritchie at owasp.org>
>>>
>>>
>>>                 On Mon, Apr 20, 2015 at 1:21 PM, Josh Sokol
>>>                 <josh.sokol at owasp.org <mailto:josh.sokol at owasp.org>>
>>>                 wrote:
>>>
>>>                     I think we should treat it like we do the
>>>                     chapters.  If a project has money in their
>>>                     account, then they are not eligible for
>>>                     Foundation funds until that money has been
>>>                     allocated. I'd also agree that $30k of
>>>                     unbudgeted funds is a lot to spend like this
>>>                     considering I don't see any reason to hurry
>>>                     here. It literally means robbing another
>>>                     budgeted project in order to account for this. 
>>>                     That said, I support the idea, in concept. Maybe
>>>                     the projects with some money can front it for
>>>                     their slots, the Foundation can use this as an
>>>                     experiment for our own program, and we can see
>>>                     how it goes. Minimal risk with a high reward and
>>>                     we can budget for more next year?
>>>
>>>                     ~josh
>>>
>>>                     On Mon, Apr 20, 2015 at 2:59 PM, Tobias
>>>                     <tobias.gondrom at owasp.org
>>>                     <mailto:tobias.gondrom at owasp.org>> wrote:
>>>
>>>                         Well, I don't know.
>>>
>>>                         IMHO the criteria should be based on quality
>>>                         of proposal and bang for the buck for OWASP.
>>>
>>>                         incubator/lab/flagship seems not so useful.
>>>                         E.g. if we get three good in one category, I
>>>                         would not see a point selecting one from
>>>                         another one just to serve all categories.
>>>
>>>                         Cheers, Tobias
>>>
>>>
>>>
>>>                         On 20/04/15 19:49, johanna curiel curiel wrote:
>>>>                         >Not sure we need to split this in incubator/lab/flagship categories.
>>>>
>>>>                         Tobias, this could be a option If we would
>>>>                         like to provide a fair chance to all
>>>>                         project categories. Woudl you suggest other
>>>>                         criteria for selection?
>>>>
>>>>                         cheers
>>>>
>>>>                         Johanna
>>>>
>>>>                         On Mon, Apr 20, 2015 at 2:44 PM, Tobias
>>>>                         <tobias.gondrom at owasp.org
>>>>                         <mailto:tobias.gondrom at owasp.org>> wrote:
>>>>
>>>>                             3 x 2500USD sounds reasonable.
>>>>
>>>>                             Not sure we need to split this in
>>>>                             incubator/lab/flagship categories.
>>>>
>>>>                             Best, Tobias
>>>>
>>>>
>>>>
>>>>                             On 20/04/15 19:39, johanna curiel
>>>>                             curiel wrote:
>>>>>                             Consider maybe a small pilot with 3
>>>>>                             types of projects:
>>>>>                             1 Incubator, 1 LAB, 1 Flagship
>>>>>
>>>>>                             Do a pre selection of the most active
>>>>>                             on each category  and then select at
>>>>>                             random the participating one.
>>>>>
>>>>>                             just an idea
>>>>>
>>>>>                             Total for the pilot 9,000USD (3 x
>>>>>                             3000USD) or
>>>>>                             USD2500x 3 = 7500USD
>>>>>
>>>>>                             regards
>>>>>
>>>>>                             Johanna
>>>>>
>>>>>                             On Mon, Apr 20, 2015 at 2:21 PM, Jim
>>>>>                             Manico <jim.manico at owasp.org
>>>>>                             <mailto:jim.manico at owasp.org>> wrote:
>>>>>
>>>>>                                 A suggestion. Because this is the
>>>>>                                 first time OWASP is directly
>>>>>                                 funding this initiative, can we
>>>>>                                 start with a smaller financial
>>>>>                                 amount, measure success, and then
>>>>>                                 consider larger funding next year?
>>>>>                                 I want to see how we do first and
>>>>>                                 would feel more comfortable with a
>>>>>                                 smaller experiment.
>>>>>
>>>>>                                 - Jim
>>>>>
>>>>>
>>>>>
>>>>>                                 On 4/19/15 8:27 AM, Konstantinos
>>>>>                                 Papapanagiotou wrote:
>>>>>>                                 Dear board,
>>>>>>
>>>>>>                                 Following recent conversations I
>>>>>>                                 would like to formally submit a
>>>>>>                                 proposal for the OWASP Summer of
>>>>>>                                 Code Sprint, requesting a budget
>>>>>>                                 of $30,000.
>>>>>>
>>>>>>                                 The details of the proposal can
>>>>>>                                 be found here:
>>>>>>                                 https://docs.google.com/document/d/1FTC-zh__i6ft6uyZRw4rZHxOA44U6T7i33r8RkN0AXk/edit?usp=sharing
>>>>>>
>>>>>>                                 I believe that such initiatives
>>>>>>                                 are important for our mission as
>>>>>>                                 they combine project
>>>>>>                                 contributions and reaching out to
>>>>>>                                 students who are future developers.
>>>>>>
>>>>>>                                 Looking forward to your comments,
>>>>>>
>>>>>>                                 Kostas
>>>>>>
>>>>>>
>>>>>>                                 _______________________________________________
>>>>>>                                 Owasp-board mailing list
>>>>>>                                 Owasp-board at lists.owasp.org  <mailto:Owasp-board at lists.owasp.org>
>>>>>>                                 https://lists.owasp.org/mailman/listinfo/owasp-board
>>>>>
>>>>>
>>>>>                                 _______________________________________________
>>>>>                                 Owasp-board mailing list
>>>>>                                 Owasp-board at lists.owasp.org
>>>>>                                 <mailto:Owasp-board at lists.owasp.org>
>>>>>                                 https://lists.owasp.org/mailman/listinfo/owasp-board
>>>>>
>>>>>
>>>>>
>>>>>
>>>>>                             _______________________________________________
>>>>>                             Owasp-board mailing list
>>>>>                             Owasp-board at lists.owasp.org  <mailto:Owasp-board at lists.owasp.org>
>>>>>                             https://lists.owasp.org/mailman/listinfo/owasp-board
>>>>
>>>>
>>>
>>>
>>>                         _______________________________________________
>>>                         Owasp-board mailing list
>>>                         Owasp-board at lists.owasp.org
>>>                         <mailto:Owasp-board at lists.owasp.org>
>>>                         https://lists.owasp.org/mailman/listinfo/owasp-board
>>>
>>>
>>>
>>>                     _______________________________________________
>>>                     Owasp-board mailing list
>>>                     Owasp-board at lists.owasp.org
>>>                     <mailto:Owasp-board at lists.owasp.org>
>>>                     https://lists.owasp.org/mailman/listinfo/owasp-board
>>>
>>>
>>>                 _______________________________________________
>>>                 Owasp-board mailing list
>>>                 Owasp-board at lists.owasp.org
>>>                 <mailto:Owasp-board at lists.owasp.org>
>>>                 https://lists.owasp.org/mailman/listinfo/owasp-board
>>
>>
>>
>>             _______________________________________________
>>             Owasp-board mailing list
>>             Owasp-board at lists.owasp.org
>>             <mailto:Owasp-board at lists.owasp.org>
>>             https://lists.owasp.org/mailman/listinfo/owasp-board
>>
>>
>>         _______________________________________________
>>         Owasp-board mailing list
>>         Owasp-board at lists.owasp.org <mailto:Owasp-board at lists.owasp.org>
>>         https://lists.owasp.org/mailman/listinfo/owasp-board
>
>         _______________________________________________
>         Owasp-board mailing list
>         Owasp-board at lists.owasp.org <mailto:Owasp-board at lists.owasp.org>
>         https://lists.owasp.org/mailman/listinfo/owasp-board
>
>
>
>     _______________________________________________
>     Owasp-board mailing list
>     Owasp-board at lists.owasp.org <mailto:Owasp-board at lists.owasp.org>
>     https://lists.owasp.org/mailman/listinfo/owasp-board
>
>
>
>
> _______________________________________________
> Owasp-board mailing list
> Owasp-board at lists.owasp.org
> https://lists.owasp.org/mailman/listinfo/owasp-board

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/owasp-board/attachments/20150427/f08c273e/attachment-0001.html>


More information about the Owasp-board mailing list