[Owasp-board] OWASP Summer of Code Sprint Proposal - to be discussed at board meeting on April-29
tobias.gondrom at owasp.org
Mon Apr 27 17:09:59 UTC 2015
it's been great seeing this extensive discussion and exchange of a lot
of ideas and comments on this topic. I can see that everyone wants the
best for OWASP, the challenge is to find a joint common was forward. If
possible, I would like to focus this discussion and lead to the next steps.
So I added the topic to the next board meeting agenda on April 29 at
(Btw. all board meetings are open and public, so feel free to listen in,
there will also be a recording afterwards.)
*Could maybe Fabio (or another volunteer) write up a consolidated final
proposal including the accepted feedback by Tuesday April-28, so that we
could possibly vote on it or discuss the details / amend it on Wednesday
Chairman OWASP Global Board
email: tobias.gondrom at owasp.org <mailto:tobias.gondrom at owasp.org>
mobile: +852 56002975
mobile: +44 7521003005
On 26/04/15 23:24, Kevin W. Wall wrote:
> On Sat, Apr 25, 2015 at 2:47 PM, Jim Manico <jim.manico at owasp.org> wrote:
>> Another note is that if you look at all the projects this 250,000k$ funded
>> in 2008...
>> ...most are now dead projects.
>> We do good at getting projects started but do poorly in bringing these
>> projects to maturity.
> Unless this was a list of all the projects what actually received funds for
> the OWASP SoC 2008, I think this is an unfair characterization.
> Instead, I think it is likely that this list of projects at
> was just a list complete list of projects at the time. I think it is doubtful
> that they all received funds, especially since there are two *inactive*
> projects on that list.
> Secondly, even if all of those projects received funds, almost 7 years
> have passed since that time. While you may think that projects have
> at OWASP have a lower success rate than than normal unfunded FOSS
> projects, I'm not sure that conjecture is true and am not willing to
> believe it based without some hard data to back it up. I suspect that
> if we looked at FOSS overall, OWASP is probably about average. I
> think it just seems worse because we are all more intimately aware of
> all the OWASP projects that seem to fall by the wayside but in general
> most failed FOSS projects go completely unnoticed by us.
> Not only that, but compare the success rate of OWASP projects
> to VC funded tech start ups and I'll bet that OWASP looks pretty
> good in comparison, especially if you take into account that the
> start-ups usually have full-time, paid staff while we are working
> almost exclusively using volunteer hours.
>> I really want us to make a big impact. I suggest we focus in on our flagship
>> and lab projects with big potential. I'd hate to fund dozens of projects
>> (again) that just die on the view a few years after getting funding.
> Having said all that, I am by no means endorsing spending $30k in
> funds without fully counting the costs and I just don't mean in money.
> 2008 was before I got involved again with OWASP, but I'm guessing
> that time was spent to make it a success whatever <season> of code
> was run. I am just as much concerned that jumping into this in some
> hasty manner will have much more negative effects than just possibly
> not bring a significant ROI on the money decided to fund it.
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Owasp-board