[Owasp-board] OWASP Summer of Code Sprint Proposal - to be discussed at board meeting on April-29
Konstantinos at owasp.org
Mon Apr 27 17:12:06 UTC 2015
We posted almost simultaneously.
The updated proposal, including accepted feedback can be found here:
On Mon, Apr 27, 2015 at 8:09 PM, Tobias <tobias.gondrom at owasp.org> wrote:
> Hi all,
> it's been great seeing this extensive discussion and exchange of a lot of
> ideas and comments on this topic. I can see that everyone wants the best
> for OWASP, the challenge is to find a joint common was forward. If
> possible, I would like to focus this discussion and lead to the next steps.
> So I added the topic to the next board meeting agenda on April 29 at
> 12:00-13:00 PST.
> (Btw. all board meetings are open and public, so feel free to listen in,
> there will also be a recording afterwards.)
> *Could maybe Fabio (or another volunteer) write up a consolidated final
> proposal including the accepted feedback by Tuesday April-28, so that we
> could possibly vote on it or discuss the details / amend it on Wednesday
> April-29? *
> Thanks, Tobias
> Tobias Gondrom
> Chairman OWASP Global Board
> email: tobias.gondrom at owasp.org
> mobile: +852 56002975
> mobile: +44 7521003005
> skype: tgondrom
> twitter: @tgondrom
> On 26/04/15 23:24, Kevin W. Wall wrote:
> On Sat, Apr 25, 2015 at 2:47 PM, Jim Manico <jim.manico at owasp.org> <jim.manico at owasp.org> wrote:
> Another note is that if you look at all the projects this 250,000k$ funded
> in 2008...
> ...most are now dead projects.
> We do good at getting projects started but do poorly in bringing these
> projects to maturity.
> Unless this was a list of all the projects what actually received funds for
> the OWASP SoC 2008, I think this is an unfair characterization.
> Instead, I think it is likely that this list of projects athttps://www.owasp.org/index.php/OWASP_Summer_of_Code_2008
> was just a list complete list of projects at the time. I think it is doubtful
> that they all received funds, especially since there are two *inactive*
> projects on that list.
> Secondly, even if all of those projects received funds, almost 7 years
> have passed since that time. While you may think that projects have
> at OWASP have a lower success rate than than normal unfunded FOSS
> projects, I'm not sure that conjecture is true and am not willing to
> believe it based without some hard data to back it up. I suspect that
> if we looked at FOSS overall, OWASP is probably about average. I
> think it just seems worse because we are all more intimately aware of
> all the OWASP projects that seem to fall by the wayside but in general
> most failed FOSS projects go completely unnoticed by us.
> Not only that, but compare the success rate of OWASP projects
> to VC funded tech start ups and I'll bet that OWASP looks pretty
> good in comparison, especially if you take into account that the
> start-ups usually have full-time, paid staff while we are working
> almost exclusively using volunteer hours.
> I really want us to make a big impact. I suggest we focus in on our flagship
> and lab projects with big potential. I'd hate to fund dozens of projects
> (again) that just die on the view a few years after getting funding.
> Having said all that, I am by no means endorsing spending $30k in
> funds without fully counting the costs and I just don't mean in money.
> 2008 was before I got involved again with OWASP, but I'm guessing
> that time was spent to make it a success whatever <season> of code
> was run. I am just as much concerned that jumping into this in some
> hasty manner will have much more negative effects than just possibly
> not bring a significant ROI on the money decided to fund it.
> Owasp-board mailing list
> Owasp-board at lists.owasp.org
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Owasp-board