[Owasp-board] OWASP Summer of Code Sprint Proposal - urge program leads to engage with concerned board members to achieve a compromise
tobias.gondrom at owasp.org
Wed Apr 29 23:30:51 UTC 2015
Hello Fabio and Kostas,
the following is my personal request as one of the board members, and
not as chair of the board.
I like to raise a point after today's board meeting.
During our board meeting, Fabio explained the reasons for the urgency of
the vote. The time window for summer projects for students will close
very soon and I understand that it is important that the budget for this
program shall be approved ASAP to start the outreach to students.
With a very small majority the board approved the posted proposal.
I like to make it clear, that I only did vote in favour of this at this
point, because I understand the urgency and stretched timeline and the
highest priority for me was to give our student projects the chance to run.
However, I do share the concerns from Josh and Jim on that projects that
have funding should really use their allocated project funds first
before asking / using money from the global bucket.
I can see that projects may not have used their own funds for student
projects because there was no overarching project framework of a OWASP
Summer of Code program. But now with this program framework in place, I
really can not see any reason why a project would ask for money from the
foundation instead of spending their own project funding first.
(Frankly, if any project lead would disagree with that conclusion, I
would really like to hear and understand why our global budget should
spend money on a student activity for their project which the project
does not want to fund from the project bucket first...)
As voiced today in the board meeting, I strongly urge you to engage with
Josh and Jim quickly and use the next 3-5 days to reach out to them and
try to incorporate their feedback into your proposal and come to a
compromise. You still have the opportunity and time to do so. And I
kindly ask all involved, Fabio, Kostas, Josh and Jim to make the joint
big effort on all sides of trying to find a good compromise that works
for all. It is no problem and still time to amend and improve the
existing program in that way in the next few days and I would very much
encourage the current project owners Kostas and Fabio, even though your
"summer of code" program has been approved by the board, to still make a
real effort to come to a compromise that considers that projects with
funding shall spend their project funds first.
Best regards and thank you very much for your consideration.
On 27/04/15 18:12, Konstantinos Papapanagiotou wrote:
> We posted almost simultaneously.
> The updated proposal, including accepted feedback can be found here:
> On Mon, Apr 27, 2015 at 8:09 PM, Tobias <tobias.gondrom at owasp.org
> <mailto:tobias.gondrom at owasp.org>> wrote:
> Hi all,
> it's been great seeing this extensive discussion and exchange of a
> lot of ideas and comments on this topic. I can see that everyone
> wants the best for OWASP, the challenge is to find a joint common
> was forward. If possible, I would like to focus this discussion
> and lead to the next steps.
> So I added the topic to the next board meeting agenda on April 29
> at 12:00-13:00 PST.
> (Btw. all board meetings are open and public, so feel free to
> listen in, there will also be a recording afterwards.)
> *Could maybe Fabio (or another volunteer) write up a consolidated
> final proposal including the accepted feedback by Tuesday
> April-28, so that we could possibly vote on it or discuss the
> details / amend it on Wednesday April-29? **
> Thanks, Tobias
> Tobias Gondrom
> Chairman OWASP Global Board
> email: tobias.gondrom at owasp.org <mailto:tobias.gondrom at owasp.org>
> mobile: +852 56002975 <tel:%2B852%2056002975>
> mobile: +44 7521003005 <tel:%2B44%207521003005>
> skype: tgondrom
> twitter: @tgondrom
> On 26/04/15 23:24, Kevin W. Wall wrote:
>> On Sat, Apr 25, 2015 at 2:47 PM, Jim Manico<jim.manico at owasp.org> <mailto:jim.manico at owasp.org> wrote:
>>> Another note is that if you look at all the projects this 250,000k$ funded
>>> in 2008...
>>> ...most are now dead projects.
>>> We do good at getting projects started but do poorly in bringing these
>>> projects to maturity.
>> Unless this was a list of all the projects what actually received funds for
>> the OWASP SoC 2008, I think this is an unfair characterization.
>> Instead, I think it is likely that this list of projects at
>> was just a list complete list of projects at the time. I think it is doubtful
>> that they all received funds, especially since there are two *inactive*
>> projects on that list.
>> Secondly, even if all of those projects received funds, almost 7 years
>> have passed since that time. While you may think that projects have
>> at OWASP have a lower success rate than than normal unfunded FOSS
>> projects, I'm not sure that conjecture is true and am not willing to
>> believe it based without some hard data to back it up. I suspect that
>> if we looked at FOSS overall, OWASP is probably about average. I
>> think it just seems worse because we are all more intimately aware of
>> all the OWASP projects that seem to fall by the wayside but in general
>> most failed FOSS projects go completely unnoticed by us.
>> Not only that, but compare the success rate of OWASP projects
>> to VC funded tech start ups and I'll bet that OWASP looks pretty
>> good in comparison, especially if you take into account that the
>> start-ups usually have full-time, paid staff while we are working
>> almost exclusively using volunteer hours.
>>> I really want us to make a big impact. I suggest we focus in on our flagship
>>> and lab projects with big potential. I'd hate to fund dozens of projects
>>> (again) that just die on the view a few years after getting funding.
>> Having said all that, I am by no means endorsing spending $30k in
>> funds without fully counting the costs and I just don't mean in money.
>> 2008 was before I got involved again with OWASP, but I'm guessing
>> that time was spent to make it a success whatever <season> of code
>> was run. I am just as much concerned that jumping into this in some
>> hasty manner will have much more negative effects than just possibly
>> not bring a significant ROI on the money decided to fund it.
> Owasp-board mailing list
> Owasp-board at lists.owasp.org <mailto:Owasp-board at lists.owasp.org>
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Owasp-board