[Owasp-board] OWASP Summer of Code Sprint Proposal - urge program leads to engage with concerned board members to achieve a compromise

Konstantinos Papapanagiotou Konstantinos at owasp.org
Thu Apr 30 19:44:07 UTC 2015

Tobias and board,

I would like to thank you for your support, valuable feedback and the
positive vote. As I have already told Jim, I believe that this debate is
very valuable for OWASP.

I have already replied to the comments on the proposal. Regarding project
funds we would like to be flexible and allow projects that do not have a
lot of budget to keep it for other plans they might have. Remember that
this is not only about getting work done for projects but also about making
OWASP more visible to the student/university community.

Also, the fact that there was a compromise on the requested budget will
make this year's program more like an experiment. Depending on its success
and the feedback from project leaders we will be able to improve next year.

Thank you again,

On Thu, Apr 30, 2015 at 2:30 AM, Tobias <tobias.gondrom at owasp.org> wrote:

>  Hello Fabio and Kostas,
> the following is my personal request as one of the board members, and not
> as chair of the board.
> I like to raise a point after today's board meeting.
> During our board meeting, Fabio explained the reasons for the urgency of
> the vote. The time window for summer projects for students will close very
> soon and I understand that it is important that the budget for this program
> shall be approved ASAP to start the outreach to students.
> With a very small majority the board approved the posted proposal.
> I like to make it clear, that I only did vote in favour of this at this
> point, because I understand the urgency and stretched timeline and the
> highest priority for me was to give our student projects the chance to run.
> However, I do share the concerns from Josh and Jim on that projects that
> have funding should really use their allocated project funds first before
> asking / using money from the global bucket.
> I can see that projects may not have used their own funds for student
> projects because there was no overarching project framework of a OWASP
> Summer of Code program. But now with this program framework in place, I
> really can not see any reason why a project would ask for money from the
> foundation instead of spending their own project funding first. (Frankly,
> if any project lead would disagree with that conclusion, I would really
> like to hear and understand why our global budget should spend money on a
> student activity for their project which the project does not want to fund
> from the project bucket first...)
> As voiced today in the board meeting, I strongly urge you to engage with
> Josh and Jim quickly and use the next 3-5 days to reach out to them and try
> to incorporate their feedback into your proposal and come to a compromise.
> You still have the opportunity and time to do so. And I kindly ask all
> involved, Fabio, Kostas, Josh and Jim to make the joint big effort on all
> sides of trying to find a good compromise that works for all. It is no
> problem and still time to amend and improve the existing program in that
> way in the next few days and I would very much encourage the current
> project owners Kostas and Fabio, even though your "summer of code" program
> has been approved by the board, to still make a real effort to come to a
> compromise that considers that projects with funding shall spend their
> project funds first.
> Best regards and thank you very much for your consideration.
> Tobias
> On 27/04/15 18:12, Konstantinos Papapanagiotou wrote:
>   Tobias,
>  We posted almost simultaneously.
>  The updated proposal, including accepted feedback can be found here:
> https://docs.google.com/document/d/1FTC-zh__i6ft6uyZRw4rZHxOA44U6T7i33r8RkN0AXk/edit?usp=sharing
>  Thanks,
>  Kostas
> On Mon, Apr 27, 2015 at 8:09 PM, Tobias <tobias.gondrom at owasp.org> wrote:
>>  Hi all,
>> it's been great seeing this extensive discussion and exchange of a lot of
>> ideas and comments on this topic. I can see that everyone wants the best
>> for OWASP, the challenge is to find a joint common was forward. If
>> possible, I would like to focus this discussion and lead to the next steps.
>> So I added the topic to the next board meeting agenda on April 29 at
>> 12:00-13:00 PST.
>> (Btw. all board meetings are open and public, so feel free to listen in,
>> there will also be a recording afterwards.)
>> https://owasp.org/index.php/OWASP_Board_Meetings#tab=Agenda_for_2015_Meetings
>> *Could maybe Fabio (or another volunteer) write up a consolidated final
>> proposal including the accepted feedback by Tuesday April-28, so that we
>> could possibly vote on it or discuss the details / amend it on Wednesday
>> April-29? *
>> Thanks, Tobias
>> Tobias Gondrom
>> Chairman OWASP Global Board
>> email: tobias.gondrom at owasp.org
>> mobile: +852 56002975
>> mobile: +44 7521003005
>> skype: tgondrom
>> twitter: @tgondrom
>> On 26/04/15 23:24, Kevin W. Wall wrote:
>> On Sat, Apr 25, 2015 at 2:47 PM, Jim Manico <jim.manico at owasp.org> <jim.manico at owasp.org> wrote:
>>  Another note is that if you look at all the projects this 250,000k$ funded
>> in 2008...
>> https://www.owasp.org/index.php/OWASP_Summer_of_Code_2008
>> ...most are now dead projects.
>> We do good at getting projects started but do poorly in bringing these
>> projects to maturity.
>>  Unless this was a list of all the projects what actually received funds for
>> the OWASP SoC 2008, I think this is an unfair characterization.
>> Instead, I think it is likely that this list of projects athttps://www.owasp.org/index.php/OWASP_Summer_of_Code_2008
>> was just a list complete list of projects at the time. I think it is doubtful
>> that they all received funds, especially since there are two *inactive*
>> projects on that list.
>> Secondly, even if all of those projects received funds, almost 7 years
>> have passed since that time. While you may think that projects have
>> at OWASP have a lower success rate than than normal unfunded FOSS
>> projects, I'm not sure that conjecture is true and am not willing to
>> believe it based without some hard data to back it up. I suspect that
>> if we looked at FOSS overall, OWASP is probably about average. I
>> think it just seems worse because we are all more intimately aware of
>> all the OWASP projects that seem to fall by the wayside but in general
>> most failed FOSS projects go completely unnoticed by us.
>> Not only that, but compare the success rate of OWASP projects
>> to VC funded tech start ups and I'll bet that OWASP looks pretty
>> good in comparison, especially if you take into account that the
>> start-ups usually have full-time, paid staff while we are working
>> almost exclusively using volunteer hours.
>>  I really want us to make a big impact. I suggest we focus in on our flagship
>> and lab projects with big potential. I'd hate to fund dozens of projects
>> (again) that just die on the view a few years after getting funding.
>>  Having said all that, I am by no means endorsing spending $30k in
>> funds without fully counting the costs and I just don't mean in money.
>> 2008 was before I got involved again with OWASP, but I'm guessing
>> that time was spent to make it a success whatever <season> of code
>> was run. I am just as much concerned that jumping into this in some
>> hasty manner will have much more negative effects than just possibly
>> not bring a significant ROI on the money decided to fund it.
>> -kevin
>> _______________________________________________
>> Owasp-board mailing list
>> Owasp-board at lists.owasp.org
>> https://lists.owasp.org/mailman/listinfo/owasp-board
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/owasp-board/attachments/20150430/85b83288/attachment.html>

More information about the Owasp-board mailing list