[Owasp-board] OWASP Summer of Code Sprint Proposal - urge program leads to engage with concerned board members to achieve a compromise

Tobias tobias.gondrom at owasp.org
Thu Apr 30 23:29:08 UTC 2015


Dear Kostas,

please, let me be explicit: I can understand that there may be different 
opinions, but I really want to strongly encourage all to engage now for 
this year to find a compromise. Not defer this until next year.

This is a very good program and to spend a few days on working on a 
compromise now should be worth it.
And this is an experiment for OWASP already and we do spend OWASP funds 
on it, so there is a lot of reason for the whole OWASP team to do our 
best to get this right today. Not simply defer discussion to next year.

I have the highest opinion of all involved and really think you as a 
group should sit together and make the effort to talk this through to 
find a compromise.

Josh and Jim have signalled multiple times that they want this project 
to happen and want to help find a compromise. And they have both made 
efforts to review and provide comments. My expectation would be that you 
make a similar effort and do find a common ground.

If you feel that you can not do this alone, we can arrange for a 
mediator for the process if necessary.
But I would really like to encourage you to talk now and to work on 
resolving this now for this year.

(of course you can also ignore my request, as I make this only as a 
normal concerned community member, and not on behalf of the board....)

Thank you and with best regards, Tobias




On 30/04/15 20:44, Konstantinos Papapanagiotou wrote:
> Tobias and board,
>
> I would like to thank you for your support, valuable feedback and the 
> positive vote. As I have already told Jim, I believe that this debate 
> is very valuable for OWASP.
>
> I have already replied to the comments on the proposal. Regarding 
> project funds we would like to be flexible and allow projects that do 
> not have a lot of budget to keep it for other plans they might have. 
> Remember that this is not only about getting work done for projects 
> but also about making OWASP more visible to the student/university 
> community.
>
> Also, the fact that there was a compromise on the requested budget 
> will make this year's program more like an experiment. Depending on 
> its success and the feedback from project leaders we will be able to 
> improve next year.
>
> Thank you again,
> Kostas
>
> On Thu, Apr 30, 2015 at 2:30 AM, Tobias <tobias.gondrom at owasp.org 
> <mailto:tobias.gondrom at owasp.org>> wrote:
>
>     Hello Fabio and Kostas,
>
>     the following is my personal request as one of the board members,
>     and not as chair of the board.
>
>     I like to raise a point after today's board meeting.
>     During our board meeting, Fabio explained the reasons for the
>     urgency of the vote. The time window for summer projects for
>     students will close very soon and I understand that it is
>     important that the budget for this program shall be approved ASAP
>     to start the outreach to students.
>
>     With a very small majority the board approved the posted proposal.
>
>     I like to make it clear, that I only did vote in favour of this at
>     this point, because I understand the urgency and stretched
>     timeline and the highest priority for me was to give our student
>     projects the chance to run.
>
>     However, I do share the concerns from Josh and Jim on that
>     projects that have funding should really use their allocated
>     project funds first before asking / using money from the global
>     bucket.
>
>     I can see that projects may not have used their own funds for
>     student projects because there was no overarching project
>     framework of a OWASP Summer of Code program. But now with this
>     program framework in place, I really can not see any reason why a
>     project would ask for money from the foundation instead of
>     spending their own project funding first. (Frankly, if any project
>     lead would disagree with that conclusion, I would really like to
>     hear and understand why our global budget should spend money on a
>     student activity for their project which the project does not want
>     to fund from the project bucket first...)
>
>     As voiced today in the board meeting, I strongly urge you to
>     engage with Josh and Jim quickly and use the next 3-5 days to
>     reach out to them and try to incorporate their feedback into your
>     proposal and come to a compromise. You still have the opportunity
>     and time to do so. And I kindly ask all involved, Fabio, Kostas,
>     Josh and Jim to make the joint big effort on all sides of trying
>     to find a good compromise that works for all. It is no problem and
>     still time to amend and improve the existing program in that way
>     in the next few days and I would very much encourage the current
>     project owners Kostas and Fabio, even though your "summer of code"
>     program has been approved by the board, to still make a real
>     effort to come to a compromise that considers that projects with
>     funding shall spend their project funds first.
>
>     Best regards and thank you very much for your consideration.
>
>     Tobias
>
>
>
>     On 27/04/15 18:12, Konstantinos Papapanagiotou wrote:
>>     Tobias,
>>
>>     We posted almost simultaneously.
>>
>>     The updated proposal, including accepted feedback can be found
>>     here:
>>     https://docs.google.com/document/d/1FTC-zh__i6ft6uyZRw4rZHxOA44U6T7i33r8RkN0AXk/edit?usp=sharing
>>
>>     Thanks,
>>     Kostas
>>
>>     On Mon, Apr 27, 2015 at 8:09 PM, Tobias <tobias.gondrom at owasp.org
>>     <mailto:tobias.gondrom at owasp.org>> wrote:
>>
>>         Hi all,
>>
>>         it's been great seeing this extensive discussion and exchange
>>         of a lot of ideas and comments on this topic. I can see that
>>         everyone wants the best for OWASP, the challenge is to find a
>>         joint common was forward. If possible, I would like to focus
>>         this discussion and lead to the next steps.
>>         So I added the topic to the next board meeting agenda on
>>         April 29 at 12:00-13:00 PST.
>>         (Btw. all board meetings are open and public, so feel free to
>>         listen in, there will also be a recording afterwards.)
>>
>>         https://owasp.org/index.php/OWASP_Board_Meetings#tab=Agenda_for_2015_Meetings
>>
>>         *Could maybe Fabio (or another volunteer) write up a
>>         consolidated final proposal including the accepted feedback
>>         by Tuesday April-28, so that we could possibly vote on it or
>>         discuss the details / amend it on Wednesday April-29? **
>>         *
>>         Thanks, Tobias
>>
>>
>>         Tobias Gondrom
>>         Chairman OWASP Global Board
>>         email: tobias.gondrom at owasp.org <mailto:tobias.gondrom at owasp.org>
>>         mobile: +852 56002975 <tel:%2B852%2056002975>
>>         mobile: +44 7521003005 <tel:%2B44%207521003005>
>>         skype: tgondrom
>>         twitter: @tgondrom
>>
>>
>>
>>
>>         On 26/04/15 23:24, Kevin W. Wall wrote:
>>>         On Sat, Apr 25, 2015 at 2:47 PM, Jim Manico<jim.manico at owasp.org>  <mailto:jim.manico at owasp.org>  wrote:
>>>>         Another note is that if you look at all the projects this 250,000k$ funded
>>>>         in 2008...
>>>>
>>>>         https://www.owasp.org/index.php/OWASP_Summer_of_Code_2008
>>>>
>>>>         ...most are now dead projects.
>>>>
>>>>         We do good at getting projects started but do poorly in bringing these
>>>>         projects to maturity.
>>>         Unless this was a list of all the projects what actually received funds for
>>>         the OWASP SoC 2008, I think this is an unfair characterization.
>>>
>>>         Instead, I think it is likely that this list of projects at
>>>         https://www.owasp.org/index.php/OWASP_Summer_of_Code_2008
>>>         was just a list complete list of projects at the time. I think it is doubtful
>>>         that they all received funds, especially since there are two *inactive*
>>>         projects on that list.
>>>
>>>         Secondly, even if all of those projects received funds, almost 7 years
>>>         have passed since that time. While you may think that projects have
>>>         at OWASP have a lower success rate than than normal unfunded FOSS
>>>         projects, I'm not sure that conjecture is true and am not willing to
>>>         believe it based without some hard data to back it up. I suspect that
>>>         if we looked at FOSS overall, OWASP is probably about average. I
>>>         think it just seems worse because we are all more intimately aware of
>>>         all the OWASP projects that seem to fall by the wayside but in general
>>>         most failed FOSS projects go completely unnoticed by us.
>>>
>>>         Not only that, but compare the success rate of OWASP projects
>>>         to VC funded tech start ups and I'll bet that OWASP looks pretty
>>>         good in comparison, especially if you take into account that the
>>>         start-ups usually have full-time, paid staff while we are working
>>>         almost exclusively using volunteer hours.
>>>
>>>>         I really want us to make a big impact. I suggest we focus in on our flagship
>>>>         and lab projects with big potential. I'd hate to fund dozens of projects
>>>>         (again) that just die on the view a few years after getting funding.
>>>         Having said all that, I am by no means endorsing spending $30k in
>>>         funds without fully counting the costs and I just don't mean in money.
>>>         2008 was before I got involved again with OWASP, but I'm guessing
>>>         that time was spent to make it a success whatever <season> of code
>>>         was run. I am just as much concerned that jumping into this in some
>>>         hasty manner will have much more negative effects than just possibly
>>>         not bring a significant ROI on the money decided to fund it.
>>>
>>>         -kevin
>>
>>
>>         _______________________________________________
>>         Owasp-board mailing list
>>         Owasp-board at lists.owasp.org <mailto:Owasp-board at lists.owasp.org>
>>         https://lists.owasp.org/mailman/listinfo/owasp-board
>>
>>
>
>

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/owasp-board/attachments/20150501/ae1b2791/attachment-0001.html>


More information about the Owasp-board mailing list