[Owasp-board] OWASP Summer of Code Sprint Proposal - urge program leads to engage with concerned board members to achieve a compromise
tobias.gondrom at owasp.org
Thu Apr 30 23:29:08 UTC 2015
please, let me be explicit: I can understand that there may be different
opinions, but I really want to strongly encourage all to engage now for
this year to find a compromise. Not defer this until next year.
This is a very good program and to spend a few days on working on a
compromise now should be worth it.
And this is an experiment for OWASP already and we do spend OWASP funds
on it, so there is a lot of reason for the whole OWASP team to do our
best to get this right today. Not simply defer discussion to next year.
I have the highest opinion of all involved and really think you as a
group should sit together and make the effort to talk this through to
find a compromise.
Josh and Jim have signalled multiple times that they want this project
to happen and want to help find a compromise. And they have both made
efforts to review and provide comments. My expectation would be that you
make a similar effort and do find a common ground.
If you feel that you can not do this alone, we can arrange for a
mediator for the process if necessary.
But I would really like to encourage you to talk now and to work on
resolving this now for this year.
(of course you can also ignore my request, as I make this only as a
normal concerned community member, and not on behalf of the board....)
Thank you and with best regards, Tobias
On 30/04/15 20:44, Konstantinos Papapanagiotou wrote:
> Tobias and board,
> I would like to thank you for your support, valuable feedback and the
> positive vote. As I have already told Jim, I believe that this debate
> is very valuable for OWASP.
> I have already replied to the comments on the proposal. Regarding
> project funds we would like to be flexible and allow projects that do
> not have a lot of budget to keep it for other plans they might have.
> Remember that this is not only about getting work done for projects
> but also about making OWASP more visible to the student/university
> Also, the fact that there was a compromise on the requested budget
> will make this year's program more like an experiment. Depending on
> its success and the feedback from project leaders we will be able to
> improve next year.
> Thank you again,
> On Thu, Apr 30, 2015 at 2:30 AM, Tobias <tobias.gondrom at owasp.org
> <mailto:tobias.gondrom at owasp.org>> wrote:
> Hello Fabio and Kostas,
> the following is my personal request as one of the board members,
> and not as chair of the board.
> I like to raise a point after today's board meeting.
> During our board meeting, Fabio explained the reasons for the
> urgency of the vote. The time window for summer projects for
> students will close very soon and I understand that it is
> important that the budget for this program shall be approved ASAP
> to start the outreach to students.
> With a very small majority the board approved the posted proposal.
> I like to make it clear, that I only did vote in favour of this at
> this point, because I understand the urgency and stretched
> timeline and the highest priority for me was to give our student
> projects the chance to run.
> However, I do share the concerns from Josh and Jim on that
> projects that have funding should really use their allocated
> project funds first before asking / using money from the global
> I can see that projects may not have used their own funds for
> student projects because there was no overarching project
> framework of a OWASP Summer of Code program. But now with this
> program framework in place, I really can not see any reason why a
> project would ask for money from the foundation instead of
> spending their own project funding first. (Frankly, if any project
> lead would disagree with that conclusion, I would really like to
> hear and understand why our global budget should spend money on a
> student activity for their project which the project does not want
> to fund from the project bucket first...)
> As voiced today in the board meeting, I strongly urge you to
> engage with Josh and Jim quickly and use the next 3-5 days to
> reach out to them and try to incorporate their feedback into your
> proposal and come to a compromise. You still have the opportunity
> and time to do so. And I kindly ask all involved, Fabio, Kostas,
> Josh and Jim to make the joint big effort on all sides of trying
> to find a good compromise that works for all. It is no problem and
> still time to amend and improve the existing program in that way
> in the next few days and I would very much encourage the current
> project owners Kostas and Fabio, even though your "summer of code"
> program has been approved by the board, to still make a real
> effort to come to a compromise that considers that projects with
> funding shall spend their project funds first.
> Best regards and thank you very much for your consideration.
> On 27/04/15 18:12, Konstantinos Papapanagiotou wrote:
>> We posted almost simultaneously.
>> The updated proposal, including accepted feedback can be found
>> On Mon, Apr 27, 2015 at 8:09 PM, Tobias <tobias.gondrom at owasp.org
>> <mailto:tobias.gondrom at owasp.org>> wrote:
>> Hi all,
>> it's been great seeing this extensive discussion and exchange
>> of a lot of ideas and comments on this topic. I can see that
>> everyone wants the best for OWASP, the challenge is to find a
>> joint common was forward. If possible, I would like to focus
>> this discussion and lead to the next steps.
>> So I added the topic to the next board meeting agenda on
>> April 29 at 12:00-13:00 PST.
>> (Btw. all board meetings are open and public, so feel free to
>> listen in, there will also be a recording afterwards.)
>> *Could maybe Fabio (or another volunteer) write up a
>> consolidated final proposal including the accepted feedback
>> by Tuesday April-28, so that we could possibly vote on it or
>> discuss the details / amend it on Wednesday April-29? **
>> Thanks, Tobias
>> Tobias Gondrom
>> Chairman OWASP Global Board
>> email: tobias.gondrom at owasp.org <mailto:tobias.gondrom at owasp.org>
>> mobile: +852 56002975 <tel:%2B852%2056002975>
>> mobile: +44 7521003005 <tel:%2B44%207521003005>
>> skype: tgondrom
>> twitter: @tgondrom
>> On 26/04/15 23:24, Kevin W. Wall wrote:
>>> On Sat, Apr 25, 2015 at 2:47 PM, Jim Manico<jim.manico at owasp.org> <mailto:jim.manico at owasp.org> wrote:
>>>> Another note is that if you look at all the projects this 250,000k$ funded
>>>> in 2008...
>>>> ...most are now dead projects.
>>>> We do good at getting projects started but do poorly in bringing these
>>>> projects to maturity.
>>> Unless this was a list of all the projects what actually received funds for
>>> the OWASP SoC 2008, I think this is an unfair characterization.
>>> Instead, I think it is likely that this list of projects at
>>> was just a list complete list of projects at the time. I think it is doubtful
>>> that they all received funds, especially since there are two *inactive*
>>> projects on that list.
>>> Secondly, even if all of those projects received funds, almost 7 years
>>> have passed since that time. While you may think that projects have
>>> at OWASP have a lower success rate than than normal unfunded FOSS
>>> projects, I'm not sure that conjecture is true and am not willing to
>>> believe it based without some hard data to back it up. I suspect that
>>> if we looked at FOSS overall, OWASP is probably about average. I
>>> think it just seems worse because we are all more intimately aware of
>>> all the OWASP projects that seem to fall by the wayside but in general
>>> most failed FOSS projects go completely unnoticed by us.
>>> Not only that, but compare the success rate of OWASP projects
>>> to VC funded tech start ups and I'll bet that OWASP looks pretty
>>> good in comparison, especially if you take into account that the
>>> start-ups usually have full-time, paid staff while we are working
>>> almost exclusively using volunteer hours.
>>>> I really want us to make a big impact. I suggest we focus in on our flagship
>>>> and lab projects with big potential. I'd hate to fund dozens of projects
>>>> (again) that just die on the view a few years after getting funding.
>>> Having said all that, I am by no means endorsing spending $30k in
>>> funds without fully counting the costs and I just don't mean in money.
>>> 2008 was before I got involved again with OWASP, but I'm guessing
>>> that time was spent to make it a success whatever <season> of code
>>> was run. I am just as much concerned that jumping into this in some
>>> hasty manner will have much more negative effects than just possibly
>>> not bring a significant ROI on the money decided to fund it.
>> Owasp-board mailing list
>> Owasp-board at lists.owasp.org <mailto:Owasp-board at lists.owasp.org>
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Owasp-board