[Owasp-board] Regarding Hackademic project-follow up discussion clarifications

johanna curiel curiel johanna.curiel at owasp.org
Thu Jul 23 16:59:47 UTC 2015


>You can point out such inconsistencies on a personal or project level
before publicly saying that you guys know nothing about security and keep
spending money without doing anything.

We already did this directly with the project leaders and didn't received
an answer. Spyros never answered my questions regarding the new branch or
updates:
https://groups.google.com/a/owasp.org/forum/?hl=en#!topic/projects-task-force/iKoo1utMwAcT

No one took the time to update the wiki or update us with the status.

Timo just made an observation on the fact that the documentation he created
was not published and never received a concrete answer on that.He gave them
the documentation through email.Maybe his reaction was out of frustration
he has expressed multiple times to me due to spending time and he felt no
appreciation for the efforts he did.

 If I didn't contact you directly is because you do not appear to us as
leading the project. Spyros and Antonis are doing that from our
understanding.
See mailing list:
http://lists.owasp.org/pipermail/owasp-hackademic-challenges/

I think that the problem here is a misconception and misunderstanding of
the work and Project classification. I would like to clarify this again.
This information has been published on the wiki:
https://www.owasp.org/index.php/Category:OWASP_Project#tab=Project_Assessments

The higher you are ranked, the more we review , watch and control we do.
Projects in incubator phase are more free to have the development they want
as long as they keep active within a period of 1 year for code, 2-3 years
for documentation. A very low bar, even though many members have expressed
that they do not even support this. I think we should consider putting this
to a community vote

Why is that ? Because the  higher that you rank , the more benefits you get
including budget,  financing and participation in initiatives.
The fact that USD4,500- can go to your project creates a level of
responsibility for deliverables.

I'm not accusing the project of doing anything, but the issue here is the
status LAB vs activity level does not match.The branch shows no major
progress nor wiki or updates or mailing list have a low activity.

I'm not saying we should not spend USD12,500 in 4 projects, what I'm saying
is that for next time we should evaluate if this activity or any other
should be kept when it has not the desired impact on the proposed OWASP
mission and goals.

That is what any organisation does when investing or spending in a certain
activity. Whether to improve it or cancel it.

That goes for any initiative.

Regards

Johanna





On Thu, Jul 23, 2015 at 11:10 AM, Konstantinos Papapanagiotou <
Konstantinos at owasp.org> wrote:

> This has been already discussed openly, voted and decided, a couple of
> months ago. Why do we have to come back? Unless you think that you can also
> kill an initiative voted by the board with a single email of yours like you
> demoted our project.
>
> Anyway Johanna, I'm in favor of criticism and the reviewing process
> because it provides constructive comments. Once more, I have no issues with
> calling Hackademic "Lab", "Incubator" or anything that you see fit. You
> promoted it to "Lab", you demote it to "incubator". However in this thread
> I've seen a lot of comments that are more like libel on a public mailing
> list , rather than criticism. You have said that we get money without doing
> anything, that there's hardly any work done and someone even said that we
> "lack basic knowledge of security". The project might not be mature enough,
> might not have all the required elements to be on the "Lab" status, might
> have security or other bugs but this is something totally different. You
> can point out such inconsistencies on a personal or project level before
> publicly saying that you guys know nothing about security and keep spending
> money without doing anything.
> Frankly Johanna, I expected that at least you, personally, knew the
> progress we are making, even if its slow; and you also know me personally
> you could have got in touch with me first with all these issues. My take
> would have probably been to go back to incubator until we improve. You can
> do as you see fit with the project but I do expect an apology on a personal
> level for things that have been said.
>
> Thank you Johanna,
> Kostas
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/owasp-board/attachments/20150723/3a1474b7/attachment.html>


More information about the Owasp-board mailing list