[Owasp-board] Higher Criteria on Starting projects
psiinon at gmail.com
Sun Jun 21 19:14:24 UTC 2015
I like the fact that we have a low bar of entry, but definitely agree that
we need to do a better job of making the useful/mature projects more
Perhaps we could have a new 'Candidate' or 'Prospective' category, which
has the existing low bar of entry, but doenst confer full 'OWASP Project'
These could then be listed on a separate page to the 'full' projects.
Such projects would need to show a useful and significant deliverable to be
even considered for promotion to labs.
On Sun, Jun 21, 2015 at 6:49 PM, johanna curiel curiel <
johanna.curiel at owasp.org> wrote:
> >Perhaps we could relabel incubator projects to not even be a project
> until they hit lab level maturity?
> Yes, maybe only when they reach the LAB status, we can call them OWASP
> projects , including all the benefits that comes along with being an OWASP
> Our concern is that :
> - Incubators are right now a huge part of the inventory and take time
> to evaluate
> - We want to graduate faster from Incubator to LAB a project that has
> produce a susbtantial deliverable such as a finalised document or a
> tool/code that works as a Beta version.(Example: OWASP top ten privacy
> risk, OWASP IoT, Proactive controls, Python Security project) .
> - These projects deserve more exposure and attention and is not fair
> get lost among others that have not even produce anything
> We have some very good Incubators but they get 'lost' in this large list
> of projects among other that have no value at all and where started once
> but actually do not work or have incomplete work.
> On Sun, Jun 21, 2015 at 12:49 PM, Jim Manico <jim.manico at owasp.org> wrote:
>> This is tricky since it's important to encourage experimentation.
>> Perhaps we could relabel incubator projects to not even be a project
>> until they hit lab level maturity?
>> I'll put some more brain matter into this and get back to you. Thank you
>> Jim Manico
>> Global Board Member
>> OWASP Foundation
>> Join me at AppSecUSA <http://appsecusa.org/> 2015 in San Francisco!
>> On Jun 21, 2015, at 5:25 AM, johanna curiel curiel <
>> johanna.curiel at owasp.org> wrote:
>> Dear Board and members of the Project Task Force
>> A while ago, Timo Goosen and some owasp members have expressed their
>> concern regarding of Projects (Incubators) and their low level of quality.
>> It has come to our attention that there are projects started and in the
>> opinion of some community members have very little added value top the
>> OWASP project inventory. Therefore we want to revise the actual criteria
>> but also we want to be as fair as we can providing opportunity to anyone to
>> start a project, however we want value and projects that have a certain
>> level of quality.
>> I think we need to revise this criteria and create incentives for
>> researchers interested to join OWASP with their projects.
>> Right now we are giving a free pass to anyone, but we have seen way too
>> many low quality projects that add no new value at all, in our opinion.
>> Tools that sometimes do absolutely nothing to improve security or even
>> reach a level of at least being properly installed or used.
>> We would like to get some feedback on this, because we are really concern
>> that sometimes people use OWASP to start a project without substance or any
>> added value.
>> @Timo, feel free to comment on your concerns
>> You received this message because you are subscribed to the Google Groups
>> "OWASP Projects Task Force" group.
>> To unsubscribe from this group and stop receiving emails from it, send an
>> email to projects-task-force+unsubscribe at owasp.org.
>> To post to this group, send email to projects-task-force at owasp.org.
>> To view this discussion on the web visit
> Owasp-board mailing list
> Owasp-board at lists.owasp.org
OWASP ZAP <https://www.owasp.org/index.php/ZAP> Project leader
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Owasp-board