[Owasp-board] Higher Criteria on Starting projects

psiinon psiinon at gmail.com
Sun Jun 21 19:20:43 UTC 2015


... or even promotion to Incubator ;)

On Sun, Jun 21, 2015 at 8:14 PM, psiinon <psiinon at gmail.com> wrote:

> I like the fact that we have a low bar of entry, but definitely agree that
> we need to do a better job of making the useful/mature projects more
> visible.
>
> Perhaps we could have a new 'Candidate' or 'Prospective' category, which
> has the existing low bar of entry, but doenst confer full 'OWASP Project'
> status.
> These could then be listed on a separate page to the 'full' projects.
> Such projects would need to show a useful and significant deliverable to
> be even considered for promotion to labs.
>
> Cheers,
>
> Simon
>
> On Sun, Jun 21, 2015 at 6:49 PM, johanna curiel curiel <
> johanna.curiel at owasp.org> wrote:
>
>> >Perhaps we could relabel incubator projects to not even be a project
>> until they hit lab level maturity?
>>
>> Yes, maybe only when they reach the LAB status, we can call them OWASP
>> projects , including all the benefits that comes along with being an OWASP
>> project.
>>
>> Our concern is that :
>>
>>    - Incubators are right now a huge part of the inventory and take time
>>    to evaluate
>>    - We want to graduate faster from Incubator to LAB a project that has
>>    produce a susbtantial deliverable such as a finalised document or a
>>    tool/code that works as a Beta version.(Example: OWASP top ten privacy
>>    risk, OWASP IoT, Proactive controls, Python Security project) .
>>    - These projects deserve more exposure and attention and is not fair
>>    get lost among others that have not even produce anything
>>
>> We have some very good Incubators but they get 'lost' in this large list
>> of projects among other that have no value at all and where started once
>> but actually do not work or have incomplete work.
>>
>> Regards
>>
>> Johanna
>>
>> On Sun, Jun 21, 2015 at 12:49 PM, Jim Manico <jim.manico at owasp.org>
>> wrote:
>>
>>> This is tricky since it's important to encourage experimentation.
>>>
>>> Perhaps we could relabel incubator projects to not even be a project
>>> until they hit lab level maturity?
>>>
>>> I'll put some more brain matter into this and get back to you. Thank you
>>> Johanna...
>>>
>>> Aloha,
>>> --
>>> Jim Manico
>>> Global Board Member
>>> OWASP Foundation
>>> https://www.owasp.org
>>> Join me at AppSecUSA <http://appsecusa.org/> 2015 in San Francisco!
>>>
>>> On Jun 21, 2015, at 5:25 AM, johanna curiel curiel <
>>> johanna.curiel at owasp.org> wrote:
>>>
>>> Dear Board and members of the Project Task Force
>>>
>>> A while ago, Timo Goosen and some owasp members have expressed their
>>> concern regarding of Projects (Incubators) and their low level of quality.
>>>
>>> It has come to our attention that there are projects started and in the
>>> opinion of some community members have very little added value top the
>>> OWASP project inventory. Therefore we want to revise the actual criteria
>>> but also we want to be as fair as we can providing opportunity to anyone to
>>> start a project, however we want value and projects that have a certain
>>> level of quality.
>>>
>>> I think we need to revise this criteria and create incentives for
>>> researchers interested to join OWASP with their projects.
>>>
>>> Right now we are giving a free pass to anyone, but we have seen way too
>>> many low quality projects that add no new value at all, in our opinion.
>>> Tools that sometimes do absolutely nothing to improve security or even
>>> reach a level of at least being properly installed or used.
>>>
>>> We would like to get some feedback on this, because we are really
>>> concern that sometimes people use OWASP to start a project without
>>> substance or any added value.
>>>
>>> @Timo, feel free to comment on your concerns
>>>
>>> Regards
>>>
>>> Johanna
>>>
>>>
>>>  --
>>> You received this message because you are subscribed to the Google
>>> Groups "OWASP Projects Task Force" group.
>>> To unsubscribe from this group and stop receiving emails from it, send
>>> an email to projects-task-force+unsubscribe at owasp.org.
>>> To post to this group, send email to projects-task-force at owasp.org.
>>> To view this discussion on the web visit
>>> https://groups.google.com/a/owasp.org/d/msgid/projects-task-force/CACxry_1%3DwJK4Mj9o3tpBxBP4H8qzKej7Uk0iXbyUVpWwGQdA2A%40mail.gmail.com
>>> <https://groups.google.com/a/owasp.org/d/msgid/projects-task-force/CACxry_1%3DwJK4Mj9o3tpBxBP4H8qzKej7Uk0iXbyUVpWwGQdA2A%40mail.gmail.com?utm_medium=email&utm_source=footer>
>>> .
>>>
>>>
>>
>> _______________________________________________
>> Owasp-board mailing list
>> Owasp-board at lists.owasp.org
>> https://lists.owasp.org/mailman/listinfo/owasp-board
>>
>>
>
>
> --
> OWASP ZAP <https://www.owasp.org/index.php/ZAP> Project leader
>



-- 
OWASP ZAP <https://www.owasp.org/index.php/ZAP> Project leader
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/owasp-board/attachments/20150621/c482afd2/attachment.html>


More information about the Owasp-board mailing list