[Owasp-board] Higher Criteria on Starting projects

johanna curiel curiel johanna.curiel at owasp.org
Sun Jun 21 19:37:59 UTC 2015


>Perhaps we could have a new 'Candidate' or 'Prospective' category, which
has the existing low bar of entry, but doenst confer full 'OWASP Project'
status.

I like this idea. Set a very low bar to Candidates where a wiki  project
page can be setup but it does not make part of the project inventory.

I would like to set a new category called : *Candidates*. These projects
will have another OWAPS wiki inventory


   - Only when they have made a complete 'Beta' version that works, it will
   be evaluated and it can be promoted as 'Incubator'
   - A Candidate project will not be evaluated till their leaders request
   to become an 'Incubator'
   - A candidate project will not be considered an 'OWASP' project but can
   be part of the 'Candidate' Inventory

I'm not sure what should be the procedure here. But I would like to propose
this and implement this asap.

In fact if an actual incubator does not have any release at all, it will be
set in the 'Candidate' Inventory.
In order to be part  of Incubator projects, it must have a beta release.(A
complete working prototype or Alpha Document)

How do I get this approve?

Regards

Johanna



On Sun, Jun 21, 2015 at 3:20 PM, psiinon <psiinon at gmail.com> wrote:

> ... or even promotion to Incubator ;)
>
>
> On Sun, Jun 21, 2015 at 8:14 PM, psiinon <psiinon at gmail.com> wrote:
>
>> I like the fact that we have a low bar of entry, but definitely agree
>> that we need to do a better job of making the useful/mature projects more
>> visible.
>>
>> Perhaps we could have a new 'Candidate' or 'Prospective' category, which
>> has the existing low bar of entry, but doenst confer full 'OWASP Project'
>> status.
>> These could then be listed on a separate page to the 'full' projects.
>> Such projects would need to show a useful and significant deliverable to
>> be even considered for promotion to labs.
>>
>> Cheers,
>>
>> Simon
>>
>> On Sun, Jun 21, 2015 at 6:49 PM, johanna curiel curiel <
>> johanna.curiel at owasp.org> wrote:
>>
>>> >Perhaps we could relabel incubator projects to not even be a project
>>> until they hit lab level maturity?
>>>
>>> Yes, maybe only when they reach the LAB status, we can call them OWASP
>>> projects , including all the benefits that comes along with being an OWASP
>>> project.
>>>
>>> Our concern is that :
>>>
>>>    - Incubators are right now a huge part of the inventory and take
>>>    time to evaluate
>>>    - We want to graduate faster from Incubator to LAB a project that
>>>    has produce a susbtantial deliverable such as a finalised document or a
>>>    tool/code that works as a Beta version.(Example: OWASP top ten privacy
>>>    risk, OWASP IoT, Proactive controls, Python Security project) .
>>>    - These projects deserve more exposure and attention and is not fair
>>>    get lost among others that have not even produce anything
>>>
>>> We have some very good Incubators but they get 'lost' in this large list
>>> of projects among other that have no value at all and where started once
>>> but actually do not work or have incomplete work.
>>>
>>> Regards
>>>
>>> Johanna
>>>
>>> On Sun, Jun 21, 2015 at 12:49 PM, Jim Manico <jim.manico at owasp.org>
>>> wrote:
>>>
>>>> This is tricky since it's important to encourage experimentation.
>>>>
>>>> Perhaps we could relabel incubator projects to not even be a project
>>>> until they hit lab level maturity?
>>>>
>>>> I'll put some more brain matter into this and get back to you. Thank
>>>> you Johanna...
>>>>
>>>> Aloha,
>>>> --
>>>> Jim Manico
>>>> Global Board Member
>>>> OWASP Foundation
>>>> https://www.owasp.org
>>>> Join me at AppSecUSA <http://appsecusa.org/> 2015 in San Francisco!
>>>>
>>>> On Jun 21, 2015, at 5:25 AM, johanna curiel curiel <
>>>> johanna.curiel at owasp.org> wrote:
>>>>
>>>> Dear Board and members of the Project Task Force
>>>>
>>>> A while ago, Timo Goosen and some owasp members have expressed their
>>>> concern regarding of Projects (Incubators) and their low level of quality.
>>>>
>>>> It has come to our attention that there are projects started and in the
>>>> opinion of some community members have very little added value top the
>>>> OWASP project inventory. Therefore we want to revise the actual criteria
>>>> but also we want to be as fair as we can providing opportunity to anyone to
>>>> start a project, however we want value and projects that have a certain
>>>> level of quality.
>>>>
>>>> I think we need to revise this criteria and create incentives for
>>>> researchers interested to join OWASP with their projects.
>>>>
>>>> Right now we are giving a free pass to anyone, but we have seen way too
>>>> many low quality projects that add no new value at all, in our opinion.
>>>> Tools that sometimes do absolutely nothing to improve security or even
>>>> reach a level of at least being properly installed or used.
>>>>
>>>> We would like to get some feedback on this, because we are really
>>>> concern that sometimes people use OWASP to start a project without
>>>> substance or any added value.
>>>>
>>>> @Timo, feel free to comment on your concerns
>>>>
>>>> Regards
>>>>
>>>> Johanna
>>>>
>>>>
>>>>  --
>>>> You received this message because you are subscribed to the Google
>>>> Groups "OWASP Projects Task Force" group.
>>>> To unsubscribe from this group and stop receiving emails from it, send
>>>> an email to projects-task-force+unsubscribe at owasp.org.
>>>> To post to this group, send email to projects-task-force at owasp.org.
>>>> To view this discussion on the web visit
>>>> https://groups.google.com/a/owasp.org/d/msgid/projects-task-force/CACxry_1%3DwJK4Mj9o3tpBxBP4H8qzKej7Uk0iXbyUVpWwGQdA2A%40mail.gmail.com
>>>> <https://groups.google.com/a/owasp.org/d/msgid/projects-task-force/CACxry_1%3DwJK4Mj9o3tpBxBP4H8qzKej7Uk0iXbyUVpWwGQdA2A%40mail.gmail.com?utm_medium=email&utm_source=footer>
>>>> .
>>>>
>>>>
>>>
>>> _______________________________________________
>>> Owasp-board mailing list
>>> Owasp-board at lists.owasp.org
>>> https://lists.owasp.org/mailman/listinfo/owasp-board
>>>
>>>
>>
>>
>> --
>> OWASP ZAP <https://www.owasp.org/index.php/ZAP> Project leader
>>
>
>
>
> --
> OWASP ZAP <https://www.owasp.org/index.php/ZAP> Project leader
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/owasp-board/attachments/20150621/027ebcdf/attachment-0001.html>


More information about the Owasp-board mailing list