[Owasp-board] Higher Criteria on Starting projects
jim.manico at owasp.org
Sun Jun 21 19:38:06 UTC 2015
I like this general strategy. I really think this is a "labeling" issue vs needing better criteria for entry.
Global Board Member
Join me at AppSecUSA 2015 in San Francisco!
> On Jun 21, 2015, at 9:14 AM, psiinon <psiinon at gmail.com> wrote:
> I like the fact that we have a low bar of entry, but definitely agree that we need to do a better job of making the useful/mature projects more visible.
> Perhaps we could have a new 'Candidate' or 'Prospective' category, which has the existing low bar of entry, but doenst confer full 'OWASP Project' status.
> These could then be listed on a separate page to the 'full' projects.
> Such projects would need to show a useful and significant deliverable to be even considered for promotion to labs.
>> On Sun, Jun 21, 2015 at 6:49 PM, johanna curiel curiel <johanna.curiel at owasp.org> wrote:
>> >Perhaps we could relabel incubator projects to not even be a project until they hit lab level maturity?
>> Yes, maybe only when they reach the LAB status, we can call them OWASP projects , including all the benefits that comes along with being an OWASP project.
>> Our concern is that :
>> Incubators are right now a huge part of the inventory and take time to evaluate
>> We want to graduate faster from Incubator to LAB a project that has produce a susbtantial deliverable such as a finalised document or a tool/code that works as a Beta version.(Example: OWASP top ten privacy risk, OWASP IoT, Proactive controls, Python Security project) .
>> These projects deserve more exposure and attention and is not fair get lost among others that have not even produce anything
>> We have some very good Incubators but they get 'lost' in this large list of projects among other that have no value at all and where started once but actually do not work or have incomplete work.
>>> On Sun, Jun 21, 2015 at 12:49 PM, Jim Manico <jim.manico at owasp.org> wrote:
>>> This is tricky since it's important to encourage experimentation.
>>> Perhaps we could relabel incubator projects to not even be a project until they hit lab level maturity?
>>> I'll put some more brain matter into this and get back to you. Thank you Johanna...
>>> Jim Manico
>>> Global Board Member
>>> OWASP Foundation
>>> Join me at AppSecUSA 2015 in San Francisco!
>>>> On Jun 21, 2015, at 5:25 AM, johanna curiel curiel <johanna.curiel at owasp.org> wrote:
>>>> Dear Board and members of the Project Task Force
>>>> A while ago, Timo Goosen and some owasp members have expressed their concern regarding of Projects (Incubators) and their low level of quality.
>>>> It has come to our attention that there are projects started and in the opinion of some community members have very little added value top the OWASP project inventory. Therefore we want to revise the actual criteria but also we want to be as fair as we can providing opportunity to anyone to start a project, however we want value and projects that have a certain level of quality.
>>>> I think we need to revise this criteria and create incentives for researchers interested to join OWASP with their projects.
>>>> Right now we are giving a free pass to anyone, but we have seen way too many low quality projects that add no new value at all, in our opinion. Tools that sometimes do absolutely nothing to improve security or even reach a level of at least being properly installed or used.
>>>> We would like to get some feedback on this, because we are really concern that sometimes people use OWASP to start a project without substance or any added value.
>>>> @Timo, feel free to comment on your concerns
>>>> You received this message because you are subscribed to the Google Groups "OWASP Projects Task Force" group.
>>>> To unsubscribe from this group and stop receiving emails from it, send an email to projects-task-force+unsubscribe at owasp.org.
>>>> To post to this group, send email to projects-task-force at owasp.org.
>>>> To view this discussion on the web visit https://groups.google.com/a/owasp.org/d/msgid/projects-task-force/CACxry_1%3DwJK4Mj9o3tpBxBP4H8qzKej7Uk0iXbyUVpWwGQdA2A%40mail.gmail.com.
>> Owasp-board mailing list
>> Owasp-board at lists.owasp.org
> OWASP ZAP Project leader
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Owasp-board