[Owasp-board] OWASP Summer Code Sprint Proposal

Jim Manico jim.manico at owasp.org
Tue Mar 3 20:30:21 UTC 2015

+1 I agree with Joshs perspective on this. I'd personally vote no if I had
to make a decision on these funds today.

Jim Manico
(808) 652-3805

On Mar 3, 2015, at 2:25 PM, Josh Sokol <josh.sokol at owasp.org> wrote:

To some extent, I think this gets back to the "should OWASP pay people to
work on it's tools" debate.  In my personal opinion, I think that the
answer is "yes", provided that we:

   - Have a pre-defined scope for the opportunity with specific milestones
   - Have a pre-defined award for completing the opportunity
   - Publicly publish any and all opportunities so that anyone can express
   an interest in them
   - Have a formal selection process with ideally a committee of leaders
   making the selections
   - Those involved in the selection process cannot also submit
   - Those involved in the selection process are also responsible for
   assessing completion
   - All work produced is provided under the same open source license as
   the project

If we have agreement on these points, then I would suggest extending
Fabio's proposal to be a much broader OWASP call for ideas (not just GSoC
submissions).  Put a two week limit on submissions and, once expired, put
all reasonable ideas someplace public.  Submit a press release stating that
we are looking for students interested in tackling these challenges and
providing the details.  As long as this is no longer GSoC, then we get to
make up our own rules, and I think that we should take a step back to
evaluate how WE would want this to work.  What goal do WE want to
accomplish with this initiative.  I'm all for allocating $30k here, but
don't just want it to be OWASP's rejected rehashing of GSoC.


On Tue, Mar 3, 2015 at 1:49 PM, Fabio Cerullo <fcerullo at owasp.org> wrote:

> Dear all,
> As you probably know by now, we have not been accepted to Google Summer of
> Code this year.
> Usually, this is a major push for projects during the year as experienced
> by ZAP, OWTF, Appsensor, Hackademics, Seraphimdroid, etc. For a full list
> of ideas in 2015 please check the following URL:
> https://www.owasp.org/index.php/GSoC2015_Ideas
> In order to keep the momentum going and progress those projects, I would
> like to request an extraordinary budget allocation of 30K USD to cover up
> to 10 student slots at 3K each. Usually Google pays 5500 USD per student
> during GSOC. We will use the same structure as previous years with
> Kostas/me as org admins, the project leaders who usually participate in
> GSOC (Core team) will pick the best student submissions and then a group of
> dedicated OWASP volunteers who every year act as mentors for the students.
> We could establish a mid-term and full term evaluation where if a student
> is failed mid-term he/she will only receive half the funds (1500 USD). If
> the student is approved full term, he/she receives the full amount (3000
> USD).
> I understand this is a non-planned expenditure, but considering the
> importance of GSOC in the last couple of years to progress OWASP coding
> projects, I think is imperative to take some action considering the current
> scenario.
> If you have any questions, please let us know.
> Thanks
> Fabio
> _______________________________________________
> Owasp-board mailing list
> Owasp-board at lists.owasp.org
> https://lists.owasp.org/mailman/listinfo/owasp-board
Owasp-board mailing list
Owasp-board at lists.owasp.org
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/owasp-board/attachments/20150303/536c8933/attachment.html>

More information about the Owasp-board mailing list