[Owasp-board] OWASP Summer Code Sprint Proposal

johanna curiel curiel johanna.curiel at owasp.org
Tue Mar 3 22:20:52 UTC 2015


Hi Fabio

I think we should agree that in this case Kostas project (hackademics)
cannot participate in this initiative
It seems to me as a conflict of interest

Mentors cannot be the ones monitoring or reviewing the process for
transparency

regards

Johanna

On Tue, Mar 3, 2015 at 6:00 PM, Fabio Cerullo <fcerullo at owasp.org> wrote:

> Guys
>
> This is a pretty well mature process at Google and would recommend
> following a similar approach.
>
> Here is their FAQ:
>
>
> https://www.google-melange.com/gsoc/document/show/gsoc_program/google/gsoc2015/help_page
>
> All suggestions below could be implemented or have been implemented
> already as part of OWASP GSOC.
>
> https://www.owasp.org/index.php/GSoC
>
> Bear in mind this initiative needs to be lined up during the students
> summer holidays.
>
> I’m including Kostas who has been the org admin for the last two years.
>
> Regards,
>
> Fabio
>
> On 3 Mar 2015, at 21:30, johanna curiel curiel <johanna.curiel at owasp.org>
> wrote:
>
>
>    - Have a formal selection process with ideally a committee of leaders
>    making the selections
>    - Those involved in the selection process cannot also submit
>    - Those involved in the selection process are also responsible for
>    assessing completion
>    - All work produced is provided under the same open source license as
>    the project
>
> This is very important. Neutrality and transparency who can get selected
> and who does not
>
> Also keep in mind there are projects that are inactive and have used Gsoc
> as a way to revive
>
> A criteria should be clearly established to avoid
> any misunderstandings and abuses
>
> I keep on remembering that getting the Gsoc slots has been an on going
> discussion among participating project leaders
>
> regards
>
> Johanna
>
> On Tue, Mar 3, 2015 at 4:30 PM, Jim Manico <jim.manico at owasp.org> wrote:
>
>> +1 I agree with Joshs perspective on this. I'd personally vote no if I
>> had to make a decision on these funds today.
>>
>> --
>> Jim Manico
>> @Manicode
>> (808) 652-3805
>>
>> On Mar 3, 2015, at 2:25 PM, Josh Sokol <josh.sokol at owasp.org> wrote:
>>
>> To some extent, I think this gets back to the "should OWASP pay people to
>> work on it's tools" debate.  In my personal opinion, I think that the
>> answer is "yes", provided that we:
>>
>>    - Have a pre-defined scope for the opportunity with specific
>>    milestones required
>>    - Have a pre-defined award for completing the opportunity
>>    - Publicly publish any and all opportunities so that anyone can
>>    express an interest in them
>>    - Have a formal selection process with ideally a committee of leaders
>>    making the selections
>>    - Those involved in the selection process cannot also submit
>>    - Those involved in the selection process are also responsible for
>>    assessing completion
>>    - All work produced is provided under the same open source license as
>>    the project
>>
>> If we have agreement on these points, then I would suggest extending
>> Fabio's proposal to be a much broader OWASP call for ideas (not just GSoC
>> submissions).  Put a two week limit on submissions and, once expired, put
>> all reasonable ideas someplace public.  Submit a press release stating that
>> we are looking for students interested in tackling these challenges and
>> providing the details.  As long as this is no longer GSoC, then we get to
>> make up our own rules, and I think that we should take a step back to
>> evaluate how WE would want this to work.  What goal do WE want to
>> accomplish with this initiative.  I'm all for allocating $30k here, but
>> don't just want it to be OWASP's rejected rehashing of GSoC.
>>
>> ~josh
>>
>> On Tue, Mar 3, 2015 at 1:49 PM, Fabio Cerullo <fcerullo at owasp.org> wrote:
>>
>>> Dear all,
>>>
>>> As you probably know by now, we have not been accepted to Google Summer
>>> of Code this year.
>>>
>>> Usually, this is a major push for projects during the year as
>>> experienced by ZAP, OWTF, Appsensor, Hackademics, Seraphimdroid, etc. For a
>>> full list of ideas in 2015 please check the following URL:
>>>
>>> https://www.owasp.org/index.php/GSoC2015_Ideas
>>>
>>> In order to keep the momentum going and progress those projects, I would
>>> like to request an extraordinary budget allocation of 30K USD to cover up
>>> to 10 student slots at 3K each. Usually Google pays 5500 USD per student
>>> during GSOC. We will use the same structure as previous years with
>>> Kostas/me as org admins, the project leaders who usually participate in
>>> GSOC (Core team) will pick the best student submissions and then a group of
>>> dedicated OWASP volunteers who every year act as mentors for the students.
>>> We could establish a mid-term and full term evaluation where if a student
>>> is failed mid-term he/she will only receive half the funds (1500 USD). If
>>> the student is approved full term, he/she receives the full amount (3000
>>> USD).
>>>
>>> I understand this is a non-planned expenditure, but considering the
>>> importance of GSOC in the last couple of years to progress OWASP coding
>>> projects, I think is imperative to take some action considering the current
>>> scenario.
>>>
>>> If you have any questions, please let us know.
>>>
>>> Thanks
>>> Fabio
>>>
>>> _______________________________________________
>>> Owasp-board mailing list
>>> Owasp-board at lists.owasp.org
>>> https://lists.owasp.org/mailman/listinfo/owasp-board
>>>
>>>
>> _______________________________________________
>> Owasp-board mailing list
>> Owasp-board at lists.owasp.org
>> https://lists.owasp.org/mailman/listinfo/owasp-board
>>
>>
>> _______________________________________________
>> Owasp-board mailing list
>> Owasp-board at lists.owasp.org
>> https://lists.owasp.org/mailman/listinfo/owasp-board
>>
>>
> _______________________________________________
> Owasp-board mailing list
> Owasp-board at lists.owasp.org
> https://lists.owasp.org/mailman/listinfo/owasp-board
>
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/owasp-board/attachments/20150303/c9429454/attachment-0001.html>


More information about the Owasp-board mailing list