[Owasp-board] OWASP Summer Code Sprint Proposal

johanna curiel curiel johanna.curiel at owasp.org
Tue Mar 3 23:31:59 UTC 2015


 >This shouldn't be about fairness or trust, it should be about creating a
program where nobody can claim shenanigans because those in charge are
unbiased...
If there is even a hint of a conflict of interest, which I believe there
is, then that should be removed.

Exactly

Kostas,

I'm not referring about the past Gsoc but the new initiative. Anyways, in
the past , you were in a position of conflict of interest, even when you
tried to be objective.

The person , or manager of this initiative should not have any conflict of
interest and should be totally unrelated to any participating projects

regards

Johanna

On Tue, Mar 3, 2015 at 7:07 PM, Josh Sokol <josh.sokol at owasp.org> wrote:

> Personally, I would feel much more comfortable assigning the
> administrative duties to an OWASP Foundation employee in this situation.
> Preferably whoever we end up hiring for the new Projects Coordinator
> position (which should hopefully happen soon).  Even with the open and
> transparent nature of the process that we had last year, we still had a
> complaint about the process being unfair because of Kostas running point
> and also having a project involved.  This shouldn't be about fairness or
> trust, it should be about creating a program where nobody can claim
> shenanigans because those in charge are unbiased.  It's not fair to Kostas
> to be put in that position; even if it's something he is willingly
> volunteering for.  If there is even a hint of a conflict of interest, which
> I believe there is, then that should be removed.  I think that we should
> let Kostas focus on being a project leader and a student mentor and apply
> other resources to managing the program.
>
> ~josh
>
> On Tue, Mar 3, 2015 at 4:46 PM, Konstantinos Papapanagiotou <
> Konstantinos at owasp.org> wrote:
>
>> I'm afraid I'll have to strongly disagree with this. As an org admin I
>> did not review any proposal or endorsed any project. My role is simply to
>> ensure the fairness of the entire process and make sure everything runs
>> smoothly. Also, Fabio is there as co-admin to make sure there are no
>> conflicts. In fact I did everything in a really open and transparent manner
>> and if you check last years slots you will realize that hackademic got less
>> than it deserved.
>>
>> Johanna as you very well know we had other members of our community who
>> tried to abuse the selection process and at the same time were making a
>> huge fuss about this. I'm really surprised (and a bit offended) that you
>> suggest that hackademic should be excluded and not those projects.
>>
>> In any case I do not intend to go on with this discussion. If the
>> community or the board feels that I'm not fair with everyone or that there
>> is such a COI I will step down so that hackademic can participate.
>>
>> Kostas
>>
>>
>> On Wednesday, March 4, 2015, johanna curiel curiel <
>> johanna.curiel at owasp.org> wrote:
>>
>>> Hi Fabio
>>>
>>> I think we should agree that in this case Kostas project (hackademics)
>>> cannot participate in this initiative
>>> It seems to me as a conflict of interest
>>>
>>> Mentors cannot be the ones monitoring or reviewing the process for
>>> transparency
>>>
>>> regards
>>>
>>> Johanna
>>>
>>> On Tue, Mar 3, 2015 at 6:00 PM, Fabio Cerullo <fcerullo at owasp.org>
>>> wrote:
>>>
>>>> Guys
>>>>
>>>> This is a pretty well mature process at Google and would recommend
>>>> following a similar approach.
>>>>
>>>> Here is their FAQ:
>>>>
>>>>
>>>> https://www.google-melange.com/gsoc/document/show/gsoc_program/google/gsoc2015/help_page
>>>>
>>>> All suggestions below could be implemented or have been implemented
>>>> already as part of OWASP GSOC.
>>>>
>>>> https://www.owasp.org/index.php/GSoC
>>>>
>>>> Bear in mind this initiative needs to be lined up during the students
>>>> summer holidays.
>>>>
>>>> I’m including Kostas who has been the org admin for the last two years.
>>>>
>>>> Regards,
>>>>
>>>> Fabio
>>>>
>>>> On 3 Mar 2015, at 21:30, johanna curiel curiel <
>>>> johanna.curiel at owasp.org> wrote:
>>>>
>>>>
>>>>    - Have a formal selection process with ideally a committee of
>>>>    leaders making the selections
>>>>    - Those involved in the selection process cannot also submit
>>>>    - Those involved in the selection process are also responsible for
>>>>    assessing completion
>>>>    - All work produced is provided under the same open source license
>>>>    as the project
>>>>
>>>> This is very important. Neutrality and transparency who can get
>>>> selected and who does not
>>>>
>>>> Also keep in mind there are projects that are inactive and have used
>>>> Gsoc as a way to revive
>>>>
>>>> A criteria should be clearly established to avoid
>>>> any misunderstandings and abuses
>>>>
>>>> I keep on remembering that getting the Gsoc slots has been an on going
>>>> discussion among participating project leaders
>>>>
>>>> regards
>>>>
>>>> Johanna
>>>>
>>>> On Tue, Mar 3, 2015 at 4:30 PM, Jim Manico <jim.manico at owasp.org>
>>>> wrote:
>>>>
>>>>> +1 I agree with Joshs perspective on this. I'd personally vote no if I
>>>>> had to make a decision on these funds today.
>>>>>
>>>>> --
>>>>> Jim Manico
>>>>> @Manicode
>>>>> (808) 652-3805
>>>>>
>>>>> On Mar 3, 2015, at 2:25 PM, Josh Sokol <josh.sokol at owasp.org> wrote:
>>>>>
>>>>> To some extent, I think this gets back to the "should OWASP pay people
>>>>> to work on it's tools" debate.  In my personal opinion, I think that the
>>>>> answer is "yes", provided that we:
>>>>>
>>>>>    - Have a pre-defined scope for the opportunity with specific
>>>>>    milestones required
>>>>>    - Have a pre-defined award for completing the opportunity
>>>>>    - Publicly publish any and all opportunities so that anyone can
>>>>>    express an interest in them
>>>>>    - Have a formal selection process with ideally a committee of
>>>>>    leaders making the selections
>>>>>    - Those involved in the selection process cannot also submit
>>>>>    - Those involved in the selection process are also responsible for
>>>>>    assessing completion
>>>>>    - All work produced is provided under the same open source license
>>>>>    as the project
>>>>>
>>>>> If we have agreement on these points, then I would suggest extending
>>>>> Fabio's proposal to be a much broader OWASP call for ideas (not just GSoC
>>>>> submissions).  Put a two week limit on submissions and, once expired, put
>>>>> all reasonable ideas someplace public.  Submit a press release stating that
>>>>> we are looking for students interested in tackling these challenges and
>>>>> providing the details.  As long as this is no longer GSoC, then we get to
>>>>> make up our own rules, and I think that we should take a step back to
>>>>> evaluate how WE would want this to work.  What goal do WE want to
>>>>> accomplish with this initiative.  I'm all for allocating $30k here, but
>>>>> don't just want it to be OWASP's rejected rehashing of GSoC.
>>>>>
>>>>> ~josh
>>>>>
>>>>> On Tue, Mar 3, 2015 at 1:49 PM, Fabio Cerullo <fcerullo at owasp.org>
>>>>> wrote:
>>>>>
>>>>>> Dear all,
>>>>>>
>>>>>> As you probably know by now, we have not been accepted to Google
>>>>>> Summer of Code this year.
>>>>>>
>>>>>> Usually, this is a major push for projects during the year as
>>>>>> experienced by ZAP, OWTF, Appsensor, Hackademics, Seraphimdroid, etc. For a
>>>>>> full list of ideas in 2015 please check the following URL:
>>>>>>
>>>>>> https://www.owasp.org/index.php/GSoC2015_Ideas
>>>>>>
>>>>>> In order to keep the momentum going and progress those projects, I
>>>>>> would like to request an extraordinary budget allocation of 30K USD to
>>>>>> cover up to 10 student slots at 3K each. Usually Google pays 5500 USD per
>>>>>> student during GSOC. We will use the same structure as previous years with
>>>>>> Kostas/me as org admins, the project leaders who usually participate in
>>>>>> GSOC (Core team) will pick the best student submissions and then a group of
>>>>>> dedicated OWASP volunteers who every year act as mentors for the students.
>>>>>> We could establish a mid-term and full term evaluation where if a student
>>>>>> is failed mid-term he/she will only receive half the funds (1500 USD). If
>>>>>> the student is approved full term, he/she receives the full amount (3000
>>>>>> USD).
>>>>>>
>>>>>> I understand this is a non-planned expenditure, but considering the
>>>>>> importance of GSOC in the last couple of years to progress OWASP coding
>>>>>> projects, I think is imperative to take some action considering the current
>>>>>> scenario.
>>>>>>
>>>>>> If you have any questions, please let us know.
>>>>>>
>>>>>> Thanks
>>>>>> Fabio
>>>>>>
>>>>>> _______________________________________________
>>>>>> Owasp-board mailing list
>>>>>> Owasp-board at lists.owasp.org
>>>>>> https://lists.owasp.org/mailman/listinfo/owasp-board
>>>>>>
>>>>>>
>>>>> _______________________________________________
>>>>> Owasp-board mailing list
>>>>> Owasp-board at lists.owasp.org
>>>>> https://lists.owasp.org/mailman/listinfo/owasp-board
>>>>>
>>>>>
>>>>> _______________________________________________
>>>>> Owasp-board mailing list
>>>>> Owasp-board at lists.owasp.org
>>>>> https://lists.owasp.org/mailman/listinfo/owasp-board
>>>>>
>>>>>
>>>> _______________________________________________
>>>> Owasp-board mailing list
>>>> Owasp-board at lists.owasp.org
>>>> https://lists.owasp.org/mailman/listinfo/owasp-board
>>>>
>>>>
>>>>
>>>
>> _______________________________________________
>> Owasp-board mailing list
>> Owasp-board at lists.owasp.org
>> https://lists.owasp.org/mailman/listinfo/owasp-board
>>
>>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/owasp-board/attachments/20150303/7547456f/attachment.html>


More information about the Owasp-board mailing list