[Owasp-board] OWASP Summer Code Sprint Proposal

Fabio Cerullo fcerullo at owasp.org
Wed Mar 4 12:09:38 UTC 2015


Johanna

I believe you are talking about specific individual/s who ‘played’ the rules and down voted other projects.

The issue was identified by Kostas, an investigation was carried out by the PM, ED and actions were taken.

Please feel free to submit any evidence about unfair selection/slot allocation to the Board for review.

I would also like to invite other project leaders who participated in GSOC to give their views.

Thanks,
Fabio

> On 4 Mar 2015, at 11:54, johanna curiel curiel <johanna.curiel at owasp.org> wrote:
> 
> The most important part, which is the selection of slots/students, was entirely done by the project leaders/mentors who will score and pick the best proposals from students. That was an open and transparent process which we could definitely replicate here. 
> 
> Fabio, I'm afraid I disagree with you. On both occasions the process was very unclear to many and some leaders were really angry. I agree that these same leaders out of rage did vote low for other project proposals, again out of rage, but they had a point. I also did not agree how the process went during the Gsoc 2013 and 14. It was not clear why some projects did get more slots and others not. Some leaders felt that some projects hardly do any updates during an entire year while others work hard and then got 1 lousy slot.
> 
> I don't think is fair that project leaders that hardly work on certain projects , get slots when other work their a** off and get less.
> The criteria for choosing was not transparent enough and thats what we need to improve, in my opinion.
> 
> regards
> 
> Johanna
> 
> On Wed, Mar 4, 2015 at 6:34 AM, Fabio Cerullo <fcerullo at owasp.org <mailto:fcerullo at owasp.org>> wrote:
> Hi,
> 
> I would welcome everyone who is willing to participate in this initiative either as org admin, project lead or mentor. In previous GSOC editions, Kostas was the org admin and I was the co-admin making sure the application deadlines were met, evaluations were carried out, etc. It is basically an administrative role. And I could vouch Kostas did a great job while at it. Also, in the past we had the overall supervision from the project manager, who hopefully could be on boarded soon. The most important part, which is the selection of slots/students, was entirely done by the project leaders/mentors who will score and pick the best proposals from students. That was an open and transparent process which we could definitely replicate here. 
> 
> So let’s focus on getting this moving and find best ways to engage students/volunteers.
> 
> Regards,
> 
> Fabio
> 
>> On 4 Mar 2015, at 01:48, Jim Manico <jim.manico at owasp.org <mailto:jim.manico at owasp.org>> wrote:
>> 
>> I agree with where Josh and Johanna are coming from. We need to avoid even the •appearance• of inappropriate actions. Having an objective staff member running programs like this is a critical aspect to funding major programs in a fair way.
>> 
>> Look, this goes for me to. Paul has been asking me a lot of pointed questions regarding my own OWASP related travel requests and I'm •very• glad he is doing just that.
>> 
>> Regards,
>> --
>> Jim Manico
>> @Manicode
>> (808) 652-3805 <tel:%28808%29%20652-3805>
>> 
>> On Mar 3, 2015, at 3:08 PM, Josh Sokol <josh.sokol at owasp.org <mailto:josh.sokol at owasp.org>> wrote:
>> 
>>> Personally, I would feel much more comfortable assigning the administrative duties to an OWASP Foundation employee in this situation.  Preferably whoever we end up hiring for the new Projects Coordinator position (which should hopefully happen soon).  Even with the open and transparent nature of the process that we had last year, we still had a complaint about the process being unfair because of Kostas running point and also having a project involved.  This shouldn't be about fairness or trust, it should be about creating a program where nobody can claim shenanigans because those in charge are unbiased.  It's not fair to Kostas to be put in that position; even if it's something he is willingly volunteering for.  If there is even a hint of a conflict of interest, which I believe there is, then that should be removed.  I think that we should let Kostas focus on being a project leader and a student mentor and apply other resources to managing the program.
>>> 
>>> ~josh
>>> 
>>> On Tue, Mar 3, 2015 at 4:46 PM, Konstantinos Papapanagiotou <Konstantinos at owasp.org <mailto:Konstantinos at owasp.org>> wrote:
>>> I'm afraid I'll have to strongly disagree with this. As an org admin I did not review any proposal or endorsed any project. My role is simply to ensure the fairness of the entire process and make sure everything runs smoothly. Also, Fabio is there as co-admin to make sure there are no conflicts. In fact I did everything in a really open and transparent manner and if you check last years slots you will realize that hackademic got less than it deserved.
>>> 
>>> Johanna as you very well know we had other members of our community who tried to abuse the selection process and at the same time were making a huge fuss about this. I'm really surprised (and a bit offended) that you suggest that hackademic should be excluded and not those projects.
>>> 
>>> In any case I do not intend to go on with this discussion. If the community or the board feels that I'm not fair with everyone or that there is such a COI I will step down so that hackademic can participate.
>>> 
>>> Kostas
>>> 
>>> 
>>> On Wednesday, March 4, 2015, johanna curiel curiel <johanna.curiel at owasp.org <mailto:johanna.curiel at owasp.org>> wrote:
>>> Hi Fabio
>>> 
>>> I think we should agree that in this case Kostas project (hackademics) cannot participate in this initiative
>>> It seems to me as a conflict of interest
>>> 
>>> Mentors cannot be the ones monitoring or reviewing the process for transparency
>>> 
>>> regards
>>> 
>>> Johanna
>>> 
>>> On Tue, Mar 3, 2015 at 6:00 PM, Fabio Cerullo <fcerullo at owasp.org <>> wrote:
>>> Guys
>>> 
>>> This is a pretty well mature process at Google and would recommend following a similar approach. 
>>> 
>>> Here is their FAQ:
>>> 
>>> https://www.google-melange.com/gsoc/document/show/gsoc_program/google/gsoc2015/help_page <https://www.google-melange.com/gsoc/document/show/gsoc_program/google/gsoc2015/help_page>
>>> 
>>> All suggestions below could be implemented or have been implemented already as part of OWASP GSOC.
>>> 
>>> https://www.owasp.org/index.php/GSoC <https://www.owasp.org/index.php/GSoC>
>>> 
>>> Bear in mind this initiative needs to be lined up during the students summer holidays.
>>> 
>>> I’m including Kostas who has been the org admin for the last two years.
>>> 
>>> Regards,
>>> 
>>> Fabio
>>> 
>>>> On 3 Mar 2015, at 21:30, johanna curiel curiel <johanna.curiel at owasp.org <>> wrote:
>>>> 
>>>> Have a formal selection process with ideally a committee of leaders making the selections
>>>> Those involved in the selection process cannot also submit
>>>> Those involved in the selection process are also responsible for assessing completion
>>>> All work produced is provided under the same open source license as the project
>>>> This is very important. Neutrality and transparency who can get selected and who does not
>>>> 
>>>> Also keep in mind there are projects that are inactive and have used Gsoc as a way to revive
>>>> 
>>>> A criteria should be clearly established to avoid any misunderstandings and abuses
>>>> 
>>>> I keep on remembering that getting the Gsoc slots has been an on going discussion among participating project leaders
>>>> 
>>>> regards
>>>> 
>>>> Johanna
>>>> 
>>>> On Tue, Mar 3, 2015 at 4:30 PM, Jim Manico <jim.manico at owasp.org <>> wrote:
>>>> +1 I agree with Joshs perspective on this. I'd personally vote no if I had to make a decision on these funds today.
>>>> 
>>>> --
>>>> Jim Manico
>>>> @Manicode
>>>> (808) 652-3805 <tel:%28808%29%20652-3805>
>>>> 
>>>> On Mar 3, 2015, at 2:25 PM, Josh Sokol <josh.sokol at owasp.org <>> wrote:
>>>> 
>>>>> To some extent, I think this gets back to the "should OWASP pay people to work on it's tools" debate.  In my personal opinion, I think that the answer is "yes", provided that we:
>>>>> Have a pre-defined scope for the opportunity with specific milestones required
>>>>> Have a pre-defined award for completing the opportunity
>>>>> Publicly publish any and all opportunities so that anyone can express an interest in them
>>>>> Have a formal selection process with ideally a committee of leaders making the selections
>>>>> Those involved in the selection process cannot also submit
>>>>> Those involved in the selection process are also responsible for assessing completion
>>>>> All work produced is provided under the same open source license as the project
>>>>> If we have agreement on these points, then I would suggest extending Fabio's proposal to be a much broader OWASP call for ideas (not just GSoC submissions).  Put a two week limit on submissions and, once expired, put all reasonable ideas someplace public.  Submit a press release stating that we are looking for students interested in tackling these challenges and providing the details.  As long as this is no longer GSoC, then we get to make up our own rules, and I think that we should take a step back to evaluate how WE would want this to work.  What goal do WE want to accomplish with this initiative.  I'm all for allocating $30k here, but don't just want it to be OWASP's rejected rehashing of GSoC.
>>>>> 
>>>>> ~josh
>>>>> 
>>>>> On Tue, Mar 3, 2015 at 1:49 PM, Fabio Cerullo <fcerullo at owasp.org <>> wrote:
>>>>> Dear all,
>>>>> 
>>>>> As you probably know by now, we have not been accepted to Google Summer of Code this year.
>>>>> 
>>>>> Usually, this is a major push for projects during the year as experienced by ZAP, OWTF, Appsensor, Hackademics, Seraphimdroid, etc. For a full list of ideas in 2015 please check the following URL:
>>>>> 
>>>>> https://www.owasp.org/index.php/GSoC2015_Ideas <https://www.owasp.org/index.php/GSoC2015_Ideas>
>>>>> 
>>>>> In order to keep the momentum going and progress those projects, I would like to request an extraordinary budget allocation of 30K USD to cover up to 10 student slots at 3K each. Usually Google pays 5500 USD per student during GSOC. We will use the same structure as previous years with Kostas/me as org admins, the project leaders who usually participate in GSOC (Core team) will pick the best student submissions and then a group of dedicated OWASP volunteers who every year act as mentors for the students. We could establish a mid-term and full term evaluation where if a student is failed mid-term he/she will only receive half the funds (1500 USD). If the student is approved full term, he/she receives the full amount (3000 USD).
>>>>> 
>>>>> I understand this is a non-planned expenditure, but considering the importance of GSOC in the last couple of years to progress OWASP coding projects, I think is imperative to take some action considering the current scenario.
>>>>> 
>>>>> If you have any questions, please let us know.
>>>>> 
>>>>> Thanks
>>>>> Fabio
>>>>> 
>>>>> _______________________________________________
>>>>> Owasp-board mailing list
>>>>> Owasp-board at lists.owasp.org <>
>>>>> https://lists.owasp.org/mailman/listinfo/owasp-board <https://lists.owasp.org/mailman/listinfo/owasp-board>
>>>>> 
>>>>> 
>>>>> _______________________________________________
>>>>> Owasp-board mailing list
>>>>> Owasp-board at lists.owasp.org <>
>>>>> https://lists.owasp.org/mailman/listinfo/owasp-board <https://lists.owasp.org/mailman/listinfo/owasp-board>
>>>> 
>>>> _______________________________________________
>>>> Owasp-board mailing list
>>>> Owasp-board at lists.owasp.org <>
>>>> https://lists.owasp.org/mailman/listinfo/owasp-board <https://lists.owasp.org/mailman/listinfo/owasp-board>
>>>> 
>>>> 
>>>> _______________________________________________
>>>> Owasp-board mailing list
>>>> Owasp-board at lists.owasp.org <>
>>>> https://lists.owasp.org/mailman/listinfo/owasp-board <https://lists.owasp.org/mailman/listinfo/owasp-board>
>>> 
>>> 
>>> 
>>> _______________________________________________
>>> Owasp-board mailing list
>>> Owasp-board at lists.owasp.org <mailto:Owasp-board at lists.owasp.org>
>>> https://lists.owasp.org/mailman/listinfo/owasp-board <https://lists.owasp.org/mailman/listinfo/owasp-board>
>>> 
>>> 
>>> _______________________________________________
>>> Owasp-board mailing list
>>> Owasp-board at lists.owasp.org <mailto:Owasp-board at lists.owasp.org>
>>> https://lists.owasp.org/mailman/listinfo/owasp-board <https://lists.owasp.org/mailman/listinfo/owasp-board>
>> _______________________________________________
>> Owasp-board mailing list
>> Owasp-board at lists.owasp.org <mailto:Owasp-board at lists.owasp.org>
>> https://lists.owasp.org/mailman/listinfo/owasp-board <https://lists.owasp.org/mailman/listinfo/owasp-board>
> 
> 

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/owasp-board/attachments/20150304/2d13cf25/attachment-0001.html>


More information about the Owasp-board mailing list