[Owasp-board] Rethinking startegy regarding projects

Jim Manico jim.manico at owasp.org
Thu Nov 26 10:17:12 UTC 2015


I think OWASP projects are critical to the foundation and I want to support new ideas that new projects bring.

But I surrender. We really need to rethink the whole OWASP project philosophy and seek better focus and direction. We're all over the place and our energy is very diluted and sometimes abused.

I have a lot of ideas, but frankly I'm not sure what the best direction is. But I am open to significant change.

By the same token, we have some amazing flagship projects and I think it would be a tragedy if those went away.

--
Jim Manico
Global Board Member
OWASP Foundation
https://www.owasp.org
Join me in Rome for AppSecEU 2016!

> On Nov 26, 2015, at 12:00 PM, psiinon <psiinon at gmail.com> wrote:
> 
> I agree that this is a good time to rethink OWASP's project strategy.
> Creating and maintaining high quality open source projects takes a lot of time and effort, and can only be done in ones 'spare time' for a relatively short period.
> Successful projects need sponsorship and people who are able to dedicate a significant part of their working week to them.
> Abandoned or poorly maintained projects only damage OWASP's reputation.
> 
> Should we effectively ditch all but the flagship projects? Only taking on new projects when they reach that level of quality?
> Would a tool that becomes successful in its own right _want_ to be adopted by OWASP?
> Should OWASP ditch project altogether??
> Or maybe just ditch all but the documentation projects?
> Maybe we should just recommend open source projects, a sort of 'OWASP approved' badge?
> 
> If we do keep some projects (and I think we should;) then what purpose should they serve?
> Providing high quality tools that help make the internet more secure?
> Helping people learn about security?
> Driving awareness of OWASP? (How would people learn about OWASP if not via projects like the Top 10 and ZAP?)
> Provide tools and features that commercial companies are not currently providing (effectively, or for a reasonable price)?
> Interested to see what other people think.
> 
> Cheers,
> 
> Simon
> 
> 
>> On Thu, Nov 26, 2015 at 9:19 AM, johanna curiel curiel <johanna.curiel at owasp.org> wrote:
>> Leaders and members of the board 
>> 
>> As former member of the project review team, I have been observing the increasing issues related with projects
>> Fact is, we do not have enough volunteers nor staff to support and watch quality of projects, do reviews and have a supervison on them.
>> 
>> More than often, projects become dormant or inactive.
>> Recently The misuse of owasp brand have been an issue with projects like Benchmark and recent  complains of users from The PHPSEC project. But this is an on going issue.
>> 
>> I think is time that OWASP rethink its strategy regarding projects
>> 
>> Maybe instead of trying to offer a platform that is not sustainable, owasp should adopt and sponsor projects  that already have established a name on their own
>> 
>> Nothing stops a dedicated individual to start an open source project on his own. In The past when owasp was a small organization ran by dedicated volunteers, it worked for these couple of projects, but right now is out of hand. Take a look how many active projects are actually being mantained.
>> 
>> Mantaining a project takes a lot of dedication and this is what People need to realize when starting an open source project
>> 
>> What I see quite often is People wanting to misuse Owasp brand instead of willing to pull a project
>> Major reason I quit from reviewing and the fact that we do not have feasible resources to produce projects that are sustainable in the long term.
>> 
>> I'm also cancelling the proposal with regards of bounty source program. Reality is that without dedicated efforts and resources , it wont be sustainable.
>> 
>> Regards
>> 
>> Johanna 
>> 
>> 
>> 
>> _______________________________________________
>> Owasp-board mailing list
>> Owasp-board at lists.owasp.org
>> https://lists.owasp.org/mailman/listinfo/owasp-board
> 
> 
> 
> -- 
> OWASP ZAP Project leader
> _______________________________________________
> Owasp-board mailing list
> Owasp-board at lists.owasp.org
> https://lists.owasp.org/mailman/listinfo/owasp-board
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/owasp-board/attachments/20151126/86c4a8a9/attachment.html>


More information about the Owasp-board mailing list