<div dir="ltr"><div><div>The GSOC org admin has nothing to do with funding or deciding who gets the slots. Last year all projects got the slots they asked for apart from Hackademic who got one less.<br><br></div>Anyway I really like the way this conversation is going, with all the brainstorming and the ideas that are being proposed. I would suggest that Fabio or another volunteer (since apparently there is a consensus that I have a conflict of interest) puts together a proposal and then the board can decide and vote on the fund allocation. Several leaders have already expressed interest to support a program similar to GSoC so my opinion is that it will be of benefit for the community.<br><br></div>Kostas<br></div><div class="gmail_extra"><br><div class="gmail_quote">On Wed, Mar 4, 2015 at 5:16 PM, Tobias <span dir="ltr"><<a href="mailto:tobias.gondrom@owasp.org" target="_blank">tobias.gondrom@owasp.org</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
  
    
  
  <div text="#000000" bgcolor="#FFFFFF">
    <div>I agree with Jim. on that even just the
      perception of conflict of interest must be avoided. <br>
      Conflicts of interest are very hard to understand from the outside
      with limited transparency and information about the internal
      workings of a process. So even though I trust that all parties
      will do their best to decide objectively, a person should never be
      in the position of power to decide on his own funding. <br>
      <br>
      I am confident that we can decouple the process from the actual
      selection committee and have an independent selection committee,
      managed by staff and un-biased members from the community. <br>
      <br>
      Just my 2cents. <br>
      <br>
      Cheers, Tobias<div><div class="h5"><br>
      <br>
      <br>
      On 04/03/15 09:48, Jim Manico wrote:<br>
    </div></div></div><div><div class="h5">
    <blockquote type="cite">
      
      <div>I agree with where Josh and Johanna are coming from. We need
        to avoid even the •appearance• of inappropriate actions. Having
        an objective staff member running programs like this is a
        critical aspect to funding major programs in a fair way.</div>
      <div><br>
      </div>
      <div>Look, this goes for me to. Paul has been asking me a lot of
        pointed questions regarding my own OWASP related travel requests
        and I'm •very• glad he is doing just that.</div>
      <div><br>
      </div>
      <div>Regards,<br>
        <div>--</div>
        <div>Jim Manico</div>
        <div>@Manicode</div>
        <div>(808) 652-3805</div>
      </div>
      <div><br>
        On Mar 3, 2015, at 3:08 PM, Josh Sokol <<a href="mailto:josh.sokol@owasp.org" target="_blank">josh.sokol@owasp.org</a>>
        wrote:<br>
        <br>
      </div>
      <blockquote type="cite">
        <div>
          <div dir="ltr">
            <div>Personally, I would feel much more comfortable
              assigning the administrative duties to an OWASP Foundation
              employee in this situation.  Preferably whoever we end up
              hiring for the new Projects Coordinator position (which
              should hopefully happen soon).  Even with the open and
              transparent nature of the process that we had last year,
              we still had a complaint about the process being unfair
              because of Kostas running point and also having a project
              involved.  This shouldn't be about fairness or trust, it
              should be about creating a program where nobody can claim
              shenanigans because those in charge are unbiased.  It's
              not fair to Kostas to be put in that position; even if
              it's something he is willingly volunteering for.  If there
              is even a hint of a conflict of interest, which I believe
              there is, then that should be removed.  I think that we
              should let Kostas focus on being a project leader and a
              student mentor and apply other resources to managing the
              program.<br>
              <br>
            </div>
            ~josh<br>
          </div>
          <div class="gmail_extra"><br>
            <div class="gmail_quote">On Tue, Mar 3, 2015 at 4:46 PM,
              Konstantinos Papapanagiotou <span dir="ltr"><<a href="mailto:Konstantinos@owasp.org" target="_blank">Konstantinos@owasp.org</a>></span>
              wrote:<br>
              <blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">I'm
                afraid I'll have to strongly disagree with this. As an
                org admin I did not review any proposal or endorsed
                any project. My role is simply to ensure the fairness of
                the entire process and make sure everything runs
                smoothly. Also, Fabio is there as co-admin to make sure
                there are no conflicts. In fact I did everything in a
                really open and transparent manner and if you check last
                years slots you will realize that hackademic got less
                than it deserved.
                <div><br>
                </div>
                <div>Johanna as you very well know we had other members
                  of our community who tried to abuse the selection
                  process and at the same time were making a huge fuss
                  about this. I'm really surprised (and a bit offended)
                  that you suggest that hackademic should be excluded
                  and not those projects.</div>
                <div><br>
                </div>
                <div>In any case I do not intend to go on with this
                  discussion. If the community or the board feels that
                  I'm not fair with everyone or that there is such a COI
                  I will step down so that hackademic can participate.</div>
                <div><br>
                </div>
                <div>Kostas</div>
                <div>
                  <div>
                    <div><span></span><br>
                      <br>
                      On Wednesday, March 4, 2015, johanna curiel curiel
                      <<a href="mailto:johanna.curiel@owasp.org" target="_blank">johanna.curiel@owasp.org</a>>
                      wrote:<br>
                      <blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
                        <div dir="ltr">Hi Fabio
                          <div><br>
                            I think we should agree that in this case
                            Kostas project (hackademics) cannot
                            participate in this initiative</div>
                          <div>It seems to me as a conflict of interest</div>
                          <div><br>
                          </div>
                          <div>Mentors cannot be the ones monitoring or
                            reviewing the process for transparency</div>
                          <div><br>
                          </div>
                          <div>regards</div>
                          <div><br>
                          </div>
                          <div>Johanna</div>
                        </div>
                        <div class="gmail_extra"><br>
                          <div class="gmail_quote">On Tue, Mar 3, 2015
                            at 6:00 PM, Fabio Cerullo <span dir="ltr"><<a>fcerullo@owasp.org</a>></span>
                            wrote:<br>
                            <blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
                              <div style="word-wrap:break-word">Guys
                                <div><br>
                                </div>
                                <div>This is a pretty well mature
                                  process at Google and would recommend
                                  following a similar approach. </div>
                                <div><br>
                                </div>
                                <div>Here is their FAQ:</div>
                                <div><br>
                                </div>
                                <div><a href="https://www.google-melange.com/gsoc/document/show/gsoc_program/google/gsoc2015/help_page" target="_blank">https://www.google-melange.com/gsoc/document/show/gsoc_program/google/gsoc2015/help_page</a></div>
                                <div><br>
                                </div>
                                <div>All suggestions below could be
                                  implemented or have been implemented
                                  already as part of OWASP GSOC.</div>
                                <div><br>
                                </div>
                                <div><a href="https://www.owasp.org/index.php/GSoC" target="_blank">https://www.owasp.org/index.php/GSoC</a></div>
                                <div><br>
                                </div>
                                <div>Bear in mind this initiative needs
                                  to be lined up during the students
                                  summer holidays.</div>
                                <div><br>
                                </div>
                                <div>I’m including Kostas who has been
                                  the org admin for the last two years.</div>
                                <div><br>
                                </div>
                                <div>Regards,</div>
                                <div><br>
                                </div>
                                <div>Fabio</div>
                                <div>
                                  <div>
                                    <div><br>
                                      <div>
                                        <blockquote type="cite">
                                          <div>On 3 Mar 2015, at 21:30,
                                            johanna curiel curiel <<a>johanna.curiel@owasp.org</a>>
                                            wrote:</div>
                                          <br>
                                          <div>
                                            <div dir="ltr">
                                              <ul style="font-size:12.8000001907349px">
                                                <li style="margin-left:15px">Have
                                                  a formal selection
                                                  process with ideally a
                                                  committee of leaders
                                                  making the selections</li>
                                                <li style="margin-left:15px">Those
                                                  involved in the
                                                  selection process
                                                  cannot also submit</li>
                                                <li style="margin-left:15px">Those
                                                  involved in the
                                                  selection process are
                                                  also responsible for
                                                  assessing completion<br>
                                                </li>
                                                <li style="margin-left:15px">All
                                                  work produced is
                                                  provided under the
                                                  same open source
                                                  license as the project</li>
                                              </ul>
                                              <div><span style="font-size:12.8000001907349px">This
                                                  is very important.
                                                  Neutrality and
                                                  transparency who can
                                                  get selected and who
                                                  does not</span></div>
                                              <div><span style="font-size:12.8000001907349px"><br>
                                                </span></div>
                                              <div><span style="font-size:12.8000001907349px">Also
                                                  keep in mind there are
                                                  projects that are
                                                  inactive and have used
                                                  Gsoc as a way to
                                                  revive</span></div>
                                              <div><span style="font-size:12.8000001907349px"><br>
                                                </span></div>
                                              <div><span style="font-size:12.8000001907349px">A
                                                  criteria should be
                                                  clearly established to
                                                  avoid
                                                  any misunderstandings and
                                                  abuses</span></div>
                                              <div><span style="font-size:12.8000001907349px"><br>
                                                </span></div>
                                              <div><span style="font-size:12.8000001907349px">I
                                                  keep
                                                  on remembering that
                                                  getting the Gsoc slots
                                                  has been an on going
                                                  discussion among
                                                  participating project
                                                  leaders</span></div>
                                              <div><span style="font-size:12.8000001907349px"><br>
                                                </span></div>
                                              <div><span style="font-size:12.8000001907349px">regards</span></div>
                                              <div><span style="font-size:12.8000001907349px"><br>
                                                </span></div>
                                              <div><span style="font-size:12.8000001907349px">Johanna</span></div>
                                            </div>
                                            <div class="gmail_extra"><br>
                                              <div class="gmail_quote">On
                                                Tue, Mar 3, 2015 at 4:30
                                                PM, Jim Manico <span dir="ltr"><<a>jim.manico@owasp.org</a>></span>
                                                wrote:<br>
                                                <blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
                                                  <div dir="auto">
                                                    <div>+1 I agree with
                                                      Joshs perspective
                                                      on this. I'd
                                                      personally vote no
                                                      if I had to make a
                                                      decision on these
                                                      funds today.<br>
                                                      <br>
                                                      <div>--</div>
                                                      <div>Jim Manico</div>
                                                      <div>@Manicode</div>
                                                      <div><a href="tel:%28808%29%20652-3805" value="+18086523805" target="_blank">(808)
                                                          652-3805</a></div>
                                                    </div>
                                                    <div>
                                                      <div>
                                                        <div><br>
                                                          On Mar 3,
                                                          2015, at 2:25
                                                          PM, Josh Sokol
                                                          <<a>josh.sokol@owasp.org</a>>
                                                          wrote:<br>
                                                          <br>
                                                        </div>
                                                        <blockquote type="cite">
                                                          <div>
                                                          <div dir="ltr">
                                                          <div>
                                                          <div>To some
                                                          extent, I
                                                          think this
                                                          gets back to
                                                          the "should
                                                          OWASP pay
                                                          people to work
                                                          on it's tools"
                                                          debate.  In my
                                                          personal
                                                          opinion, I
                                                          think that the
                                                          answer is
                                                          "yes",
                                                          provided that
                                                          we:<br>
                                                          <ul>
                                                          <li>Have a
                                                          pre-defined
                                                          scope for the
                                                          opportunity
                                                          with specific
                                                          milestones
                                                          required</li>
                                                          <li>Have a
                                                          pre-defined
                                                          award for
                                                          completing the
                                                          opportunity</li>
                                                          <li>Publicly
                                                          publish any
                                                          and all
                                                          opportunities
                                                          so that anyone
                                                          can express an
                                                          interest in
                                                          them<br>
                                                          </li>
                                                          <li>Have a
                                                          formal
                                                          selection
                                                          process with
                                                          ideally a
                                                          committee of
                                                          leaders making
                                                          the selections</li>
                                                          <li>Those
                                                          involved in
                                                          the selection
                                                          process cannot
                                                          also submit</li>
                                                          <li>Those
                                                          involved in
                                                          the selection
                                                          process are
                                                          also
                                                          responsible
                                                          for assessing
                                                          completion<br>
                                                          </li>
                                                          <li>All work
                                                          produced is
                                                          provided under
                                                          the same open
                                                          source license
                                                          as the project<br>
                                                          </li>
                                                          </ul>
                                                          </div>
                                                          If we have
                                                          agreement on
                                                          these points,
                                                          then I would
                                                          suggest
                                                          extending
                                                          Fabio's
                                                          proposal to be
                                                          a much broader
                                                          OWASP call for
                                                          ideas (not
                                                          just GSoC
                                                          submissions). 
                                                          Put a two week
                                                          limit on
                                                          submissions
                                                          and, once
                                                          expired, put
                                                          all reasonable
                                                          ideas
                                                          someplace
                                                          public. 
                                                          Submit a press
                                                          release
                                                          stating that
                                                          we are looking
                                                          for students
                                                          interested in
                                                          tackling these
                                                          challenges and
                                                          providing the
                                                          details.  As
                                                          long as this
                                                          is no longer
                                                          GSoC, then we
                                                          get to make up
                                                          our own rules,
                                                          and I think
                                                          that we should
                                                          take a step
                                                          back to
                                                          evaluate how
                                                          WE would want
                                                          this to work. 
                                                          What goal do
                                                          WE want to
                                                          accomplish
                                                          with this
                                                          initiative. 
                                                          I'm all for
                                                          allocating
                                                          $30k here, but
                                                          don't just
                                                          want it to be
                                                          OWASP's
                                                          rejected
                                                          rehashing of
                                                          GSoC.<br>
                                                          <br>
                                                          </div>
                                                          ~josh<br>
                                                          </div>
                                                          <div class="gmail_extra"><br>
                                                          <div class="gmail_quote">On
                                                          Tue, Mar 3,
                                                          2015 at 1:49
                                                          PM, Fabio
                                                          Cerullo <span dir="ltr"><<a>fcerullo@owasp.org</a>></span> wrote:<br>
                                                          <blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
                                                          <div style="word-wrap:break-word">Dear
                                                          all,
                                                          <div><br>
                                                          </div>
                                                          <div>As you
                                                          probably know
                                                          by now, we
                                                          have not been
                                                          accepted to
                                                          Google Summer
                                                          of Code this
                                                          year.</div>
                                                          <div><br>
                                                          </div>
                                                          <div>Usually,
                                                          this is a
                                                          major push for
                                                          projects
                                                          during the
                                                          year as
                                                          experienced by
                                                          ZAP, OWTF,
                                                          Appsensor,
                                                          Hackademics,
                                                          Seraphimdroid,
                                                          etc. For a
                                                          full list of
                                                          ideas in 2015
                                                          please check
                                                          the following
                                                          URL:</div>
                                                          <div><br>
                                                          </div>
                                                          <div><a href="https://www.owasp.org/index.php/GSoC2015_Ideas" target="_blank">https://www.owasp.org/index.php/GSoC2015_Ideas</a></div>
                                                          <div><br>
                                                          </div>
                                                          <div>In order
                                                          to keep the
                                                          momentum going
                                                          and progress
                                                          those
                                                          projects, I
                                                          would like to
                                                          request an
                                                          extraordinary
                                                          budget
                                                          allocation of
                                                          30K USD to
                                                          cover up to 10
                                                          student slots
                                                          at 3K each.
                                                          Usually Google
                                                          pays 5500 USD
                                                          per student
                                                          during GSOC.
                                                          We will use
                                                          the same
                                                          structure as
                                                          previous years
                                                          with Kostas/me
                                                          as org admins,
                                                          the project
                                                          leaders who
                                                          usually
                                                          participate in
                                                          GSOC (Core
                                                          team) will
                                                          pick the best
                                                          student
                                                          submissions
                                                          and then a
                                                          group of
                                                          dedicated
                                                          OWASP
                                                          volunteers who
                                                          every year act
                                                          as mentors for
                                                          the students.
                                                          We could
                                                          establish a
                                                          mid-term and
                                                          full term
                                                          evaluation
                                                          where if a
                                                          student is
                                                          failed
                                                          mid-term
                                                          he/she will
                                                          only receive
                                                          half the funds
                                                          (1500 USD). If
                                                          the student is
                                                          approved full
                                                          term, he/she
                                                          receives the
                                                          full amount
                                                          (3000 USD).</div>
                                                          <div><br>
                                                          </div>
                                                          <div>I
                                                          understand
                                                          this is a
                                                          non-planned
                                                          expenditure,
                                                          but
                                                          considering
                                                          the importance
                                                          of GSOC in the
                                                          last couple of
                                                          years to
                                                          progress OWASP
                                                          coding
                                                          projects, I
                                                          think is
                                                          imperative to
                                                          take some
                                                          action
                                                          considering
                                                          the current
                                                          scenario.</div>
                                                          <div><br>
                                                          </div>
                                                          <div>If you
                                                          have any
                                                          questions,
                                                          please let us
                                                          know.</div>
                                                          <div><br>
                                                          </div>
                                                          <div>Thanks</div>
                                                          <span><font color="#888888">
                                                          <div>Fabio</div>
                                                          </font></span></div>
                                                          <br>
_______________________________________________<br>
                                                          Owasp-board
                                                          mailing list<br>
                                                          <a>Owasp-board@lists.owasp.org</a><br>
                                                          <a href="https://lists.owasp.org/mailman/listinfo/owasp-board" target="_blank">https://lists.owasp.org/mailman/listinfo/owasp-board</a><br>
                                                          <br>
                                                          </blockquote>
                                                          </div>
                                                          <br>
                                                          </div>
                                                          </div>
                                                        </blockquote>
                                                        <blockquote type="cite">
                                                          <div><span>_______________________________________________</span><br>
                                                          <span>Owasp-board
                                                          mailing list</span><br>
                                                          <span><a>Owasp-board@lists.owasp.org</a></span><br>
                                                          <span><a href="https://lists.owasp.org/mailman/listinfo/owasp-board" target="_blank">https://lists.owasp.org/mailman/listinfo/owasp-board</a></span><br>
                                                          </div>
                                                        </blockquote>
                                                      </div>
                                                    </div>
                                                  </div>
                                                  <br>
_______________________________________________<br>
                                                  Owasp-board mailing
                                                  list<br>
                                                  <a>Owasp-board@lists.owasp.org</a><br>
                                                  <a href="https://lists.owasp.org/mailman/listinfo/owasp-board" target="_blank">https://lists.owasp.org/mailman/listinfo/owasp-board</a><br>
                                                  <br>
                                                </blockquote>
                                              </div>
                                              <br>
                                            </div>
_______________________________________________<br>
                                            Owasp-board mailing list<br>
                                            <a>Owasp-board@lists.owasp.org</a><br>
                                            <a href="https://lists.owasp.org/mailman/listinfo/owasp-board" target="_blank">https://lists.owasp.org/mailman/listinfo/owasp-board</a><br>
                                          </div>
                                        </blockquote>
                                      </div>
                                      <br>
                                    </div>
                                  </div>
                                </div>
                              </div>
                            </blockquote>
                          </div>
                          <br>
                        </div>
                      </blockquote>
                    </div>
                  </div>
                </div>
                <br>
                _______________________________________________<br>
                Owasp-board mailing list<br>
                <a href="mailto:Owasp-board@lists.owasp.org" target="_blank">Owasp-board@lists.owasp.org</a><br>
                <a href="https://lists.owasp.org/mailman/listinfo/owasp-board" target="_blank">https://lists.owasp.org/mailman/listinfo/owasp-board</a><br>
                <br>
              </blockquote>
            </div>
            <br>
          </div>
        </div>
      </blockquote>
      <blockquote type="cite">
        <div><span>_______________________________________________</span><br>
          <span>Owasp-board mailing list</span><br>
          <span><a href="mailto:Owasp-board@lists.owasp.org" target="_blank">Owasp-board@lists.owasp.org</a></span><br>
          <span><a href="https://lists.owasp.org/mailman/listinfo/owasp-board" target="_blank">https://lists.owasp.org/mailman/listinfo/owasp-board</a></span><br>
        </div>
      </blockquote>
      <br>
      <fieldset></fieldset>
      <br>
      <pre>_______________________________________________
Owasp-board mailing list
<a href="mailto:Owasp-board@lists.owasp.org" target="_blank">Owasp-board@lists.owasp.org</a>
<a href="https://lists.owasp.org/mailman/listinfo/owasp-board" target="_blank">https://lists.owasp.org/mailman/listinfo/owasp-board</a>
</pre>
    </blockquote>
    <br>
  </div></div></div>

<br>_______________________________________________<br>
Owasp-board mailing list<br>
<a href="mailto:Owasp-board@lists.owasp.org">Owasp-board@lists.owasp.org</a><br>
<a href="https://lists.owasp.org/mailman/listinfo/owasp-board" target="_blank">https://lists.owasp.org/mailman/listinfo/owasp-board</a><br>
<br></blockquote></div><br></div>