[Owasp-leaders] Incubator

Sethi, Rohit rohit at securitycompass.com
Thu Apr 7 13:20:05 EDT 2011

This is great - sorry I seemed to have missed this the first time around

Rohit Sethi
Vice President, Product Development
Security Compass & SD Elements
Twitter: rksethi

From: Jason Li [mailto:jason.li at owasp.org]
Sent: Thursday, April 07, 2011 1:17 PM
To: Sethi, Rohit
Cc: owasp-leaders at lists.owasp.org
Subject: Re: [Owasp-leaders] Incubator


As Chris mentioned, the Projects Committee is currently pursuing exactly this type of breakdown (modeled after the Apache software lifecycle).

See this thread: https://lists.owasp.org/pipermail/owasp-leaders/2011-March/004901.html for some background and this diagram (which is slightly out of date but I don't have a link to anything more recent at the moment): http://www.owasp.org/images/c/cd/GPCProjectLifecycleWorkflow.png

We're hoping to be able to bootstrap this process into our existing projects stream by end of the year.

On Thu, Apr 7, 2011 at 12:07 PM, Sethi, Rohit <rohit at securitycompass.com<mailto:rohit at securitycompass.com>> wrote:
Hi all, one challenge a few people have articulated over the years is that there are too many OWASP projects and their quality varies dramatically. One way the committees have addresses this is to create the concept of "Alpha", "Beta", and "Release" quality projects with specific gating criteria for each. I think this is a good first step, but it's still challenging for people to determine which projects are really usable and which ones are experimental in the OWASP site.

Some people have argued that we should simply contract and focus on a few major projects. I respectfully disagree - it alienates hard working volunteers and potentially stifles innovation. On the other hand, there is something to be said about good information hiding and not overwhelming the site's users.

I know that there's an ongoing project to redesign the OWASP site. Maybe as part of that redesign we can suggest breaking the projects into "production" and "incubator"? This is basically mirroring the Apache project process: http://incubator.apache.org/ . All new projects would start in the incubator and would be promoted to the production site based on some criteria, such as actual usage.

BTW, I'm still waiting on hearing back from Jacob Kaplan-Moss about the security advisory list. I'll get back to you when I have some feedback.

Rohit Sethi
Vice President, Product Development
Security Compass & SD Elements
Twitter: rksethi

The information in this email is confidential and may be legally privileged. Access to this email by anyone other than the intended addressee is unauthorized.  If you are not the intended recipient of this message, any review, disclosure, copying, distribution, retention, or any action taken or omitted to be taken in reliance on it is prohibited and may be unlawful. If you are not the intended recipient, please reply to or forward a copy of this message to the sender and delete the message, any attachments, and any copies thereof from your system.

OWASP-Leaders mailing list
OWASP-Leaders at lists.owasp.org<mailto:OWASP-Leaders at lists.owasp.org>

-------------- next part --------------
An HTML attachment was scrubbed...
URL: https://lists.owasp.org/pipermail/owasp-leaders/attachments/20110407/200e6230/attachment-0001.html 

More information about the OWASP-Leaders mailing list