[Owasp-leaders] Owasp projects reboot

Eoin eoin.keary at owasp.org
Mon Apr 2 18:20:04 UTC 2012


Yep totally agree. 
I feel as a board member we are loosing touch a little with our core purpose. To that end I am looking for $70k to reboot projects at the board meeting. I shall share the proposal with you all this week.


Eoin Keary
BCC Risk Advisory
Owasp Global Board
+353 87 977 2988


On 2 Apr 2012, at 17:11, Lucas Ferreira <lucas at sapao.net> wrote:

> Eoin,
> 
> I agree that projects are important and have been worried for some
> time now as I see OWASP giving more importance to chapters than
> projects. We have lots of ways chapters can get funding and support
> and do not make the same for projects.
> 
> I really think there is something wrong when I look at
> https://docs.google.com/spreadsheet/pub?hl=en_US&hl=en_US&key=0Atu4kyR3ljftdEdQWTczbUxoMUFnWmlTODZ2ZFZvaXc&output=html
> and see that chapters have 152K+ of available funds and projects have
> less than 4K.
> 
> I also worry when I see that the membership form lists all chapters
> but not projects. I don't even know how to donate 40% of my membership
> dues to a project.
> 
> To conclude, I think OWASP needs to empower project leaders and
> provide funding to project leaders. As a former chapter leader and a
> project leader, my experience is that it was always easier to get
> funding for chapter activities than for project activities. So, I
> think the problem is not only rebooting some flagship projects, OWASP
> needs more focus on projects in general, including funding.
> 
> Best regards,
> 
> Lucas
> 
> On Sat, Mar 31, 2012 at 13:57, Eoin <eoin.keary at owasp.org> wrote:
>> Tobias, leaders,
>> I've had 12 responses but there are circa 200 on the list.....
>> Anyone else care to chime in.
>> This initiative is vitally important for the foundation, I need to hear more ideas and thoughts.... It's up to you to help decide....be relevant or die :)
>> 
>> 
>> 
>> Eoin Keary
>> BCC Risk Advisory
>> Owasp Global Board
>> +353 87 977 2988
>> 
>> 
>> On 31 Mar 2012, at 18:51, Tobias <tobias.gondrom at owasp.org> wrote:
>> 
>>> Hey Eoin,
>>> thanks for the clarification. That's good, because we have so many cool (and really useful out of the box) projects beyond the Top-10 (e.g. "Secure Coding Practices - Quick Reference Guide" (note: this project name is just too long ;-) and the cheat sheets) and many times when I present to / talk with people, many still don't know about them. So, I believe we could indeed improve our rollout/outward message a bit.
>>> Cheers, Tobias
>>> 
>>> 
>>> On 31/03/12 18:43, Eoin wrote:
>>>> Hey Tobias,
>>>> I suppose I should say funding can include marketing of a project, not simply development etc
>>>> The idea is for people to use our projects. Awareness, promotion, dev etc is exactly what we need to do.
>>>> So if a project is mature we can invest in promotion etc.
>>>> The table is open...,,
>>>> 
>>>> Eoin Keary
>>>> BCC Risk Advisory
>>>> Owasp Global Board
>>>> +353 87 977 2988
>>>> 
>>>> 
>>>> On 31 Mar 2012, at 17:06, Tobias<tobias.gondrom at owasp.org>  wrote:
>>>> 
>>>>> Hi Eoin,
>>>>> 
>>>>> hm, interesting question.
>>>>> 
>>>>> Maybe before I answer, two remarks:
>>>>> - on a strategic level I would like to see us strengthen more the projects aimed at developers and industry (as this is where our expertise can scale up to the millions of applications out there...).
>>>>> - some of the projects that I find very important do not always require big funding but sometimes maybe only a bit more marketing. Funding does not drive the project, but people do. Though obviously money helps. ;-)
>>>>> 
>>>>> The top 6 projects I really like are:
>>>>> 1. OWASP Secure Coding Practices - Quick Reference Guide  (but I don't think it needs funding, only more marketing from us!)
>>>>> 2. OWASP Top Ten (this may sound boring, but we should start working on an update 2012 soon!) =>  and we should think about other Top-10s (for mobile applications and cloud web applications). People are gonna love that. ;-)
>>>>> 3. Cheat Sheets: =>  updates
>>>>> 4. OWASP Development Guide: update  (though I am concerned about this project as it is huge and possibly hard to handle from a project management as well as from an end user/reader perspective.)
>>>>> 5. WebGoat (don't think we need lot of investment here, as it is already very useful)
>>>>> 6. OWASP AppSensor Project: this project does not necessarily have a big lighthouse effect for OWASP, but it is so innovative, that I just love the idea! (things to do might be lighter and specific deployment package by reducing dependency on ESAPI, integration into reporting collection&consolidation systems, ...)
>>>>> 
>>>>> Just my 5cents, Tobias
>>>>> 
>>>>> 
>>>>> On 31/03/12 15:31, Dennis Groves, MSc wrote:
>>>>>> +1
>>>>>> 
>>>>>> On 31 Mar 2012, at 14:46, Jim Manico wrote:
>>>>>> 
>>>>>>> Yah Eoin, I have a real problem with being vocal... *cough*
>>>>>>> 
>>>>>>> Anyhow. I think we should reduce scope a little here. I say, let's just focus on the three main guides for pass one and see how that goes before further investment. These three really are the core of OWASP and they are crusty at best.
>>>>>>> 
>>>>>>> Testing guide
>>>>>>> Development Guide
>>>>>>> Code Review Guide
>>>>>>> 
>>>>>>> That's my 2 cents. You asked! :D
>>>>>>> 
>>>>>>> Aloha Eoin and team,
>>>>>>> --
>>>>>>> Jim Manico
>>>>>>> 
>>>>>>> Connections Committee Chair
>>>>>>> Cheatsheet Series Product Manager
>>>>>>> OWASP Podcast Producer/Host
>>>>>>> 
>>>>>>> jim at owasp.org
>>>>>>> www.owasp.org
>>>>>>>> Thanks jim,
>>>>>>>> Leaders let ur voice be heard.
>>>>>>>> 
>>>>>>>> 
>>>>>>>> I'll compile votes on tuesday and announce which projects make the initial cut for the first round of funding&   reboot!!!!
>>>>>>>> 
>>>>>>>> These projects shall be included in the proposal for the board.
>>>>>>>> 
>>>>>>>> Leaders, I ask you all to support this initiative.
>>>>>>>> 
>>>>>>>> "we are nothing without our projects"
>>>>>>>> 
>>>>>>>> 
>>>>>>>> 
>>>>>>>> Eoin Keary
>>>>>>>> BCC Risk Advisory
>>>>>>>> Owasp Global Board
>>>>>>>> +353 87 977 2988
>>>>>>>> 
>>>>>>>> 
>>>>>>>> On 31 Mar 2012, at 13:56, Jim Manico<jim at manico.net>   wrote:
>>>>>>>> 
>>>>>>>>> My vote:
>>>>>>>>> 
>>>>>>>>> Testing guide
>>>>>>>>> Development Guide
>>>>>>>>> Code Review Guide
>>>>>>>>> App Sensor
>>>>>>>>> ZAP
>>>>>>>>> Cheet Sheets
>>>>>>>>> 
>>>>>>>>> --
>>>>>>>>> Jim Manico
>>>>>>>>> 
>>>>>>>>> Connections Committee Chair
>>>>>>>>> Cheatsheet Series Product Manager
>>>>>>>>> OWASP Podcast Producer/Host
>>>>>>>>> 
>>>>>>>>> jim at owasp.org
>>>>>>>>> www.owasp.org
>>>>>>>>> 
>>>>>>>>>> Hello leaders,
>>>>>>>>>> I am developing a proposal to be put to the board next week in relation to rebooting a number of dormant owasp projects or improving current owasp projects to "production quality" items.
>>>>>>>>>> 
>>>>>>>>>> Question: May I kindly ask what projects do you think are the 6 most important projects within the foundation???
>>>>>>>>>> 
>>>>>>>>>> Can you respond with your top 6 by Monday, sorry for being demanding :)
>>>>>>>>>> 
>>>>>>>>>> (My choices are: testing guide, development guide, code review guide, O2, Zap, cheat sheets.)
>>>>>>>>>> 
>>>>>>>>>> "we are nothing without our projects."
>>>>>>>>>> 
>>>>>>>>>> Eoin.
>>>>>>>>>> 
>>>>>>>>>> 
>>>>>>>>>> Eoin Keary
>>>>>>>>>> Owasp Global Board
>>>>>>>>>> +353 87 977 2988
>>>>>>>>>> 
>>>>>>>>>> _______________________________________________
>>>>>>>>>> OWASP-Leaders mailing list
>>>>>>>>>> OWASP-Leaders at lists.owasp.org
>>>>>>>>>> https://lists.owasp.org/mailman/listinfo/owasp-leaders
>>>>>>> 
>>>>>>> 
>>>>>>> _______________________________________________
>>>>>>> OWASP-Leaders mailing list
>>>>>>> OWASP-Leaders at lists.owasp.org
>>>>>>> https://lists.owasp.org/mailman/listinfo/owasp-leaders
>>>>>> 
>>>>> _______________________________________________
>>>>> OWASP-Leaders mailing list
>>>>> OWASP-Leaders at lists.owasp.org
>>>>> https://lists.owasp.org/mailman/listinfo/owasp-leaders
>>> 
>> _______________________________________________
>> OWASP-Leaders mailing list
>> OWASP-Leaders at lists.owasp.org
>> https://lists.owasp.org/mailman/listinfo/owasp-leaders
> 
> 
> 
> -- 
> Homo sapiens non urinat in ventum.


More information about the OWASP-Leaders mailing list