[Owasp-leaders] Proposing new guidelines to start code/tool projects

johanna curiel curiel johanna.curiel at owasp.org
Thu Aug 21 21:30:48 UTC 2014

Yes, we need to redefine the Project documentation for sure, and I'm
willing to help on this.

Unfortunately some projects didn't produce anything after 2 years or more.
Some projects also started with a very vague idea that never got
concrete.They never even updated properly their WIKI page with a simple

Nothing stops someone to develop their open source projects but starting an
OWASP project and maintaining an inventory, especially when volunteers have
shown almost no interest to review projects, is hard to maintain, as a
result we had a big inventory with empty projects.

I feel people willing to start a project have to realize that it takes more
than a simple idea to make it happen. An empty wiki page is not a project,
is just an idea of a project.

For this part, I'm planning to propose something called 'The Sandbox'
basically an Idea box, where people can provide their ideas for projects.
This is a nice way to share interesting concepts.Also, during a project
summit we can have a workshop call 'OWASP CyberSecurity Project Startup
accelerator' just as done with Startups and produce some concrete
code/documentation at the end of the workshop.

On Thu, Aug 21, 2014 at 5:14 PM, Josh Sokol <josh.sokol at owasp.org> wrote:

> I like the idea.  One thing to keep in mind though is that this may force
> us to change the definition of an "incubator" project as the current
> definition gives a project leader in this stage one year to produce a draft
> or development release (
> https://www.owasp.org/index.php/OWASP_Project_Stages#tab=Incubator_Projects).
> The problem is that while we say we're going to go back and remove the ones
> who don't accomplish this, I'm not sure if we ever really have done that in
> the past and so they linger on and on...
> ~josh
> On Thu, Aug 21, 2014 at 12:30 PM, johanna curiel curiel <
> johanna.curiel at owasp.org> wrote:
>> Leaders
>> After reviewing the entire list of code and tool projects , from
>> incubator to labs and flagship I have observed a main issue: Many projects
>> start without a single line of code, a binary or executable version of a
>> program.
>> This really creates an 'empty' list of projects(more than 50 projects
>> were empty) that never launched or released a single line of code.
>> At OWASP we don't have an army of volunteers or paid staff to keep up
>> monitoring and maintain this, therefore I'm proposing a new guideline to
>> solve this issue. Anyone who wishes to start a project(tool/code) must have
>> at least:
>> -An open source repository
>> -At least some code written
>> The bar is low to allow development, but I think that any code/tool
>> project must have at least this in order to be consider incubator.
>> Let me know your thoughts and we can add this to the guidelines
>> Regards
>> Johanna
>> _______________________________________________
>> OWASP-Leaders mailing list
>> OWASP-Leaders at lists.owasp.org
>> https://lists.owasp.org/mailman/listinfo/owasp-leaders
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/owasp-leaders/attachments/20140821/03d4a3b7/attachment.html>

More information about the OWASP-Leaders mailing list