[Owasp-leaders] Proposing new guidelines to start code/tool projects

Tobias tobias.gondrom at owasp.org
Tue Aug 26 21:48:47 UTC 2014


Hm,

it is always good to check whether there is already a project that does 
the same thing.
And coordination has a lot of benefits.

However, having said that, there is also a strength in competition and 
freedom through forking in open source as well. E.g. if another project 
lead is letting his project go inactive or following a different flavour 
that you think is not the best solution, it is a viable approach to 
"fork" and start a new project with a new crew instead of e.g. trying to 
twist an existing project team or revive a zombie under an inactive 
project lead. Sometimes a little competition can do wonders. Allowing 
the "may the best idea win" strategy.

Personally, I would not want to limit any project team in its choice. 
However, it would make sense to make sure that people are aware of what 
is out there and whether it is still truly active. Otherwise you may 
face that problem by accident. Our 160 projects is a huge number to go 
through just to find out whether what you want to do already has a team 
working on it and whether it is really active. We could try to make this 
easier with an uptodate project inventory with some kind of current 
status data.

Btw. one approach for that, would be to post new project ideas to the 
community list and invite project contributors from the wider community 
to join the team. And hopefully people could join the cause, shape the 
project plan together and also share information about what is already 
out there.

Just my 2cents.

Tobias



On 26/08/14 17:42, johanna curiel curiel wrote:
>
> Helping to extend an existing project is often much easier and more 
> useful than starting a completely new one...
>
> Yes, we need to unify forces serving the same purpose, it makes it 
> easier for everyone.
> We need to review carefully the submission of new projects so we can 
> guide new potential project leaders into exisiting projects and they 
> should take the time to verify if they revive an inactive one, join 
> forces with existing one or starting a new one, especially 
> document projects seem to suffer more of this issue(many treating the 
> same subject almost identically) than tools or code projects
>
>
> Regards
>
> Johanna
>
> On Tuesday, August 26, 2014, psiinon <psiinon at gmail.com 
> <mailto:psiinon at gmail.com>> wrote:
>
>     I'm in favor of this as well.
>
>     A slightly related point - in this industry we do seem to suffer a
>     lot from NIH (Not Invented Here, for non native English speakers).
>     When someone proposes a new project can we ask them to check that
>     there isnt already a related OWASP project?
>     Helping to extend an existing project is often much easier and
>     more useful than starting a completely new one...
>
>     Cheers,
>
>     Simon
>
>
>     On Mon, Aug 25, 2014 at 8:07 AM, Munir Njiru
>     <munir.njiru at owasp.org
>     <javascript:_e(%7B%7D,'cvml','munir.njiru at owasp.org');>> wrote:
>
>         I totally agree with that idea
>
>
>         On Thu, Aug 21, 2014 at 8:30 PM, johanna curiel curiel
>         <johanna.curiel at owasp.org
>         <javascript:_e(%7B%7D,'cvml','johanna.curiel at owasp.org');>> wrote:
>
>             Leaders
>
>             After reviewing the entire list of code and tool projects
>             , from incubator to labs and flagship I have observed a
>             main issue: Many projects start without a single line of
>             code, a binary or executable version of a program.
>
>             This really creates an 'empty' list of projects(more than
>             50 projects were empty) that never launched or released a
>             single line of code.
>
>             At OWASP we don't have an army of volunteers or paid staff
>             to keep up monitoring and maintain this, therefore I'm
>             proposing a new guideline to solve this issue. Anyone who
>             wishes to start a project(tool/code) must have at least:
>             -An open source repository
>             -At least some code written
>
>             The bar is low to allow development, but I think that any
>             code/tool project must have at least this in order to be
>             consider incubator.
>
>             Let me know your thoughts and we can add this to the
>             guidelines
>
>             Regards
>
>             Johanna
>
>             _______________________________________________
>             OWASP-Leaders mailing list
>             OWASP-Leaders at lists.owasp.org
>             <javascript:_e(%7B%7D,'cvml','OWASP-Leaders at lists.owasp.org');>
>             https://lists.owasp.org/mailman/listinfo/owasp-leaders
>
>
>
>
>         -- 
>         Munir Njenga,
>         OWASP Chapter Leader (Kenya) || Information Security
>         Consultant || Developer
>         Mob   (KE) +254 (0) 734960670 <tel:%2B254%20%280%29%20734960670>
>
>         =============================
>         Chapter Page: www.owasp.org/index.php/Kenya
>         <https://www.owasp.org/index.php/Kenya>
>         Email: munir.njiru at owasp.org
>         <javascript:_e(%7B%7D,'cvml','munir.njiru at owasp.org');>
>         Facebook: https://www.facebook.com/OWASP.Kenya
>         Mailing List: https://lists.owasp.org/mailman/listinfo/owasp-Kenya
>
>
>         _______________________________________________
>         OWASP-Leaders mailing list
>         OWASP-Leaders at lists.owasp.org
>         <javascript:_e(%7B%7D,'cvml','OWASP-Leaders at lists.owasp.org');>
>         https://lists.owasp.org/mailman/listinfo/owasp-leaders
>
>
>
>
>     -- 
>     OWASP ZAP <https://www.owasp.org/index.php/ZAP> Project leader
>
>
>
> _______________________________________________
> OWASP-Leaders mailing list
> OWASP-Leaders at lists.owasp.org
> https://lists.owasp.org/mailman/listinfo/owasp-leaders

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/owasp-leaders/attachments/20140826/ff8f694d/attachment-0001.html>


More information about the OWASP-Leaders mailing list