[Owasp-leaders] Proposing new guidelines to start code/tool projects

psiinon psiinon at gmail.com
Wed Aug 27 07:53:50 UTC 2014


As someone who created a new OWASP project rather than contribute to the
established one, I completely agree with that :)
I also like the idea of announcing new project ideas to solicit feedback
from the community.

Cheers,

Simon


On Tue, Aug 26, 2014 at 10:48 PM, Tobias <tobias.gondrom at owasp.org> wrote:

>  Hm,
>
> it is always good to check whether there is already a project that does
> the same thing.
> And coordination has a lot of benefits.
>
> However, having said that, there is also a strength in competition and
> freedom through forking in open source as well. E.g. if another project
> lead is letting his project go inactive or following a different flavour
> that you think is not the best solution, it is a viable approach to "fork"
> and start a new project with a new crew instead of e.g. trying to twist an
> existing project team or revive a zombie under an inactive project lead.
> Sometimes a little competition can do wonders. Allowing the "may the best
> idea win" strategy.
>
> Personally, I would not want to limit any project team in its choice.
> However, it would make sense to make sure that people are aware of what is
> out there and whether it is still truly active. Otherwise you may face that
> problem by accident. Our 160 projects is a huge number to go through just
> to find out whether what you want to do already has a team working on it
> and whether it is really active. We could try to make this easier with an
> uptodate project inventory with some kind of current status data.
>
> Btw. one approach for that, would be to post new project ideas to the
> community list and invite project contributors from the wider community to
> join the team. And hopefully people could join the cause, shape the project
> plan together and also share information about what is already out there.
>
> Just my 2cents.
>
> Tobias
>
>
>
>
> On 26/08/14 17:42, johanna curiel curiel wrote:
>
>
> Helping to extend an existing project is often much easier and more useful
> than starting a completely new one...
>
>  Yes, we need to unify forces serving the same purpose, it makes it
> easier for everyone.
> We need to review carefully the submission of new projects so we can guide
> new potential project leaders into exisiting projects and they should take
> the time to verify if they revive an inactive one, join forces with
> existing one or starting a new one, especially document projects seem to
> suffer more of this issue(many treating the same subject almost
> identically) than tools or code projects
>
>
>  Regards
>
>  Johanna
>
> On Tuesday, August 26, 2014, psiinon <psiinon at gmail.com> wrote:
>
>>   I'm in favor of this as well.
>>
>>  A slightly related point - in this industry we do seem to suffer a lot
>> from NIH (Not Invented Here, for non native English speakers).
>>  When someone proposes a new project can we ask them to check that there
>> isnt already a related OWASP project?
>>  Helping to extend an existing project is often much easier and more
>> useful than starting a completely new one...
>>
>>  Cheers,
>>
>> Simon
>>
>>
>> On Mon, Aug 25, 2014 at 8:07 AM, Munir Njiru <munir.njiru at owasp.org>
>> wrote:
>>
>>> I totally agree with that idea
>>>
>>>
>>>   On Thu, Aug 21, 2014 at 8:30 PM, johanna curiel curiel <
>>> johanna.curiel at owasp.org> wrote:
>>>
>>>>  Leaders
>>>>
>>>>  After reviewing the entire list of code and tool projects , from
>>>> incubator to labs and flagship I have observed a main issue: Many projects
>>>> start without a single line of code, a binary or executable version of a
>>>> program.
>>>>
>>>>  This really creates an 'empty' list of projects(more than 50 projects
>>>> were empty) that never launched or released a single line of code.
>>>>
>>>>  At OWASP we don't have an army of volunteers or paid staff to keep up
>>>> monitoring and maintain this, therefore I'm proposing a new guideline to
>>>> solve this issue. Anyone who wishes to start a project(tool/code) must have
>>>> at least:
>>>> -An open source repository
>>>> -At least some code written
>>>>
>>>>  The bar is low to allow development, but I think that any code/tool
>>>> project must have at least this in order to be consider incubator.
>>>>
>>>>  Let me know your thoughts and we can add this to the guidelines
>>>>
>>>>  Regards
>>>>
>>>>  Johanna
>>>>
>>>>  _______________________________________________
>>>> OWASP-Leaders mailing list
>>>> OWASP-Leaders at lists.owasp.org
>>>> https://lists.owasp.org/mailman/listinfo/owasp-leaders
>>>>
>>>>
>>>
>>>
>>> --
>>>  Munir Njenga,
>>> OWASP Chapter Leader (Kenya) || Information Security Consultant ||
>>> Developer
>>> Mob   (KE) +254 (0) 734960670 <%2B254%20%280%29%20734960670>
>>>
>>> =============================
>>>  Chapter Page: www.owasp.org/index.php/Kenya
>>>  Email: munir.njiru at owasp.org
>>>  Facebook: https://www.facebook.com/OWASP.Kenya
>>>  Mailing List: https://lists.owasp.org/mailman/listinfo/owasp-Kenya
>>>
>>>
>>> _______________________________________________
>>> OWASP-Leaders mailing list
>>> OWASP-Leaders at lists.owasp.org
>>> https://lists.owasp.org/mailman/listinfo/owasp-leaders
>>>
>>>
>>
>>
>> --
>> OWASP ZAP <https://www.owasp.org/index.php/ZAP> Project leader
>>
>
>
> _______________________________________________
> OWASP-Leaders mailing listOWASP-Leaders at lists.owasp.orghttps://lists.owasp.org/mailman/listinfo/owasp-leaders
>
>
>


-- 
OWASP ZAP <https://www.owasp.org/index.php/ZAP> Project leader
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/owasp-leaders/attachments/20140827/552d9b67/attachment-0001.html>


More information about the OWASP-Leaders mailing list