[Owasp-leaders] Proposing new guidelines to start code/tool projects
psiinon at gmail.com
Wed Aug 27 07:53:50 UTC 2014
As someone who created a new OWASP project rather than contribute to the
established one, I completely agree with that :)
I also like the idea of announcing new project ideas to solicit feedback
from the community.
On Tue, Aug 26, 2014 at 10:48 PM, Tobias <tobias.gondrom at owasp.org> wrote:
> it is always good to check whether there is already a project that does
> the same thing.
> And coordination has a lot of benefits.
> However, having said that, there is also a strength in competition and
> freedom through forking in open source as well. E.g. if another project
> lead is letting his project go inactive or following a different flavour
> that you think is not the best solution, it is a viable approach to "fork"
> and start a new project with a new crew instead of e.g. trying to twist an
> existing project team or revive a zombie under an inactive project lead.
> Sometimes a little competition can do wonders. Allowing the "may the best
> idea win" strategy.
> Personally, I would not want to limit any project team in its choice.
> However, it would make sense to make sure that people are aware of what is
> out there and whether it is still truly active. Otherwise you may face that
> problem by accident. Our 160 projects is a huge number to go through just
> to find out whether what you want to do already has a team working on it
> and whether it is really active. We could try to make this easier with an
> uptodate project inventory with some kind of current status data.
> Btw. one approach for that, would be to post new project ideas to the
> community list and invite project contributors from the wider community to
> join the team. And hopefully people could join the cause, shape the project
> plan together and also share information about what is already out there.
> Just my 2cents.
> On 26/08/14 17:42, johanna curiel curiel wrote:
> Helping to extend an existing project is often much easier and more useful
> than starting a completely new one...
> Yes, we need to unify forces serving the same purpose, it makes it
> easier for everyone.
> We need to review carefully the submission of new projects so we can guide
> new potential project leaders into exisiting projects and they should take
> the time to verify if they revive an inactive one, join forces with
> existing one or starting a new one, especially document projects seem to
> suffer more of this issue(many treating the same subject almost
> identically) than tools or code projects
> On Tuesday, August 26, 2014, psiinon <psiinon at gmail.com> wrote:
>> I'm in favor of this as well.
>> A slightly related point - in this industry we do seem to suffer a lot
>> from NIH (Not Invented Here, for non native English speakers).
>> When someone proposes a new project can we ask them to check that there
>> isnt already a related OWASP project?
>> Helping to extend an existing project is often much easier and more
>> useful than starting a completely new one...
>> On Mon, Aug 25, 2014 at 8:07 AM, Munir Njiru <munir.njiru at owasp.org>
>>> I totally agree with that idea
>>> On Thu, Aug 21, 2014 at 8:30 PM, johanna curiel curiel <
>>> johanna.curiel at owasp.org> wrote:
>>>> After reviewing the entire list of code and tool projects , from
>>>> incubator to labs and flagship I have observed a main issue: Many projects
>>>> start without a single line of code, a binary or executable version of a
>>>> This really creates an 'empty' list of projects(more than 50 projects
>>>> were empty) that never launched or released a single line of code.
>>>> At OWASP we don't have an army of volunteers or paid staff to keep up
>>>> monitoring and maintain this, therefore I'm proposing a new guideline to
>>>> solve this issue. Anyone who wishes to start a project(tool/code) must have
>>>> at least:
>>>> -An open source repository
>>>> -At least some code written
>>>> The bar is low to allow development, but I think that any code/tool
>>>> project must have at least this in order to be consider incubator.
>>>> Let me know your thoughts and we can add this to the guidelines
>>>> OWASP-Leaders mailing list
>>>> OWASP-Leaders at lists.owasp.org
>>> Munir Njenga,
>>> OWASP Chapter Leader (Kenya) || Information Security Consultant ||
>>> Mob (KE) +254 (0) 734960670 <%2B254%20%280%29%20734960670>
>>> Chapter Page: www.owasp.org/index.php/Kenya
>>> Email: munir.njiru at owasp.org
>>> Facebook: https://www.facebook.com/OWASP.Kenya
>>> Mailing List: https://lists.owasp.org/mailman/listinfo/owasp-Kenya
>>> OWASP-Leaders mailing list
>>> OWASP-Leaders at lists.owasp.org
>> OWASP ZAP <https://www.owasp.org/index.php/ZAP> Project leader
> OWASP-Leaders mailing listOWASP-Leaders at lists.owasp.orghttps://lists.owasp.org/mailman/listinfo/owasp-leaders
OWASP ZAP <https://www.owasp.org/index.php/ZAP> Project leader
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the OWASP-Leaders