[Owasp-leaders] R e: Proposing new guidelines to start code/tool projects

johanna curiel curiel johanna.curiel at owasp.org
Wed Aug 27 08:25:40 UTC 2014


Personally, I would not want to limit any project team in its choice.

Definetly not, but it is advisable to first take a look before starting one.

Right now we have around 150 inactive projects, so is a huge list, and
around 140 more or less active projects


On Wednesday, August 27, 2014, psiinon <psiinon at gmail.com> wrote:

> As someone who created a new OWASP project rather than contribute to the
> established one, I completely agree with that :)
> I also like the idea of announcing new project ideas to solicit feedback
> from the community.
>
> Cheers,
>
> Simon
>
>
> On Tue, Aug 26, 2014 at 10:48 PM, Tobias <tobias.gondrom at owasp.org
> <javascript:_e(%7B%7D,'cvml','tobias.gondrom at owasp.org');>> wrote:
>
>>  Hm,
>>
>> it is always good to check whether there is already a project that does
>> the same thing.
>> And coordination has a lot of benefits.
>>
>> However, having said that, there is also a strength in competition and
>> freedom through forking in open source as well. E.g. if another project
>> lead is letting his project go inactive or following a different flavour
>> that you think is not the best solution, it is a viable approach to "fork"
>> and start a new project with a new crew instead of e.g. trying to twist an
>> existing project team or revive a zombie under an inactive project lead.
>> Sometimes a little competition can do wonders. Allowing the "may the best
>> idea win" strategy.
>>
>> Personally, I would not want to limit any project team in its choice.
>> However, it would make sense to make sure that people are aware of what is
>> out there and whether it is still truly active. Otherwise you may face that
>> problem by accident. Our 160 projects is a huge number to go through just
>> to find out whether what you want to do already has a team working on it
>> and whether it is really active. We could try to make this easier with an
>> uptodate project inventory with some kind of current status data.
>>
>> Btw. one approach for that, would be to post new project ideas to the
>> community list and invite project contributors from the wider community to
>> join the team. And hopefully people could join the cause, shape the project
>> plan together and also share information about what is already out there.
>>
>> Just my 2cents.
>>
>> Tobias
>>
>>
>>
>>
>> On 26/08/14 17:42, johanna curiel curiel wrote:
>>
>>
>> Helping to extend an existing project is often much easier and more
>> useful than starting a completely new one...
>>
>>  Yes, we need to unify forces serving the same purpose, it makes it
>> easier for everyone.
>> We need to review carefully the submission of new projects so we can
>> guide new potential project leaders into exisiting projects and they should
>> take the time to verify if they revive an inactive one, join forces with
>> existing one or starting a new one, especially document projects seem to
>> suffer more of this issue(many treating the same subject almost
>> identically) than tools or code projects
>>
>>
>>  Regards
>>
>>  Johanna
>>
>> On Tuesday, August 26, 2014, psiinon <psiinon at gmail.com
>> <javascript:_e(%7B%7D,'cvml','psiinon at gmail.com');>> wrote:
>>
>>>   I'm in favor of this as well.
>>>
>>>  A slightly related point - in this industry we do seem to suffer a lot
>>> from NIH (Not Invented Here, for non native English speakers).
>>>  When someone proposes a new project can we ask them to check that there
>>> isnt already a related OWASP project?
>>>  Helping to extend an existing project is often much easier and more
>>> useful than starting a completely new one...
>>>
>>>  Cheers,
>>>
>>> Simon
>>>
>>>
>>> On Mon, Aug 25, 2014 at 8:07 AM, Munir Njiru <munir.njiru at owasp.org>
>>> wrote:
>>>
>>>> I totally agree with that idea
>>>>
>>>>
>>>>   On Thu, Aug 21, 2014 at 8:30 PM, johanna curiel curiel <
>>>> johanna.curiel at owasp.org> wrote:
>>>>
>>>>>  Leaders
>>>>>
>>>>>  After reviewing the entire list of code and tool projects , from
>>>>> incubator to labs and flagship I have observed a main issue: Many projects
>>>>> start without a single line of code, a binary or executable version of a
>>>>> program.
>>>>>
>>>>>  This really creates an 'empty' list of projects(more than 50
>>>>> projects were empty) that never launched or released a single line of code.
>>>>>
>>>>>  At OWASP we don't have an army of volunteers or paid staff to keep
>>>>> up monitoring and maintain this, therefore I'm proposing a new guideline to
>>>>> solve this issue. Anyone who wishes to start a project(tool/code) must have
>>>>> at least:
>>>>> -An open source repository
>>>>> -At least some code written
>>>>>
>>>>>  The bar is low to allow development, but I think that any code/tool
>>>>> project must have at least this in order to be consider incubator.
>>>>>
>>>>>  Let me know your thoughts and we can add this to the guidelines
>>>>>
>>>>>  Regards
>>>>>
>>>>>  Johanna
>>>>>
>>>>>  _______________________________________________
>>>>> OWASP-Leaders mailing list
>>>>> OWASP-Leaders at lists.owasp.org
>>>>> https://lists.owasp.org/mailman/listinfo/owasp-leaders
>>>>>
>>>>>
>>>>
>>>>
>>>> --
>>>>  Munir Njenga,
>>>> OWASP Chapter Leader (Kenya) || Information Security Consultant ||
>>>> Developer
>>>> Mob   (KE) +254 (0) 734960670 <%2B254%20%280%29%20734960670>
>>>>
>>>> =============================
>>>>  Chapter Page: www.owasp.org/index.php/Kenya
>>>>  Email: munir.njiru at owasp.org
>>>>  Facebook: https://www.facebook.com/OWASP.Kenya
>>>>  Mailing List: https://lists.owasp.org/mailman/listinfo/owasp-Kenya
>>>>
>>>>
>>>> _______________________________________________
>>>> OWASP-Leaders mailing list
>>>> OWASP-Leaders at lists.owasp.org
>>>> https://lists.owasp.org/mailman/listinfo/owasp-leaders
>>>>
>>>>
>>>
>>>
>>> --
>>> OWASP ZAP <https://www.owasp.org/index.php/ZAP> Project leader
>>>
>>
>>
>> _______________________________________________
>> OWASP-Leaders mailing listOWASP-Leaders at lists.owasp.org <javascript:_e(%7B%7D,'cvml','OWASP-Leaders at lists.owasp.org');>https://lists.owasp.org/mailman/listinfo/owasp-leaders
>>
>>
>>
>
>
> --
> OWASP ZAP <https://www.owasp.org/index.php/ZAP> Project leader
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/owasp-leaders/attachments/20140827/4cf9b017/attachment.html>


More information about the OWASP-Leaders mailing list