[Owasp-leaders] BCS Talk on "Open Source Security Successes & Failures"

johanna curiel curiel johanna.curiel at owasp.org
Thu Sep 11 14:16:02 UTC 2014


>looking at the successes and failures of open source security projects

Adrian, one case is owasp projects .After having review all tools/code and
big part of the documentation these are my findings Many projects have
started and many have  failed to even make their first release or sustain
their projects. Here are a couple of things I would like to share

-Many people begin a project with an idea but never think on how to execute
that idea into a project
-The amount of effort necessary to create a project is directly depended on
the complexity of it. The more complex, the more time is needed to realize
it and many people seem not to realize this
-Many Projects are treated like hobbies or fun projects so there is no
sense of priority to finish and keep on producing
-Lack of time: Many seems not to have enough time to realize the proposed
projects
-Divide and conquer. Very few projects apply this principle for developing
their tools. Roadmaps tend to be very vague
-Little experience with project management and estimation
-Documentation: Many incubator projects lack a proper user/installation
guide. The more complex is to use the tool, the better the documentation
must be otherwise, no one uses the tool/project
-Lack of description: Very vague description what is the project and its
purpose
-A tendency to repeat existing projects: Documentation indulge in this sin
more often than code/tools. Many incubator docs are a malformed clone of
successful existing documentation
-Lack of originality/explore new fields of research: very few projects are
really unique in their nature. There is no clear attempt to solve missing
gaps in the security arena.
-Lack of promotion: the project is not going to be consume just by being
displayed in the owasp wiki. The amount of time/money project leaders must
invest to promote their project is considerable and its quite
underestimated by many.
-High expectations: many project leaders seems to expect that OWASP must do
the most of the promotion work and maintenance of info/sponsors/grants for
them. Unfortunately, this is not supported as expected. Project leaders
must take more initiative to do their promotion and look and ask for staff
support. Keep in mind OWASP has really a small staff too.

On Thu, Sep 11, 2014 at 8:33 AM, Adrian Winckles <adrian.winckles at owasp.org>
wrote:

> Dear All
>
> I'm doing a talk to the BCS Open Source groups security day event in a
> couple of weeks, looking at the successes and failures of open source
> security projects.
>
> Does anyone have any good case OWASP study material I could use (other
> than the obvious Heartbleed etc)
>
> Thanks
>
> Adrian
>
> OWASP UK Cambridge Chapter Leader
> _______________________________________________
> OWASP-Leaders mailing list
> OWASP-Leaders at lists.owasp.org
> https://lists.owasp.org/mailman/listinfo/owasp-leaders
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/owasp-leaders/attachments/20140911/ba867d50/attachment.html>


More information about the OWASP-Leaders mailing list