[Owasp-leaders] BCS Talk on "Open Source Security Successes & Failures"

Timur 'x' Khrotko (owasp) timur at owasp.org
Thu Sep 11 14:45:05 UTC 2014


+1
On Sep 11, 2014 6:37 PM, "Mark Miller" <mark.miller at owasp.org> wrote:

> Johanna - A much appreciated analysis of an underlying problem in the
> structure of the OWASP projects process. Thanks -- Mark
>
> On Thu, Sep 11, 2014 at 10:16 AM, johanna curiel curiel <
> johanna.curiel at owasp.org> wrote:
>
>> >looking at the successes and failures of open source security projects
>>
>> Adrian, one case is owasp projects .After having review all tools/code
>> and big part of the documentation these are my findings Many projects have
>> started and many have  failed to even make their first release or sustain
>> their projects. Here are a couple of things I would like to share
>>
>> -Many people begin a project with an idea but never think on how to
>> execute that idea into a project
>> -The amount of effort necessary to create a project is directly depended
>> on the complexity of it. The more complex, the more time is needed to
>> realize it and many people seem not to realize this
>> -Many Projects are treated like hobbies or fun projects so there is no
>> sense of priority to finish and keep on producing
>> -Lack of time: Many seems not to have enough time to realize the proposed
>> projects
>> -Divide and conquer. Very few projects apply this principle for
>> developing their tools. Roadmaps tend to be very vague
>> -Little experience with project management and estimation
>> -Documentation: Many incubator projects lack a proper user/installation
>> guide. The more complex is to use the tool, the better the documentation
>> must be otherwise, no one uses the tool/project
>> -Lack of description: Very vague description what is the project and its
>> purpose
>> -A tendency to repeat existing projects: Documentation indulge in this
>> sin more often than code/tools. Many incubator docs are a malformed clone
>> of successful existing documentation
>> -Lack of originality/explore new fields of research: very few projects
>> are really unique in their nature. There is no clear attempt to solve
>> missing gaps in the security arena.
>> -Lack of promotion: the project is not going to be consume just by being
>> displayed in the owasp wiki. The amount of time/money project leaders must
>> invest to promote their project is considerable and its quite
>> underestimated by many.
>> -High expectations: many project leaders seems to expect that OWASP must
>> do the most of the promotion work and maintenance of info/sponsors/grants
>> for them. Unfortunately, this is not supported as expected. Project leaders
>> must take more initiative to do their promotion and look and ask for staff
>> support. Keep in mind OWASP has really a small staff too.
>>
>> On Thu, Sep 11, 2014 at 8:33 AM, Adrian Winckles <
>> adrian.winckles at owasp.org> wrote:
>>
>>> Dear All
>>>
>>> I'm doing a talk to the BCS Open Source groups security day event in a
>>> couple of weeks, looking at the successes and failures of open source
>>> security projects.
>>>
>>> Does anyone have any good case OWASP study material I could use (other
>>> than the obvious Heartbleed etc)
>>>
>>> Thanks
>>>
>>> Adrian
>>>
>>> OWASP UK Cambridge Chapter Leader
>>> _______________________________________________
>>> OWASP-Leaders mailing list
>>> OWASP-Leaders at lists.owasp.org
>>> https://lists.owasp.org/mailman/listinfo/owasp-leaders
>>>
>>
>>
>> _______________________________________________
>> OWASP-Leaders mailing list
>> OWASP-Leaders at lists.owasp.org
>> https://lists.owasp.org/mailman/listinfo/owasp-leaders
>>
>>
>
>
> --
> *Mark Miller, Senior Storyteller*
> *Curator and Founder, Trusted Software Alliance*
>
> *Host and Executive Producer, OWASP 24/7 Podcast ChannelCommunity
> Advocate, Sonatype*
>
> *Developers and Application Security: Who is Responsible?*
> <https://www.surveymonkey.com/s/Developers_and_AppSec>
>
>
> _______________________________________________
> OWASP-Leaders mailing list
> OWASP-Leaders at lists.owasp.org
> https://lists.owasp.org/mailman/listinfo/owasp-leaders
>
>

-- 
Email us to enforce secure link with your mail servers (domain).
This message may contain confidential information - you should handle it 
accordingly.
Ez a levél bizalmas információt tartalmazhat, és ekként kezelendő.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/owasp-leaders/attachments/20140911/60c526ef/attachment-0001.html>


More information about the OWASP-Leaders mailing list