[Owasp-leaders] Rethinking project stages and graduation process

Nikola Milosevic nikola.milosevic at owasp.org
Wed Dec 2 16:14:55 UTC 2015

Hello everyone,

I will rise one issue, since we are in a period when we need to rethink a
bit internal organization of OWASP because of various reasons and get
realistic and pragmatic with some. One issue that is troubling me for some
time are project stages and graduation process.

What is the problem?
On the first sight nothing. The process is nice and stages are ok defined.
Unless you are leading a project and want your project graduated, because
you think it is a time for your project, after some development from your
side and various contributors on Google Summer of Code and OWASP Code
Summer Sprint to be in the next stage (in my case Lab). Then you realize
that reviewing process lacks volunteers. Even Johanna who led project
review task force said that there was no real review committee or in other
word it was not big enough for the workload. After submitting review
request, when you don't get any real response for 4-5 months it gets a bit
frustrating. Especially, if you think that project is mature enough and
label incubator, could be a bit damaging.

I fully understand that we should have stages of project in order to
distinguish mature and well accepted project in the community from the new
ones. And review process worked for some time, but it seems to me that it
does not anymore. So I think we should get a bit more realistic and rethink
what we can do with current resources, so we can allow well performing
projects to grow, graduate and change to more mature stages. I would
welcome all ideas. However, I think for now it might be good idea to have
only flagship and non-flagship project (find better name). Since there are
only few flagship project, I think we will be able to review them and
potentially project wanting to graduate into flagships, while other will
not be labeled and stuck in some stage. Also, currently there is no big
difference in terms of resources between lab and incubator, apart from that
lab could have some sort of priority, which could be make equal.

Please let me know what you think and whether you think that current review
process is sustainable (since my experience showed different)?

Best regards,

Nikola Milošević
OWASP Seraphimdroid project leader
nikola.milosevic at owasp.org
OWASP - Open Web Application Security Project
OWASP Seraphimdroid Project
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/owasp-leaders/attachments/20151202/c84d735f/attachment.html>

More information about the OWASP-Leaders mailing list