[Owasp-leaders] Rethinking project stages and graduation process

Tim tim.morgan at owasp.org
Wed Dec 2 17:04:09 UTC 2015

This is an area where contributors could be compensated hourly or on a
per-review basis.  Doing project reviews has got to be a thankless,
never-ending job.  I suspect it doesn't make sense to use our full
time staff to do this, because our full time staff often don't have
the experience to evaluate projects (correct me if I'm wrong).  So
could contributors on the project review team be compensated for their
time reviewing projects?  It doesn't need to be a steep rate.  Just
something to make people feel it is worth the grind.  What other
operational areas are we hurting in where this could work?


On Wed, Dec 02, 2015 at 04:14:55PM +0000, Nikola Milosevic wrote:
> Hello everyone,
> I will rise one issue, since we are in a period when we need to rethink a
> bit internal organization of OWASP because of various reasons and get
> realistic and pragmatic with some. One issue that is troubling me for some
> time are project stages and graduation process.
> What is the problem?
> On the first sight nothing. The process is nice and stages are ok defined.
> Unless you are leading a project and want your project graduated, because
> you think it is a time for your project, after some development from your
> side and various contributors on Google Summer of Code and OWASP Code
> Summer Sprint to be in the next stage (in my case Lab). Then you realize
> that reviewing process lacks volunteers. Even Johanna who led project
> review task force said that there was no real review committee or in other
> word it was not big enough for the workload. After submitting review
> request, when you don't get any real response for 4-5 months it gets a bit
> frustrating. Especially, if you think that project is mature enough and
> label incubator, could be a bit damaging.
> I fully understand that we should have stages of project in order to
> distinguish mature and well accepted project in the community from the new
> ones. And review process worked for some time, but it seems to me that it
> does not anymore. So I think we should get a bit more realistic and rethink
> what we can do with current resources, so we can allow well performing
> projects to grow, graduate and change to more mature stages. I would
> welcome all ideas. However, I think for now it might be good idea to have
> only flagship and non-flagship project (find better name). Since there are
> only few flagship project, I think we will be able to review them and
> potentially project wanting to graduate into flagships, while other will
> not be labeled and stuck in some stage. Also, currently there is no big
> difference in terms of resources between lab and incubator, apart from that
> lab could have some sort of priority, which could be make equal.
> Please let me know what you think and whether you think that current review
> process is sustainable (since my experience showed different)?
> Best regards,
> Nikola Milošević
> OWASP Seraphimdroid project leader
> nikola.milosevic at owasp.org
> OWASP - Open Web Application Security Project
> <https://www.owasp.org/index.php/Main_Page>
> OWASP Seraphimdroid Project
> <https://www.owasp.org/index.php/OWASP_SeraphimDroid_Project>

> _______________________________________________
> OWASP-Leaders mailing list
> OWASP-Leaders at lists.owasp.org
> https://lists.owasp.org/mailman/listinfo/owasp-leaders

More information about the OWASP-Leaders mailing list