[Owasp-leaders] Should OWASP projects (and in particular ZAP) aim to leave the OWASP nest?

Jim Manico jim.manico at owasp.org
Thu Dec 3 00:28:26 UTC 2015


 > I believe a significant reason OWASP isn't a good home for many 
projects is that we are unable to spend funds on people's time.

That is not a rule at all - no one is stopping project leaders from 
using their funds to hire folk. Some really do not like this idea but 
it's not (at all) a rule.

- Jim


On 12/2/15 4:04 PM, Andrew Muller wrote:
> I believe a significant reason OWASP isn't a good home for many 
> projects is that we are unable to spend funds on people's time. I 
> understand the reasons but this stymies progress and requires folks 
> like Mozilla to pay for people's time, which is a rare example of 
> generosity and community spirit. That said, OWASP is a great promotion 
> vehicle for projects and generates many volunteer requests (and less 
> action). But these we only two examples (one good, one bad). There are 
> many more.
>
> I see no point begging for ZAP to remain with OWASP, but rather 
> careful, and perhapspainful, introspection as to why OWASP is failing 
> projects. There have been some epic and heartbreaking failures 
> recently, but there is still much good in it. I think it would be 
> worthwhile having someone impartial who understands corporate 
> governance review where we're at. This could funded by the pool of 
> funds available to OWASP and would be a strong and justifiable investment.
>
> On Wednesday, 2 December 2015, Josh Sokol <josh.sokol at owasp.org 
> <mailto:josh.sokol at owasp.org>> wrote:
>
>     Simon,
>
>     It might help if you could elaborate on what OWASP can do to help
>     you get to the next level (whatever that is).  OWASP has a lot of
>     people, money, etc that are at our Leaders' disposal.  If this
>     decision would be made on resources, or lack thereof, then I think
>     we can help justify sticking around.  If there's something bigger
>     (like how to make ZAP a freemium model perhaps), then I would like
>     to see us having those conversations as well.  In short, I believe
>     that ZAP (or any project for that matter) is good for OWASP and
>     want to see OWASP reciprocate in ways that are beneficial to ZAP.
>
>     ~josh
>
>     On Dec 2, 2015 3:14 AM, "psiinon" <psiinon at gmail.com
>     <javascript:_e(%7B%7D,'cvml','psiinon at gmail.com');>> wrote:
>
>         In a recent thread
>         <http://lists.owasp.org/pipermail/owasp-leaders/2015-December/015726.html>
>         Dinis stated:
>
>         "all Owasp projects should be seen as research projects. The
>         moment they are big enough (i.e. big team, support,
>         deliverables) and wish to move beyond the 'research label' ,
>         is the moment where they need to leave the 'Owasp nest' and
>         face the real world by themselves"
>
>         I have a lot of sympathy for this perspective, and have indeed
>         been wondering if now is the right time for ZAP to "go it alone".
>
>         I'd like to stress that this is not just because of recent
>         controversies, so I'd like to discuss these as general
>         principals rather than in relation to recent events.
>
>         I believe that OWASP has been very beneficial to ZAP, but I'm
>         not sure that OWASP is really set up to support projects that
>         have grown to ZAP's size.
>
>         So, the 2 questions I'd be very interested in feedback on:
>
>           * Should OWASP projects aim to stand on their own outside of
>             OWASP?
>           * Is this the right time for ZAP to do so?
>
>         Many thanks,
>
>         Simon
>
>         -- 
>         OWASP ZAP <https://www.owasp.org/index.php/ZAP> Project leader
>
>         _______________________________________________
>         OWASP-Leaders mailing list
>         OWASP-Leaders at lists.owasp.org
>         <javascript:_e(%7B%7D,'cvml','OWASP-Leaders at lists.owasp.org');>
>         https://lists.owasp.org/mailman/listinfo/owasp-leaders
>
>
>
> -- 
> ____________________
> *Andrew Muller*
> Canberra OWASP Chapter Leader
> OWASP Testing Guide Co-Leader
>
>
>
> _______________________________________________
> OWASP-Leaders mailing list
> OWASP-Leaders at lists.owasp.org
> https://lists.owasp.org/mailman/listinfo/owasp-leaders

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/owasp-leaders/attachments/20151203/0df4d6f0/attachment.html>


More information about the OWASP-Leaders mailing list