[Owasp-leaders] Rethinking project stages and graduation process

Jim Manico jim.manico at owasp.org
Thu Dec 3 00:34:57 UTC 2015

I absolutely think that is a great idea. I would love to hire the right 
folk to review projects, it would encourage more participation in the 
task force.  I'll add this idea to the Dec 9 board meeting.

  - Jim

On 12/2/15 7:04 PM, Tim wrote:
> This is an area where contributors could be compensated hourly or on a
> per-review basis.  Doing project reviews has got to be a thankless,
> never-ending job.  I suspect it doesn't make sense to use our full
> time staff to do this, because our full time staff often don't have
> the experience to evaluate projects (correct me if I'm wrong).  So
> could contributors on the project review team be compensated for their
> time reviewing projects?  It doesn't need to be a steep rate.  Just
> something to make people feel it is worth the grind.  What other
> operational areas are we hurting in where this could work?
> tim
> On Wed, Dec 02, 2015 at 04:14:55PM +0000, Nikola Milosevic wrote:
>> Hello everyone,
>> I will rise one issue, since we are in a period when we need to rethink a
>> bit internal organization of OWASP because of various reasons and get
>> realistic and pragmatic with some. One issue that is troubling me for some
>> time are project stages and graduation process.
>> What is the problem?
>> On the first sight nothing. The process is nice and stages are ok defined.
>> Unless you are leading a project and want your project graduated, because
>> you think it is a time for your project, after some development from your
>> side and various contributors on Google Summer of Code and OWASP Code
>> Summer Sprint to be in the next stage (in my case Lab). Then you realize
>> that reviewing process lacks volunteers. Even Johanna who led project
>> review task force said that there was no real review committee or in other
>> word it was not big enough for the workload. After submitting review
>> request, when you don't get any real response for 4-5 months it gets a bit
>> frustrating. Especially, if you think that project is mature enough and
>> label incubator, could be a bit damaging.
>> I fully understand that we should have stages of project in order to
>> distinguish mature and well accepted project in the community from the new
>> ones. And review process worked for some time, but it seems to me that it
>> does not anymore. So I think we should get a bit more realistic and rethink
>> what we can do with current resources, so we can allow well performing
>> projects to grow, graduate and change to more mature stages. I would
>> welcome all ideas. However, I think for now it might be good idea to have
>> only flagship and non-flagship project (find better name). Since there are
>> only few flagship project, I think we will be able to review them and
>> potentially project wanting to graduate into flagships, while other will
>> not be labeled and stuck in some stage. Also, currently there is no big
>> difference in terms of resources between lab and incubator, apart from that
>> lab could have some sort of priority, which could be make equal.
>> Please let me know what you think and whether you think that current review
>> process is sustainable (since my experience showed different)?
>> Best regards,
>> Nikola Milošević
>> OWASP Seraphimdroid project leader
>> nikola.milosevic at owasp.org
>> OWASP - Open Web Application Security Project
>> <https://www.owasp.org/index.php/Main_Page>
>> OWASP Seraphimdroid Project
>> <https://www.owasp.org/index.php/OWASP_SeraphimDroid_Project>
>> _______________________________________________
>> OWASP-Leaders mailing list
>> OWASP-Leaders at lists.owasp.org
>> https://lists.owasp.org/mailman/listinfo/owasp-leaders
> _______________________________________________
> OWASP-Leaders mailing list
> OWASP-Leaders at lists.owasp.org
> https://lists.owasp.org/mailman/listinfo/owasp-leaders

More information about the OWASP-Leaders mailing list