[Owasp-leaders] Rethinking project stages and graduation process

Munir Njiru munir.njiru at owasp.org
Thu Dec 3 07:01:37 UTC 2015

Hi All,
I believe this would be a topic that needs to be highly considered in line
with the structuring of projects. It is such things that have raised
concerns and have kept a number of projects unsustainable , in the end if
the cycle remains unchanged and the downard trend keeps up with mature
projects also choosing to move forth from the OWASP umbrella it would
weaken the community's faith in what OWASP has to offer. There are very few
people working on projects and reviews have to be indepth as some projects
are quite tasking when performing an end to end review , this takes time.
Having worked abit with Johanna in cleaning things up and currently working
with Claudia i do see the challenges we face in these reviews. Hope this
can be made better as it may hurt the kind of projects being roped in.

Kind Regards,

Munir Njenga,
OWASP Chapter Leader (Kenya) || Information Security Consultant || Developer
Mob   (KE) +254 (0) 734960670

Chapter Page: www.owasp.org/index.php/Kenya
Email: munir.njiru at owasp.org
Facebook: https://www.facebook.com/OWASP.Kenya
Mailing List: https://lists.owasp.org/mailman/listinfo/owasp-Kenya

On Thu, Dec 3, 2015 at 3:34 AM, Jim Manico <jim.manico at owasp.org> wrote:

> I absolutely think that is a great idea. I would love to hire the right
> folk to review projects, it would encourage more participation in the task
> force.  I'll add this idea to the Dec 9 board meeting.
>  - Jim
> On 12/2/15 7:04 PM, Tim wrote:
>> This is an area where contributors could be compensated hourly or on a
>> per-review basis.  Doing project reviews has got to be a thankless,
>> never-ending job.  I suspect it doesn't make sense to use our full
>> time staff to do this, because our full time staff often don't have
>> the experience to evaluate projects (correct me if I'm wrong).  So
>> could contributors on the project review team be compensated for their
>> time reviewing projects?  It doesn't need to be a steep rate.  Just
>> something to make people feel it is worth the grind.  What other
>> operational areas are we hurting in where this could work?
>> tim
>> On Wed, Dec 02, 2015 at 04:14:55PM +0000, Nikola Milosevic wrote:
>>> Hello everyone,
>>> I will rise one issue, since we are in a period when we need to rethink a
>>> bit internal organization of OWASP because of various reasons and get
>>> realistic and pragmatic with some. One issue that is troubling me for
>>> some
>>> time are project stages and graduation process.
>>> What is the problem?
>>> On the first sight nothing. The process is nice and stages are ok
>>> defined.
>>> Unless you are leading a project and want your project graduated, because
>>> you think it is a time for your project, after some development from your
>>> side and various contributors on Google Summer of Code and OWASP Code
>>> Summer Sprint to be in the next stage (in my case Lab). Then you realize
>>> that reviewing process lacks volunteers. Even Johanna who led project
>>> review task force said that there was no real review committee or in
>>> other
>>> word it was not big enough for the workload. After submitting review
>>> request, when you don't get any real response for 4-5 months it gets a
>>> bit
>>> frustrating. Especially, if you think that project is mature enough and
>>> label incubator, could be a bit damaging.
>>> I fully understand that we should have stages of project in order to
>>> distinguish mature and well accepted project in the community from the
>>> new
>>> ones. And review process worked for some time, but it seems to me that it
>>> does not anymore. So I think we should get a bit more realistic and
>>> rethink
>>> what we can do with current resources, so we can allow well performing
>>> projects to grow, graduate and change to more mature stages. I would
>>> welcome all ideas. However, I think for now it might be good idea to have
>>> only flagship and non-flagship project (find better name). Since there
>>> are
>>> only few flagship project, I think we will be able to review them and
>>> potentially project wanting to graduate into flagships, while other will
>>> not be labeled and stuck in some stage. Also, currently there is no big
>>> difference in terms of resources between lab and incubator, apart from
>>> that
>>> lab could have some sort of priority, which could be make equal.
>>> Please let me know what you think and whether you think that current
>>> review
>>> process is sustainable (since my experience showed different)?
>>> Best regards,
>>> Nikola Milošević
>>> OWASP Seraphimdroid project leader
>>> nikola.milosevic at owasp.org
>>> OWASP - Open Web Application Security Project
>>> <https://www.owasp.org/index.php/Main_Page>
>>> OWASP Seraphimdroid Project
>>> <https://www.owasp.org/index.php/OWASP_SeraphimDroid_Project>
>>> _______________________________________________
>>> OWASP-Leaders mailing list
>>> OWASP-Leaders at lists.owasp.org
>>> https://lists.owasp.org/mailman/listinfo/owasp-leaders
>> _______________________________________________
>> OWASP-Leaders mailing list
>> OWASP-Leaders at lists.owasp.org
>> https://lists.owasp.org/mailman/listinfo/owasp-leaders
> _______________________________________________
> OWASP-Leaders mailing list
> OWASP-Leaders at lists.owasp.org
> https://lists.owasp.org/mailman/listinfo/owasp-leaders
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/owasp-leaders/attachments/20151203/beebc844/attachment.html>

More information about the OWASP-Leaders mailing list