[Owasp-leaders] Board meeting - proposed discussion items
Jim Manico
jim.manico at owasp.org
Sat Dec 5 03:33:35 UTC 2015
> If they are unhappy then I would like to know if they think anything
should change, particularly with respect to the amount of time and money
that is invested in them.
Here are the following things the board is /considering/ funding around
projects right now. If you have any other suggestions - and I hope you
do - now is THE TIME to get that strategy and funding allocations into
this proposal for discussion. :)
*
1.
Project Platform
*
Objective.
1.
Provide the OWASP projects community a mature project
platform to encourage senior developers to participate in
the various and many OWASP projects. (Still valid objective
statement, or update for 2016?)
2.
Provide support for all aspects of Project creation,
development, testing and publication to facilitate
innovative and effective tools and documentation to make
Application Security visible and accessible to all.
*
Funding Proposal:
1.
$100,000 for two (2) Project Summits ($50,000 each) or (1)
large Project Summit
2.
$30,000 for Community Engagement-Projects from Foundation Budget
3.
$25,000 for Summer/Winter of Code Program
4.
Full-time Project Coordinator, staffed from Foundation Budget
5.
$25,000 for payments for contractors to conduct project reviews
6.
~$45,000 Carry-over budget from 2015 already allocated to
specific Projects
*
Anticipated Output
1.
Project Summits – 2 per year *or one big one*. Aim for week
long events. $*10*0K @*50*K apiece. Additional funding to
come from ‘Sponsor donations’ or from Chapter donations
2.
Upgrade IT infrastructure per Matt’s recommendations
3.
Expand Project Task Force for improved Project review and
community vetting process as projects graduate to Lab and
Flagship status
*
Resource requirement. Need Volunteers for Project Task Force
plus Community Planning team, supported by staff to organize and
implement. Volunteers & funding.
* Metric: TBD
*
Other ideas being considered to enhance projects are listed here. John
Melton, Josh and others added to this list.
* New Project Ideas. Where is industry going, where will it be in 5
years? OWASP should suggest projects that we need and find team to
build them!
* Project Summit support & funding
* International Chapter / Region support & funding for projects
* Hire full or part time technical writer to help with project (from
Simon, flagship project lead)
* a platform for funding pull requests / contributions to projects -
this could be a way to financially reward folks for contributing. I
know ZAP recently experimented with this - not sure how it went, but
we have money - might be a good way to spend it (maybe leveraging
something like the bithub
ideahttps://whispersystems.org/blog/bithub/). I would want the
ability to personally remove myself from the ability of receiving
payment. (from John Melton, flagship project lead)
* help with applying for grants - including letting us know of
available grants and helping us do the paperwork if necessary
* make inter-project recommendations - since you sit at a level where
you see various projects, maybe make recommendations for areas where
multiple projects could collaborate for added value (from John
Melton, flagship project lead)
* project of the month - this may already happen, but if not, maybe
the newsletter could feature a project every month, including
information like a project overview, an audio interview with the
project leader(s), a list of priority tasks for people to help with,
etc. (from John Melton, flagship project lead)
* get access to available free tools - I've actually seen several
tools that are available for use within OWASP, though I hear about
them haphazardly. It would be good if there were a single resource
for leads to know what was available. Thinking of things like: free
licenses of paid software (intellij, webex) or access to
products/services (surveymonkey, AWS, GCE or Azure credits) that
could be useful to the project (from John Melton, flagship project lead)
* conducting surveys - We do surveys periodically, and I fill them
out. Joanna has used them to good effect. We might be able to make
that more regular and get good data on our projects.
* "help wanted" site - We use github issues on our project. However,
one thing I hear repeatedly is project leaders saying they need
help, and owasp members asking how to help. It seems like we could
put up a "jobs" board of some kind to connect folks within the
community for things like this. We could probably connect this to $
in some way if we wanted to. I imagine there's a tool out there that
already does this too. (from John Melton, flagship project lead)
* continue and expand "summer of code" programs - I believe these
programs add lots of value. Not only do they get practical things
done on the projects, but they give us good visibility, get people
involved in the projects (many continue to contribute), give us good
press in the community, and invigorate the mentors as well. (from
John Melton, flagship project lead)
Can you give me a hand with the Strategic Goals around projects to make
sure we're asking for the right things?
Aloha,
Jim
On 12/3/15 6:45 AM, psiinon wrote:
> Board,
> cc the leaders list,
>
> Topic: OWASP (code) projects
>
> I believe that the OWASP code projects are in crisis. Maybe other
> types as well, but I'll let other more knowledgeable people speak for
> those.
> I think that code projects bring significant benefits to OWASP, but
> unfortunately they are much less tangible than the money that
> conferences bring in.
> I think that code projects are poorly supported by OWASP, particularly
> large and active projects like ZAP.
> I would like to know if the board is happy with the current state of
> affairs re code projects.
> If they are unhappy then I would like to know if they think anything
> should change, particularly with respect to the amount of time and
> money that is invested in them.
>
> Topic: Communications with employees and contributors
>
> We've just seen a valued and very active contributor leave OWASP, and
> it appears that the nature of recent email discussions was a major
> contributing factor.
> We've also had a well publicised incident in the past whereby an
> employee left in which email discussions appear to have also played a
> significant role.
> I think its fair to say that in both cases the individuals have
> expressed that they did not think that they were treated with the
> respect that they deserved.
> Does the board accept that we might have an issue regarding email
> discussions getting out of hand?
> If so, does the board propose to do anything about it?
> Hint: perhaps an external organisation could provide valuable advise
> and guidance here?
>
> I look forward to hearing if these topics are discussed at the next
> board meeting and what the conclusions are, if any.
>
> Leaders - feel free to chip in with your thoughts...
>
> Cheers,
>
> Simon
>
> --
> OWASP ZAP <https://www.owasp.org/index.php/ZAP> Project leader
>
>
> _______________________________________________
> OWASP-Leaders mailing list
> OWASP-Leaders at lists.owasp.org
> https://lists.owasp.org/mailman/listinfo/owasp-leaders
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/owasp-leaders/attachments/20151204/ff13eed8/attachment-0001.html>
More information about the OWASP-Leaders
mailing list