[Owasp-leaders] Board meeting - proposed discussion items

Jim Manico jim.manico at owasp.org
Sat Dec 5 03:33:35 UTC 2015


 > If they are unhappy then I would like to know if they think anything 
should change, particularly with respect to the amount of time and money 
that is invested in them.

Here are the following things the board is /considering/ funding around 
projects right now. If you have any other suggestions - and I hope you 
do - now is THE TIME to get that strategy and funding allocations into 
this proposal for discussion. :)

*

 1.

    Project Platform

      *

        Objective.

         1.

            Provide the OWASP projects community a mature project
            platform to encourage senior developers to participate in
            the various and many OWASP projects.  (Still valid objective
            statement, or update for 2016?)

         2.

            Provide support for all aspects of Project creation,
            development, testing and publication to facilitate
            innovative and effective tools and documentation to make
            Application Security visible and accessible to all.

      *

        Funding Proposal:

         1.

            $100,000 for two (2) Project Summits ($50,000 each) or (1)
              large Project Summit

         2.

            $30,000 for Community Engagement-Projects from Foundation Budget

         3.

            $25,000 for Summer/Winter of Code Program

         4.

            Full-time Project Coordinator, staffed from Foundation Budget

         5.

            $25,000  for payments for contractors to conduct project reviews

         6.

            ~$45,000 Carry-over budget from 2015 already allocated to
            specific Projects

      *

        Anticipated Output

         1.

            Project Summits – 2 per year *or one big one*.  Aim for week
            long events.  $*10*0K @*50*K apiece.  Additional funding to
            come from ‘Sponsor donations’ or from Chapter donations

         2.

            Upgrade IT infrastructure per Matt’s recommendations

         3.

            Expand Project Task Force for improved Project review and
            community vetting process as projects graduate to Lab and
            Flagship status

      *

        Resource requirement.  Need Volunteers for Project Task Force
        plus Community Planning team, supported by staff to organize and
        implement.  Volunteers & funding.

      * Metric:  TBD

*
Other ideas being considered to enhance projects are listed here. John 
Melton, Josh and others added to this list.

  * New Project Ideas. Where is industry going, where will it be in 5
    years? OWASP should suggest projects that we need and find team to
    build them!
  * Project Summit support & funding
  * International Chapter / Region support & funding for projects
  * Hire full or part time technical writer to help with project (from
    Simon, flagship project lead)
  * a platform for funding pull requests / contributions to projects -
    this could be a way to financially reward folks for contributing. I
    know ZAP recently experimented with this - not sure how it went, but
    we have money - might be a good way to spend it (maybe leveraging
    something like the bithub
    ideahttps://whispersystems.org/blog/bithub/). I would want the
    ability to personally remove myself from the ability of receiving
    payment. (from John Melton, flagship project lead)
  * help with applying for grants - including letting us know of
    available grants and helping us do the paperwork if necessary
  * make inter-project recommendations - since you sit at a level where
    you see various projects, maybe make recommendations for areas where
    multiple projects could collaborate for added value (from John
    Melton, flagship project lead)
  * project of the month - this may already happen, but if not, maybe
    the newsletter could feature a project every month, including
    information like a project overview, an audio interview with the
    project leader(s), a list of priority tasks for people to help with,
    etc. (from John Melton, flagship project lead)
  * get access to available free tools - I've actually seen several
    tools that are available for use within OWASP, though I hear about
    them haphazardly. It would be good if there were a single resource
    for leads to know what was available. Thinking of things like: free
    licenses of paid software (intellij, webex) or access to
    products/services (surveymonkey, AWS, GCE or Azure credits) that
    could be useful to the project (from John Melton, flagship project lead)
  * conducting surveys - We do surveys periodically, and I fill them
    out. Joanna has used them to good effect. We might be able to make
    that more regular and get good data on our projects.
  * "help wanted" site - We use github issues on our project. However,
    one thing I hear repeatedly is project leaders saying they need
    help, and owasp members asking how to help. It seems like we could
    put up a "jobs" board of some kind to connect folks within the
    community for things like this. We could probably connect this to $
    in some way if we wanted to. I imagine there's a tool out there that
    already does this too. (from John Melton, flagship project lead)
  * continue and expand "summer of code" programs - I believe these
    programs add lots of value. Not only do they get practical things
    done on the projects, but they give us good visibility, get people
    involved in the projects (many continue to contribute), give us good
    press in the community, and invigorate the mentors as well. (from
    John Melton, flagship project lead)


Can you give me a hand with the Strategic Goals around projects to make 
sure we're asking for the right things?

Aloha,
Jim


On 12/3/15 6:45 AM, psiinon wrote:
> Board,
> cc the leaders list,
>
> Topic: OWASP (code) projects
>
> I believe that the OWASP code projects are in crisis. Maybe other 
> types as well, but I'll let other more knowledgeable people speak for 
> those.
> I think that code projects bring significant benefits to OWASP, but 
> unfortunately they are much less tangible than the money that 
> conferences bring in.
> I think that code projects are poorly supported by OWASP, particularly 
> large and active projects like ZAP.
> I would like to know if the board is happy with the current state of 
> affairs re code projects.
> If they are unhappy then I would like to know if they think anything 
> should change, particularly with respect to the amount of time and 
> money that is invested in them.
>
> Topic: Communications with employees and contributors
>
> We've just seen a valued and very active contributor leave OWASP, and 
> it appears that the nature of recent email discussions was a major 
> contributing factor.
> We've also had a well publicised incident in the past whereby an 
> employee left in which email discussions appear to have also played a 
> significant role.
> I think its fair to say that in both cases the individuals have 
> expressed that they did not think that they were treated with the 
> respect that they deserved.
> Does the board accept that we might have an issue regarding email 
> discussions getting out of hand?
> If so, does the board propose to do anything about it?
> Hint: perhaps an external organisation could provide valuable advise 
> and guidance here?
>
> I look forward to hearing if these topics are discussed at the next 
> board meeting and what the conclusions are, if any.
>
> Leaders - feel free to chip in with your thoughts...
>
> Cheers,
>
> Simon
>
> -- 
> OWASP ZAP <https://www.owasp.org/index.php/ZAP> Project leader
>
>
> _______________________________________________
> OWASP-Leaders mailing list
> OWASP-Leaders at lists.owasp.org
> https://lists.owasp.org/mailman/listinfo/owasp-leaders

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/owasp-leaders/attachments/20151204/ff13eed8/attachment-0001.html>


More information about the OWASP-Leaders mailing list