[Owasp-leaders] Board meeting - proposed discussion items

Dinis Cruz dinis.cruz at owasp.org
Sun Dec 6 12:20:19 UTC 2015

Nice list Jim, now we're talking :)

Lets see what happens
On 5 Dec 2015 3:35 am, "Jim Manico" <jim.manico at owasp.org> wrote:

> > If they are unhappy then I would like to know if they think anything
> should change, particularly with respect to the amount of time and money
> that is invested in them.
> Here are the following things the board is *considering* funding around
> projects right now. If you have any other suggestions - and I hope you do -
> now is THE TIME to get that strategy and funding allocations into this
> proposal for discussion. :)
> * 1. Project Platform - Objective.   1. Provide the OWASP projects
> community a mature project platform to encourage senior developers to
> participate in the various and many OWASP projects.  (Still valid objective
> statement, or update for 2016?) 2. Provide support for all aspects of
> Project creation, development, testing and publication to facilitate
> innovative and effective tools and documentation to make Application
> Security visible and accessible to all. - Funding Proposal: 1. $100,000 for
> two (2) Project Summits ($50,000 each) or (1)  large Project Summit 2.
> $30,000 for Community Engagement-Projects from Foundation Budget 3. $25,000
> for Summer/Winter of Code Program 4. Full-time Project Coordinator, staffed
> from Foundation Budget 5. $25,000  for payments for contractors to conduct
> project reviews 6. ~$45,000 Carry-over budget from 2015 already allocated
> to specific Projects - Anticipated Output 1. Project Summits – 2 per year
> or one big one.  Aim for week long events.  $100K @50K apiece.  Additional
> funding to come from ‘Sponsor donations’ or from Chapter donations 2.
> Upgrade IT infrastructure per Matt’s recommendations 3. Expand Project Task
> Force for improved Project review and community vetting process as projects
> graduate to Lab and Flagship status - Resource requirement.  Need
> Volunteers for Project Task Force plus Community Planning team, supported
> by staff to organize and implement.  Volunteers & funding. - Metric:  TBD *
> Other ideas being considered to enhance projects are listed here. John
> Melton, Josh and others added to this list.
>    - New Project Ideas. Where is industry going, where will it be in 5
>    years? OWASP should suggest projects that we need and find team to build
>    them!
>    - Project Summit support & funding
>    - International Chapter / Region support & funding for projects
>    - Hire full or part time technical writer to help with project (from
>    Simon, flagship project lead)
>    - a platform for funding pull requests / contributions to projects -
>    this could be a way to financially reward folks for contributing. I know
>    ZAP recently experimented with this - not sure how it went, but we have
>    money - might be a good way to spend it (maybe leveraging something like
>    the bithub ideahttps://whispersystems.org/blog/bithub/). I would want
>    the ability to personally remove myself from the ability of receiving
>    payment. (from John Melton, flagship project lead)
>    - help with applying for grants - including letting us know of
>    available grants and helping us do the paperwork if necessary
>    - make inter-project recommendations - since you sit at a level where
>    you see various projects, maybe make recommendations for areas where
>    multiple projects could collaborate for added value (from John Melton,
>    flagship project lead)
>    - project of the month - this may already happen, but if not, maybe
>    the newsletter could feature a project every month, including information
>    like a project overview, an audio interview with the project leader(s), a
>    list of priority tasks for people to help with, etc. (from John Melton,
>    flagship project lead)
>    - get access to available free tools - I've actually seen several
>    tools that are available for use within OWASP, though I hear about them
>    haphazardly. It would be good if there were a single resource for leads to
>    know what was available. Thinking of things like: free licenses of paid
>    software (intellij, webex) or access to products/services (surveymonkey,
>    AWS, GCE or Azure credits) that could be useful to the project (from John
>    Melton, flagship project lead)
>    - conducting surveys - We do surveys periodically, and I fill them
>    out. Joanna has used them to good effect. We might be able to make that
>    more regular and get good data on our projects.
>    - "help wanted" site - We use github issues on our project. However,
>    one thing I hear repeatedly is project leaders saying they need help, and
>    owasp members asking how to help. It seems like we could put up a "jobs"
>    board of some kind to connect folks within the community for things like
>    this. We could probably connect this to $ in some way if we wanted to. I
>    imagine there's a tool out there that already does this too. (from John
>    Melton, flagship project lead)
>    - continue and expand "summer of code" programs - I believe these
>    programs add lots of value. Not only do they get practical things done on
>    the projects, but they give us good visibility, get people involved in the
>    projects (many continue to contribute), give us good press in the
>    community, and invigorate the mentors as well. (from John Melton, flagship
>    project lead)
> Can you give me a hand with the Strategic Goals around projects to make
> sure we're asking for the right things?
> Aloha,
> Jim
> On 12/3/15 6:45 AM, psiinon wrote:
> Board,
> cc the leaders list,
> Topic: OWASP (code) projects
> I believe that the OWASP code projects are in crisis. Maybe other types as
> well, but I'll let other more knowledgeable people speak for those.
> I think that code projects bring significant benefits to OWASP, but
> unfortunately they are much less tangible than the money that conferences
> bring in.
> I think that code projects are poorly supported by OWASP, particularly
> large and active projects like ZAP.
> I would like to know if the board is happy with the current state of
> affairs re code projects.
> If they are unhappy then I would like to know if they think anything
> should change, particularly with respect to the amount of time and money
> that is invested in them.
> Topic: Communications with employees and contributors
> We've just seen a valued and very active contributor leave OWASP, and it
> appears that the nature of recent email discussions was a major
> contributing factor.
> We've also had a well publicised incident in the past whereby an employee
> left in which email discussions appear to have also played a significant
> role.
> I think its fair to say that in both cases the individuals have expressed
> that they did not think that they were treated with the respect that they
> deserved.
> Does the board accept that we might have an issue regarding email
> discussions getting out of hand?
> If so, does the board propose to do anything about it?
> Hint: perhaps an external organisation could provide valuable advise and
> guidance here?
> I look forward to hearing if these topics are discussed at the next board
> meeting and what the conclusions are, if any.
> Leaders - feel free to chip in with your thoughts...
> Cheers,
> Simon
> --
> OWASP ZAP <https://www.owasp.org/index.php/ZAP> Project leader
> _______________________________________________
> OWASP-Leaders mailing listOWASP-Leaders at lists.owasp.orghttps://lists.owasp.org/mailman/listinfo/owasp-leaders
> _______________________________________________
> OWASP-Leaders mailing list
> OWASP-Leaders at lists.owasp.org
> https://lists.owasp.org/mailman/listinfo/owasp-leaders
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/owasp-leaders/attachments/20151206/bb6c2455/attachment-0001.html>

More information about the OWASP-Leaders mailing list