[Owasp-leaders] Request for OWASP board to approves 100K for a project Summit in 2016

Mike Goodwin mike.goodwin at owasp.org
Mon Jun 29 15:41:53 UTC 2015

Hello all,

I agree that we want to encourage activity and forward progress on
projects, but does that mean that a summit should only be for established
projects that have delivered already? I am just in the process of starting
a new OWASP project - I'm waiting anxiously for its approval by the Project
Task Force. I'm the sole contributor at the moment,  but I am active on it,
it has regular code checkins and there is a working prototype that is
moving forward with a clear goal (it is
https://www.owasp.org/index.php/OWASP_Threat_Dragon for anyone that want to
take a look).

I would benefit a lot from the experience of other project leaders both
directly in terms of their opinion on the project and indirectly in terms
of how to promote a project and build its visibility and eventually its
user base. I'd love it to be the next ZAP! The time I need that support
most is now, at the start of the project, rather than once its already
succeeded. Or maybe to put it another way, I need a different type of
support as the leader of an incubator compared to the leaders of flagship

I appreciate that this is a tricky issue. Many organisations and businesses
suffer from the inability to end projects that have no chance of furthering
their mission. Given that our projects are volunteer-led, this will be even
more difficult for us. However, the best companies are the ones that can
judge where to focus their efforts, keeping a balanced portfolio of
established products alongside early stage ones. This is an extension inn
some ways of the the "risk taking in NFPs" discussion that Diniz Cruz

I'm not sure what the answer is, but I'm pretty sure that I could benefit
from the experience of meeting and talking with people who have already
turned incubator projects into flagships ones.

Thoughts and comments welcome!


On 28 June 2015 at 19:33, johanna curiel curiel <johanna.curiel at owasp.org>

> 100K can allow us to involve more projects but I believe in regulations.
> After having review so many projects, there are many people that were
> starting a project with no content and after a year or 2, an empty wiki
> page has hanging with the title project, but there was no project content
> to be found.
> I don't think we want to sponsor this kind of behaviour.
> We want to sponsor and support those projects that are working hard to get
> things done. Recession period is not the point here. It's about starting a
> project in a wiki page that never comes with a deliverable. But lets also
> consider that if a project has been inactive for more than 3 years and
> suddenly a project leader wants to 'revive the project', the summit should
> not be used as a kind of paid vacation and 'by the way' participate in the
> summit.
> Thats why we need some kind of rules for participation and regulation to
> avoid abuses.
> I think we need to make clear that anyone that wants to make use of funds
> for summits, have to produce a clear deliverable that contributes to their
> project. That's why now, our rules for starting projects must have some
> deliverables, but even so, there are still many projects that produce very
> little and are called projects. Like once Josh said, we should not confuse
> concepts or ideas and call them projects.
> I also like the idea of small events based on different regions that are
> more accessible for project leaders in different regions and time zones.
> On Sun, Jun 28, 2015 at 2:16 PM, Eoin Keary <eoin.keary at owasp.org> wrote:
>> Spot on Tobias.
>> A breakdown of the 100k would be a first step. Do we need 100k or
>> more/less?
>> I'm happy to help with this given my decent track record with flagship
>> projects.
>> I'd still suggest having more than 1 summit and having them more frequent
>> globally as projects may need a summit event at different times. - more
>> frequent and smaller events.
>> Eoin Keary
>> OWASP Volunteer
>> @eoinkeary
>> On 28 Jun 2015, at 21:00, Tobias <tobias.gondrom at owasp.org> wrote:
>> I agree. And big thanks to all the interest and voluntary announced
>> contributions.
>> It will be great see all this come to fruition.
>> And I believe it will also be good to see some basic plan for this to see
>> how much money we like to spend and how. Some more details down the road
>> will also help motivate chapters and sponsors even more.
>> Best regards, Tobias
>> Ps.: Small addition: if people feel that a committee is too complicated,
>> we could also handle this as an "initiative". Whatever works best for the
>> team.
>> On 28/06/15 19:35, Josh Sokol wrote:
>>  It's great to see a discussion already happening around this.  For
>> context, this was something that Dinis, Andrew, Mark, and I talked about on
>> the OWASP Podcast that we recorded last Friday.  It was an "initiative"
>> that Dinis suggested as a way to encourage Chapters and Projects to donate
>> some of their "ring-fenced" account money and further the OWASP mission.
>> With Tom already offering a $10k donation from the OWASP NJ Chapter, it
>> looks like we could pretty easily raise the $100k that Dinis suggests and
>> then some.  I believe that the Board would be in full support of this
>> initiative.  What I would propose is that those interested should establish
>> a new "OWASP Project Summit Committee" under the new Committees 2.0 model (
>> http://owasp.blogspot.com/2014/07/owasp-committees-20.html).  The first
>> step in this process is for a community member to propose the new committee
>> here on the Leaders List stating their rationale and desired scope for
>> creating a new committee.  Basically, we need someone to step up to lead
>> the initial effort of scoping what this committee will be responsible for
>> doing.  Once we have that, the Board will determine if there is an existing
>> conflict (I doubt it) and then will initiate a public call for people
>> interested in membership.  By creating a committee for this initiative, we
>> are empowering those committee members to take action as defined in the
>> scope and spend money as allocated by the budget.  Is there someone who
>> would like to take lead on forming the committee?
>>  ~josh
>> On Fri, Jun 26, 2015 at 5:06 PM, Dinis Cruz <dinis.cruz at owasp.org> wrote:
>>> And then ask for a a team or OWASP leaders to lead that effort.
>>>  Josh and Andrew can provide more details on the context of this request
>>>  Dinis
>>> _______________________________________________
>>> OWASP-Leaders mailing list
>>> OWASP-Leaders at lists.owasp.org
>>> https://lists.owasp.org/mailman/listinfo/owasp-leaders
>> _______________________________________________
>> OWASP-Leaders mailing listOWASP-Leaders at lists.owasp.orghttps://lists.owasp.org/mailman/listinfo/owasp-leaders
>> _______________________________________________
>> OWASP-Leaders mailing list
>> OWASP-Leaders at lists.owasp.org
>> https://lists.owasp.org/mailman/listinfo/owasp-leaders
>> _______________________________________________
>> OWASP-Leaders mailing list
>> OWASP-Leaders at lists.owasp.org
>> https://lists.owasp.org/mailman/listinfo/owasp-leaders
> _______________________________________________
> OWASP-Leaders mailing list
> OWASP-Leaders at lists.owasp.org
> https://lists.owasp.org/mailman/listinfo/owasp-leaders
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/owasp-leaders/attachments/20150629/c74a72f5/attachment-0001.html>

More information about the OWASP-Leaders mailing list