[Owasp-leaders] Request for OWASP board to approves 100K for a project Summit in 2016

Mark Miller mark.miller at owasp.org
Mon Jun 29 16:07:05 UTC 2015

I am editing the full OWASP 24/7 interview that Dinis, Andrew, Josh  and I
had last Friday regarding  the summit. It is my priority project for the
day, so I  have full intentions of making it available within the next few
hours. Stay tuned....

On Mon, Jun 29, 2015 at 11:41 AM, Mike Goodwin <mike.goodwin at owasp.org>

> Hello all,
> I agree that we want to encourage activity and forward progress on
> projects, but does that mean that a summit should only be for established
> projects that have delivered already? I am just in the process of starting
> a new OWASP project - I'm waiting anxiously for its approval by the Project
> Task Force. I'm the sole contributor at the moment,  but I am active on it,
> it has regular code checkins and there is a working prototype that is
> moving forward with a clear goal (it is
> https://www.owasp.org/index.php/OWASP_Threat_Dragon for anyone that want
> to take a look).
> I would benefit a lot from the experience of other project leaders both
> directly in terms of their opinion on the project and indirectly in terms
> of how to promote a project and build its visibility and eventually its
> user base. I'd love it to be the next ZAP! The time I need that support
> most is now, at the start of the project, rather than once its already
> succeeded. Or maybe to put it another way, I need a different type of
> support as the leader of an incubator compared to the leaders of flagship
> projects.
> I appreciate that this is a tricky issue. Many organisations and
> businesses suffer from the inability to end projects that have no chance of
> furthering their mission. Given that our projects are volunteer-led, this
> will be even more difficult for us. However, the best companies are the
> ones that can judge where to focus their efforts, keeping a balanced
> portfolio of established products alongside early stage ones. This is an
> extension inn some ways of the the "risk taking in NFPs" discussion that
> Diniz Cruz raised.
> I'm not sure what the answer is, but I'm pretty sure that I could benefit
> from the experience of meeting and talking with people who have already
> turned incubator projects into flagships ones.
> Thoughts and comments welcome!
> Mike
> On 28 June 2015 at 19:33, johanna curiel curiel <johanna.curiel at owasp.org>
> wrote:
>> 100K can allow us to involve more projects but I believe in regulations.
>> After having review so many projects, there are many people that were
>> starting a project with no content and after a year or 2, an empty wiki
>> page has hanging with the title project, but there was no project content
>> to be found.
>> I don't think we want to sponsor this kind of behaviour.
>> We want to sponsor and support those projects that are working hard to
>> get things done. Recession period is not the point here. It's about
>> starting a project in a wiki page that never comes with a deliverable. But
>> lets also consider that if a project has been inactive for more than 3
>> years and suddenly a project leader wants to 'revive the project', the
>> summit should not be used as a kind of paid vacation and 'by the way'
>> participate in the summit.
>> Thats why we need some kind of rules for participation and regulation to
>> avoid abuses.
>> I think we need to make clear that anyone that wants to make use of funds
>> for summits, have to produce a clear deliverable that contributes to their
>> project. That's why now, our rules for starting projects must have some
>> deliverables, but even so, there are still many projects that produce very
>> little and are called projects. Like once Josh said, we should not confuse
>> concepts or ideas and call them projects.
>> I also like the idea of small events based on different regions that are
>> more accessible for project leaders in different regions and time zones.
>> On Sun, Jun 28, 2015 at 2:16 PM, Eoin Keary <eoin.keary at owasp.org> wrote:
>>> Spot on Tobias.
>>> A breakdown of the 100k would be a first step. Do we need 100k or
>>> more/less?
>>> I'm happy to help with this given my decent track record with flagship
>>> projects.
>>> I'd still suggest having more than 1 summit and having them more
>>> frequent globally as projects may need a summit event at different times. -
>>> more frequent and smaller events.
>>> Eoin Keary
>>> OWASP Volunteer
>>> @eoinkeary
>>> On 28 Jun 2015, at 21:00, Tobias <tobias.gondrom at owasp.org> wrote:
>>> I agree. And big thanks to all the interest and voluntary announced
>>> contributions.
>>> It will be great see all this come to fruition.
>>> And I believe it will also be good to see some basic plan for this to
>>> see how much money we like to spend and how. Some more details down the
>>> road will also help motivate chapters and sponsors even more.
>>> Best regards, Tobias
>>> Ps.: Small addition: if people feel that a committee is too complicated,
>>> we could also handle this as an "initiative". Whatever works best for the
>>> team.
>>> On 28/06/15 19:35, Josh Sokol wrote:
>>>  It's great to see a discussion already happening around this.  For
>>> context, this was something that Dinis, Andrew, Mark, and I talked about on
>>> the OWASP Podcast that we recorded last Friday.  It was an "initiative"
>>> that Dinis suggested as a way to encourage Chapters and Projects to donate
>>> some of their "ring-fenced" account money and further the OWASP mission.
>>> With Tom already offering a $10k donation from the OWASP NJ Chapter, it
>>> looks like we could pretty easily raise the $100k that Dinis suggests and
>>> then some.  I believe that the Board would be in full support of this
>>> initiative.  What I would propose is that those interested should establish
>>> a new "OWASP Project Summit Committee" under the new Committees 2.0 model (
>>> http://owasp.blogspot.com/2014/07/owasp-committees-20.html).  The first
>>> step in this process is for a community member to propose the new committee
>>> here on the Leaders List stating their rationale and desired scope for
>>> creating a new committee.  Basically, we need someone to step up to lead
>>> the initial effort of scoping what this committee will be responsible for
>>> doing.  Once we have that, the Board will determine if there is an existing
>>> conflict (I doubt it) and then will initiate a public call for people
>>> interested in membership.  By creating a committee for this initiative, we
>>> are empowering those committee members to take action as defined in the
>>> scope and spend money as allocated by the budget.  Is there someone who
>>> would like to take lead on forming the committee?
>>>  ~josh
>>> On Fri, Jun 26, 2015 at 5:06 PM, Dinis Cruz <dinis.cruz at owasp.org>
>>> wrote:
>>>> And then ask for a a team or OWASP leaders to lead that effort.
>>>>  Josh and Andrew can provide more details on the context of this
>>>> request
>>>>  Dinis
>>>> _______________________________________________
>>>> OWASP-Leaders mailing list
>>>> OWASP-Leaders at lists.owasp.org
>>>> https://lists.owasp.org/mailman/listinfo/owasp-leaders
>>> _______________________________________________
>>> OWASP-Leaders mailing listOWASP-Leaders at lists.owasp.orghttps://lists.owasp.org/mailman/listinfo/owasp-leaders
>>> _______________________________________________
>>> OWASP-Leaders mailing list
>>> OWASP-Leaders at lists.owasp.org
>>> https://lists.owasp.org/mailman/listinfo/owasp-leaders
>>> _______________________________________________
>>> OWASP-Leaders mailing list
>>> OWASP-Leaders at lists.owasp.org
>>> https://lists.owasp.org/mailman/listinfo/owasp-leaders
>> _______________________________________________
>> OWASP-Leaders mailing list
>> OWASP-Leaders at lists.owasp.org
>> https://lists.owasp.org/mailman/listinfo/owasp-leaders
> _______________________________________________
> OWASP-Leaders mailing list
> OWASP-Leaders at lists.owasp.org
> https://lists.owasp.org/mailman/listinfo/owasp-leaders

*Mark Miller, Senior Storyteller*
*Curator and Founder, Trusted Software Alliance*

*Host and Executive Producer, OWASP 24/7 Podcast ChannelCommunity Advocate,

*Developers and Application Security: Who is Responsible?*
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/owasp-leaders/attachments/20150629/ee0c57d1/attachment-0001.html>

More information about the OWASP-Leaders mailing list