[Owasp-leaders] Request for OWASP board to approves 100K for a project Summit in 2016
mark.miller at owasp.org
Mon Jun 29 16:07:05 UTC 2015
I am editing the full OWASP 24/7 interview that Dinis, Andrew, Josh and I
had last Friday regarding the summit. It is my priority project for the
day, so I have full intentions of making it available within the next few
hours. Stay tuned....
On Mon, Jun 29, 2015 at 11:41 AM, Mike Goodwin <mike.goodwin at owasp.org>
> Hello all,
> I agree that we want to encourage activity and forward progress on
> projects, but does that mean that a summit should only be for established
> projects that have delivered already? I am just in the process of starting
> a new OWASP project - I'm waiting anxiously for its approval by the Project
> Task Force. I'm the sole contributor at the moment, but I am active on it,
> it has regular code checkins and there is a working prototype that is
> moving forward with a clear goal (it is
> https://www.owasp.org/index.php/OWASP_Threat_Dragon for anyone that want
> to take a look).
> I would benefit a lot from the experience of other project leaders both
> directly in terms of their opinion on the project and indirectly in terms
> of how to promote a project and build its visibility and eventually its
> user base. I'd love it to be the next ZAP! The time I need that support
> most is now, at the start of the project, rather than once its already
> succeeded. Or maybe to put it another way, I need a different type of
> support as the leader of an incubator compared to the leaders of flagship
> I appreciate that this is a tricky issue. Many organisations and
> businesses suffer from the inability to end projects that have no chance of
> furthering their mission. Given that our projects are volunteer-led, this
> will be even more difficult for us. However, the best companies are the
> ones that can judge where to focus their efforts, keeping a balanced
> portfolio of established products alongside early stage ones. This is an
> extension inn some ways of the the "risk taking in NFPs" discussion that
> Diniz Cruz raised.
> I'm not sure what the answer is, but I'm pretty sure that I could benefit
> from the experience of meeting and talking with people who have already
> turned incubator projects into flagships ones.
> Thoughts and comments welcome!
> On 28 June 2015 at 19:33, johanna curiel curiel <johanna.curiel at owasp.org>
>> 100K can allow us to involve more projects but I believe in regulations.
>> After having review so many projects, there are many people that were
>> starting a project with no content and after a year or 2, an empty wiki
>> page has hanging with the title project, but there was no project content
>> to be found.
>> I don't think we want to sponsor this kind of behaviour.
>> We want to sponsor and support those projects that are working hard to
>> get things done. Recession period is not the point here. It's about
>> starting a project in a wiki page that never comes with a deliverable. But
>> lets also consider that if a project has been inactive for more than 3
>> years and suddenly a project leader wants to 'revive the project', the
>> summit should not be used as a kind of paid vacation and 'by the way'
>> participate in the summit.
>> Thats why we need some kind of rules for participation and regulation to
>> avoid abuses.
>> I think we need to make clear that anyone that wants to make use of funds
>> for summits, have to produce a clear deliverable that contributes to their
>> project. That's why now, our rules for starting projects must have some
>> deliverables, but even so, there are still many projects that produce very
>> little and are called projects. Like once Josh said, we should not confuse
>> concepts or ideas and call them projects.
>> I also like the idea of small events based on different regions that are
>> more accessible for project leaders in different regions and time zones.
>> On Sun, Jun 28, 2015 at 2:16 PM, Eoin Keary <eoin.keary at owasp.org> wrote:
>>> Spot on Tobias.
>>> A breakdown of the 100k would be a first step. Do we need 100k or
>>> I'm happy to help with this given my decent track record with flagship
>>> I'd still suggest having more than 1 summit and having them more
>>> frequent globally as projects may need a summit event at different times. -
>>> more frequent and smaller events.
>>> Eoin Keary
>>> OWASP Volunteer
>>> On 28 Jun 2015, at 21:00, Tobias <tobias.gondrom at owasp.org> wrote:
>>> I agree. And big thanks to all the interest and voluntary announced
>>> It will be great see all this come to fruition.
>>> And I believe it will also be good to see some basic plan for this to
>>> see how much money we like to spend and how. Some more details down the
>>> road will also help motivate chapters and sponsors even more.
>>> Best regards, Tobias
>>> Ps.: Small addition: if people feel that a committee is too complicated,
>>> we could also handle this as an "initiative". Whatever works best for the
>>> On 28/06/15 19:35, Josh Sokol wrote:
>>> It's great to see a discussion already happening around this. For
>>> context, this was something that Dinis, Andrew, Mark, and I talked about on
>>> the OWASP Podcast that we recorded last Friday. It was an "initiative"
>>> that Dinis suggested as a way to encourage Chapters and Projects to donate
>>> some of their "ring-fenced" account money and further the OWASP mission.
>>> With Tom already offering a $10k donation from the OWASP NJ Chapter, it
>>> looks like we could pretty easily raise the $100k that Dinis suggests and
>>> then some. I believe that the Board would be in full support of this
>>> initiative. What I would propose is that those interested should establish
>>> a new "OWASP Project Summit Committee" under the new Committees 2.0 model (
>>> http://owasp.blogspot.com/2014/07/owasp-committees-20.html). The first
>>> step in this process is for a community member to propose the new committee
>>> here on the Leaders List stating their rationale and desired scope for
>>> creating a new committee. Basically, we need someone to step up to lead
>>> the initial effort of scoping what this committee will be responsible for
>>> doing. Once we have that, the Board will determine if there is an existing
>>> conflict (I doubt it) and then will initiate a public call for people
>>> interested in membership. By creating a committee for this initiative, we
>>> are empowering those committee members to take action as defined in the
>>> scope and spend money as allocated by the budget. Is there someone who
>>> would like to take lead on forming the committee?
>>> On Fri, Jun 26, 2015 at 5:06 PM, Dinis Cruz <dinis.cruz at owasp.org>
>>>> And then ask for a a team or OWASP leaders to lead that effort.
>>>> Josh and Andrew can provide more details on the context of this
>>>> OWASP-Leaders mailing list
>>>> OWASP-Leaders at lists.owasp.org
>>> OWASP-Leaders mailing listOWASP-Leaders at lists.owasp.orghttps://lists.owasp.org/mailman/listinfo/owasp-leaders
>>> OWASP-Leaders mailing list
>>> OWASP-Leaders at lists.owasp.org
>>> OWASP-Leaders mailing list
>>> OWASP-Leaders at lists.owasp.org
>> OWASP-Leaders mailing list
>> OWASP-Leaders at lists.owasp.org
> OWASP-Leaders mailing list
> OWASP-Leaders at lists.owasp.org
*Mark Miller, Senior Storyteller*
*Curator and Founder, Trusted Software Alliance*
*Host and Executive Producer, OWASP 24/7 Podcast ChannelCommunity Advocate,
*Developers and Application Security: Who is Responsible?*
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the OWASP-Leaders