[Owasp-leaders] Request for OWASP board to approves 100K for a project Summit in 2016

Mark Miller mark.miller at owasp.org
Mon Jun 29 18:44:40 UTC 2015

The full interview with Josh, Andrew and Dinis is now available as an OWASP
24/7 Podcast: OWASP Project Funding
w/ Josh Sokol, Dinis Cruz and Andrew van der Stock. I hope you find it
helpful to further this discussion. -- Mark

On Mon, Jun 29, 2015 at 1:35 PM, johanna curiel curiel <
johanna.curiel at owasp.org> wrote:

> >Unsure how to govern this but setting up an empty wiki and not having any
> activity for a time after is not a project? Unsure we should fund such
> empty vessels :)
> No empty vessel, no empty wikis is the motto and has been after the latest
> big clean up since 2 years ago. After so many called 'projects' that
> were empty(more than 90), we have set as rule that a project must
> deliver something based on their road-map, based on the time line provided
> by its road-map. We evaluate the project based on the criteria we published
> 2 years ago  and communicate with the project leader. There is no purpose
> or advantage to have an empty wiki or poor content when potential OWASP
> users look at your project. We try to focus on a minimum quality because
> this goes along with OWASP reputation.
> @Mike:
> All projects, including incubators have the opportunity to go. Last Summit
> KBA-PMP applied to assist the summit @EU, which is an incubator and they
> were there , but KBA has been working on its deliverable and are quite
> active with meetings and research.
> I do not recall you sent me an agenda.
> Keep in mind that the Summit is about sharing with other leaders but is
> more about getting things done for your own project. So the question is :
> What do you want to achieve during those 2 days, what are your targets and
> what is your purpose and goals for assisting?
> ZAP will not be at this summit so ,(and btw Simon was fully sponsored by
> his employer as there are others such Appsensor)
> You want to participate  just like anyone:
>    - Create an agenda, send it to me
>    - I publish it on the Task force mailing list, we evaluate the
>    project. I know that already Timo did a quick review.
>    - Describe What do you want to get done during this period
>    - We evaluate your project to see how far you are regarding the
>    road-map and maturity level
>    - We evaluate your proposal and based on this you get the opportunity
> Budget is tight so first come first served based on the agenda and
> deliverable. Your project is quite new (June 2, 2015). So please bear with
> us also that the summit budget allocation is based on how much a project
> has delivered.
> If you have questions, please let us know
> regards
> Johanna
> On Mon, Jun 29, 2015 at 12:54 PM, Eoin Keary <eoin.keary at owasp.org> wrote:
>> Unsure how to govern this but setting up an empty wiki and not having any
>> activity for a time after is not a project? Unsure we should fund such
>> empty vessels :)
>> Eoin Keary
>> OWASP Volunteer
>> @eoinkeary
>> On 29 Jun 2015, at 18:41, Mike Goodwin <mike.goodwin at owasp.org> wrote:
>> Hello all,
>> I agree that we want to encourage activity and forward progress on
>> projects, but does that mean that a summit should only be for established
>> projects that have delivered already? I am just in the process of starting
>> a new OWASP project - I'm waiting anxiously for its approval by the Project
>> Task Force. I'm the sole contributor at the moment,  but I am active on it,
>> it has regular code checkins and there is a working prototype that is
>> moving forward with a clear goal (it is
>> https://www.owasp.org/index.php/OWASP_Threat_Dragon for anyone that want
>> to take a look).
>> I would benefit a lot from the experience of other project leaders both
>> directly in terms of their opinion on the project and indirectly in terms
>> of how to promote a project and build its visibility and eventually its
>> user base. I'd love it to be the next ZAP! The time I need that support
>> most is now, at the start of the project, rather than once its already
>> succeeded. Or maybe to put it another way, I need a different type of
>> support as the leader of an incubator compared to the leaders of flagship
>> projects.
>> I appreciate that this is a tricky issue. Many organisations and
>> businesses suffer from the inability to end projects that have no chance of
>> furthering their mission. Given that our projects are volunteer-led, this
>> will be even more difficult for us. However, the best companies are the
>> ones that can judge where to focus their efforts, keeping a balanced
>> portfolio of established products alongside early stage ones. This is an
>> extension inn some ways of the the "risk taking in NFPs" discussion that
>> Diniz Cruz raised.
>> I'm not sure what the answer is, but I'm pretty sure that I could benefit
>> from the experience of meeting and talking with people who have already
>> turned incubator projects into flagships ones.
>> Thoughts and comments welcome!
>> Mike
>> On 28 June 2015 at 19:33, johanna curiel curiel <johanna.curiel at owasp.org
>> > wrote:
>>> 100K can allow us to involve more projects but I believe in regulations.
>>> After having review so many projects, there are many people that were
>>> starting a project with no content and after a year or 2, an empty wiki
>>> page has hanging with the title project, but there was no project content
>>> to be found.
>>> I don't think we want to sponsor this kind of behaviour.
>>> We want to sponsor and support those projects that are working hard to
>>> get things done. Recession period is not the point here. It's about
>>> starting a project in a wiki page that never comes with a deliverable. But
>>> lets also consider that if a project has been inactive for more than 3
>>> years and suddenly a project leader wants to 'revive the project', the
>>> summit should not be used as a kind of paid vacation and 'by the way'
>>> participate in the summit.
>>> Thats why we need some kind of rules for participation and regulation to
>>> avoid abuses.
>>> I think we need to make clear that anyone that wants to make use of
>>> funds for summits, have to produce a clear deliverable that contributes to
>>> their project. That's why now, our rules for starting projects must have
>>> some deliverables, but even so, there are still many projects that produce
>>> very little and are called projects. Like once Josh said, we should not
>>> confuse concepts or ideas and call them projects.
>>> I also like the idea of small events based on different regions that are
>>> more accessible for project leaders in different regions and time zones.
>>> On Sun, Jun 28, 2015 at 2:16 PM, Eoin Keary <eoin.keary at owasp.org>
>>> wrote:
>>>> Spot on Tobias.
>>>> A breakdown of the 100k would be a first step. Do we need 100k or
>>>> more/less?
>>>> I'm happy to help with this given my decent track record with flagship
>>>> projects.
>>>> I'd still suggest having more than 1 summit and having them more
>>>> frequent globally as projects may need a summit event at different times. -
>>>> more frequent and smaller events.
>>>> Eoin Keary
>>>> OWASP Volunteer
>>>> @eoinkeary
>>>> On 28 Jun 2015, at 21:00, Tobias <tobias.gondrom at owasp.org> wrote:
>>>> I agree. And big thanks to all the interest and voluntary announced
>>>> contributions.
>>>> It will be great see all this come to fruition.
>>>> And I believe it will also be good to see some basic plan for this to
>>>> see how much money we like to spend and how. Some more details down the
>>>> road will also help motivate chapters and sponsors even more.
>>>> Best regards, Tobias
>>>> Ps.: Small addition: if people feel that a committee is too
>>>> complicated, we could also handle this as an "initiative". Whatever works
>>>> best for the team.
>>>> On 28/06/15 19:35, Josh Sokol wrote:
>>>>  It's great to see a discussion already happening around this.  For
>>>> context, this was something that Dinis, Andrew, Mark, and I talked about on
>>>> the OWASP Podcast that we recorded last Friday.  It was an "initiative"
>>>> that Dinis suggested as a way to encourage Chapters and Projects to donate
>>>> some of their "ring-fenced" account money and further the OWASP mission.
>>>> With Tom already offering a $10k donation from the OWASP NJ Chapter, it
>>>> looks like we could pretty easily raise the $100k that Dinis suggests and
>>>> then some.  I believe that the Board would be in full support of this
>>>> initiative.  What I would propose is that those interested should establish
>>>> a new "OWASP Project Summit Committee" under the new Committees 2.0 model (
>>>> http://owasp.blogspot.com/2014/07/owasp-committees-20.html).  The
>>>> first step in this process is for a community member to propose the new
>>>> committee here on the Leaders List stating their rationale and desired
>>>> scope for creating a new committee.  Basically, we need someone to step up
>>>> to lead the initial effort of scoping what this committee will be
>>>> responsible for doing.  Once we have that, the Board will determine if
>>>> there is an existing conflict (I doubt it) and then will initiate a public
>>>> call for people interested in membership.  By creating a committee for this
>>>> initiative, we are empowering those committee members to take action as
>>>> defined in the scope and spend money as allocated by the budget.  Is there
>>>> someone who would like to take lead on forming the committee?
>>>>  ~josh
>>>> On Fri, Jun 26, 2015 at 5:06 PM, Dinis Cruz <dinis.cruz at owasp.org>
>>>> wrote:
>>>>> And then ask for a a team or OWASP leaders to lead that effort.
>>>>>  Josh and Andrew can provide more details on the context of this
>>>>> request
>>>>>  Dinis
>>>>> _______________________________________________
>>>>> OWASP-Leaders mailing list
>>>>> OWASP-Leaders at lists.owasp.org
>>>>> https://lists.owasp.org/mailman/listinfo/owasp-leaders
>>>> _______________________________________________
>>>> OWASP-Leaders mailing listOWASP-Leaders at lists.owasp.orghttps://lists.owasp.org/mailman/listinfo/owasp-leaders
>>>> _______________________________________________
>>>> OWASP-Leaders mailing list
>>>> OWASP-Leaders at lists.owasp.org
>>>> https://lists.owasp.org/mailman/listinfo/owasp-leaders
>>>> _______________________________________________
>>>> OWASP-Leaders mailing list
>>>> OWASP-Leaders at lists.owasp.org
>>>> https://lists.owasp.org/mailman/listinfo/owasp-leaders
>>> _______________________________________________
>>> OWASP-Leaders mailing list
>>> OWASP-Leaders at lists.owasp.org
>>> https://lists.owasp.org/mailman/listinfo/owasp-leaders
> _______________________________________________
> OWASP-Leaders mailing list
> OWASP-Leaders at lists.owasp.org
> https://lists.owasp.org/mailman/listinfo/owasp-leaders

*Mark Miller, Senior Storyteller*
*Curator and Founder, Trusted Software Alliance*

*Host and Executive Producer, OWASP 24/7 Podcast ChannelCommunity Advocate,

*Developers and Application Security: Who is Responsible?*
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/owasp-leaders/attachments/20150629/12681c96/attachment-0001.html>

More information about the OWASP-Leaders mailing list