[Owasp-leaders] The Only Thing That Is Constant Is Change

johanna curiel curiel johanna.curiel at owasp.org
Sat May 7 16:07:22 UTC 2016


CII Badge criteria is a heavy set of checklist to control that an open
source project complies with certain norms in different fields such as
proper development and security

Being someone who has looked closely most projects code and development
process, I can tell with confidence , most, including those labeled as
flagship , won't be able to comply with these norms

Right now I think OWASP needs to set focus on developing a better platform
to attract developers, volunteers and project leaders, motivating them to
produce quality projects.

A volunteer program and platform that can help match volunteers with
initiatives and projects.

Producing a quality project like ZAP needs dedication and resources
including a deep commitment to make it work. ZAP project leader and
volunteers work 100% on ZAP, this is by no means a 'hobby' or side
project.Even so ZAP is right now 92% compliant with the CII criteria and
still needs to work on it.

Most project leaders are doing this as side-hobby projects and in this way
, we will never be able to pull off projects compliant with CII
criteria.Most are lonely leaders building their projects when they have
time and once in a while they have the collaboration of contributors.

So we need to be realistic and be careful not to impose projects a criteria
or process they will never be able to fulfill without the right platform
and incentives.

As I mentioned before I strongly recommend to focus on creating and
building a volunteer program and really think through how to attract and
retain volunteers, create initiatives that can help produce quality
projects and work with those project leaders looking for help.

Collaboration and support is the key for creating meaningful and lasting
open source projects.



On Sat, May 7, 2016 at 10:16 AM, Tom Brennan - OWASP <tomb at owasp.org> wrote:

> "The stakes have never been higher for open-source software security. With
> millions of people around the world relying on open source software — and
> vulnerabilities like Heartbleed putting everyone at risk — it's time to
> change the way we support, protect, and fortify open software."
> Interesting article and project(s) now available
> http://www.linuxinsider.com/story/83463.html
> Why should OWASP code based projects not work together on this initiative
> in raising visibility for Software security, improving our project quality
> and management.
> Discussion, Debate, Agreement where do you stand on it OWASP Leaders?
> https://www.coreinfrastructure.org/programs
> Tom Brennan
> GPG ID: DC6AA149 | Fingerprint: 12A6 9978 45BB 1562 C921  B228 BD0F D9C6
> DC6A A
> OWASP Foundation | www.owasp.org
> Tel:  (m) 973-506-9304
> Need to book time with me to discuss an existing or a future project click
> on my virtual calendar http://www.proactiverisk.com/brennan
> The information contained in this message and any attachments may be
> privileged, confidential, proprietary or otherwise protected from
> disclosure. If you, the reader of this message, are not the intended
> recipient, you are hereby notified that any dissemination, distribution,
> copying or use of this message and any attachment is strictly prohibited.
> If you have received this message in error, please notify the sender
> immediately by replying to the message, permanently delete it from your
> computer and destroy any printout.
> _______________________________________________
> OWASP-Leaders mailing list
> OWASP-Leaders at lists.owasp.org
> https://lists.owasp.org/mailman/listinfo/owasp-leaders

Johanna Curiel
OWASP Volunteer
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/owasp-leaders/attachments/20160507/05c86dd9/attachment.html>

More information about the OWASP-Leaders mailing list