[Owasp-leaders] New approach to OWAPS projects

johanna curiel curiel johanna.curiel at owasp.org
Wed May 11 11:04:15 UTC 2016


>>But I still think the Flagship / Labs / Incubator classification is
really useful, especially for those people outside of OWASP who want to
know which projects they should start with.

We keep this. The idea is to have the technical senior project coordinator
+ project coordinator maintain Openhub and to take those evaluations
and verify the information from the CII Badge Criteria or Self-abasement
questionnaire

The reviews are published as I did here:
https://github.com/jowasp/review-features/blob/master/example_review.md

and we ask the community to review them too and provide 'ratings' in Open
hub
https://www.openhub.net/p/zaproxy/reviews/summary

A project should fulfil indicators to get support. But we stop try
measuring Quality because I don't think thats feasible.

On Wed, May 11, 2016 at 6:56 AM, psiinon <psiinon at gmail.com> wrote:

> I'm good with all of that.
>
> But I still think the Flagship / Labs / Incubator classification is really
> useful, especially for those people outside of OWASP who want to know which
> projects they should start with.
> How to we manage the promotion and demotion of projects?
> I dont think self certification will work here :/
>
> Cheers,
>
> Simon
>
> On Wed, May 11, 2016 at 11:26 AM, johanna curiel curiel <
> johanna.curiel at owasp.org> wrote:
>
>> Project leaders,
>>
>> I think OWASP has failed multiple times to do a project assessments.
>>
>> This task has not been easy for anyone. Not in 2009 for the Global
>> Committee lead by Jason Li, Neither for Samantha in 2013 and the project
>> advisers(I was one of them) , not now.
>>
>> Instead a new realistic approach to projects should be introduced
>>
>>    - We already measure projects 'activity'
>>    <https://www.openhub.net/p/zaproxy> using open hub (as long as we
>>    keep on configuring this properly and maintaining but is simple)
>>    - We could allow projects self asses wether  based on CII criteria or
>>    an indicators through self assessment form like this one
>>    <https://docs.google.com/a/owasp.org/forms/d/1fRL5Kg2vOWX3L6m2RDB0my3CS_WM9a95v-7b0ZFWzaY/edit?usp=sharing_eid&ts=56bdef81>
>>    - We can use the results of self-assesment to evaluate as indicators
>>    for providing sponsorship and support
>>
>> *For this part we don't need a team of specialist or reviewers. This
>> could be published  and allow the community to  provide a rating star
>> though Openhub (yes you can rate projects on Openhub!):*
>> *https://www.openhub.net/p/zaproxy/reviews/new
>> <https://www.openhub.net/p/zaproxy/reviews/new>*
>>
>> Measure the 'quality' of a project is not simple. We don't have a team
>> for this.
>>
>> Instead we should empower:
>>
>>    - Measure activity and indicators to allow projects use OWASP
>>    platform (Chapters and Conferences) to market projects
>>    - Empower the community to rate projects on Openhub:
>>    https://www.openhub.net/p/zaproxy/reviews/new
>>    - Provide sponsorship and support projects after they requested help.
>>    Such as run Bounty programs now that we have this platform available.
>>    - sponsor traveling cost for leaders to talk at  OWAPS conferences
>>
>> Place focus on supporting projects instead of regulating what you can't.
>>
>>
>> --
>> Johanna Curiel
>> OWASP Volunteer
>>
>> _______________________________________________
>> OWASP-Leaders mailing list
>> OWASP-Leaders at lists.owasp.org
>> https://lists.owasp.org/mailman/listinfo/owasp-leaders
>>
>>
>
>
> --
> OWASP ZAP <https://www.owasp.org/index.php/ZAP> Project leader
>



-- 
Johanna Curiel
OWASP Volunteer
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/owasp-leaders/attachments/20160511/def455d7/attachment.html>


More information about the OWASP-Leaders mailing list