[Owasp-leaders] New approach to OWAPS projects

Seba seba at owasp.org
Wed May 11 13:39:50 UTC 2016


fine with me as well
bear in mind that not all projects are "code", but we do use github for SAMM
regards
Seba

On Wed, May 11, 2016 at 1:13 PM psiinon <psiinon at gmail.com> wrote:

> Sounds good to me :)
>
> On Wed, May 11, 2016 at 12:04 PM, johanna curiel curiel <
> johanna.curiel at owasp.org> wrote:
>
>> >>But I still think the Flagship / Labs / Incubator classification is
>> really useful, especially for those people outside of OWASP who want to
>> know which projects they should start with.
>>
>> We keep this. The idea is to have the technical senior project
>> coordinator + project coordinator maintain Openhub and to take those
>> evaluations and verify the information from the CII Badge Criteria or
>> Self-abasement questionnaire
>>
>> The reviews are published as I did here:
>> https://github.com/jowasp/review-features/blob/master/example_review.md
>>
>> and we ask the community to review them too and provide 'ratings' in Open
>> hub
>> https://www.openhub.net/p/zaproxy/reviews/summary
>>
>> A project should fulfil indicators to get support. But we stop try
>> measuring Quality because I don't think thats feasible.
>>
>> On Wed, May 11, 2016 at 6:56 AM, psiinon <psiinon at gmail.com> wrote:
>>
>>> I'm good with all of that.
>>>
>>> But I still think the Flagship / Labs / Incubator classification is
>>> really useful, especially for those people outside of OWASP who want to
>>> know which projects they should start with.
>>> How to we manage the promotion and demotion of projects?
>>> I dont think self certification will work here :/
>>>
>>> Cheers,
>>>
>>> Simon
>>>
>>> On Wed, May 11, 2016 at 11:26 AM, johanna curiel curiel <
>>> johanna.curiel at owasp.org> wrote:
>>>
>>>> Project leaders,
>>>>
>>>> I think OWASP has failed multiple times to do a project assessments.
>>>>
>>>> This task has not been easy for anyone. Not in 2009 for the Global
>>>> Committee lead by Jason Li, Neither for Samantha in 2013 and the project
>>>> advisers(I was one of them) , not now.
>>>>
>>>> Instead a new realistic approach to projects should be introduced
>>>>
>>>>    - We already measure projects 'activity'
>>>>    <https://www.openhub.net/p/zaproxy> using open hub (as long as we
>>>>    keep on configuring this properly and maintaining but is simple)
>>>>    - We could allow projects self asses wether  based on CII criteria
>>>>    or an indicators through self assessment form like this one
>>>>    <https://docs.google.com/a/owasp.org/forms/d/1fRL5Kg2vOWX3L6m2RDB0my3CS_WM9a95v-7b0ZFWzaY/edit?usp=sharing_eid&ts=56bdef81>
>>>>    - We can use the results of self-assesment to evaluate as
>>>>    indicators for providing sponsorship and support
>>>>
>>>> *For this part we don't need a team of specialist or reviewers. This
>>>> could be published  and allow the community to  provide a rating star
>>>> though Openhub (yes you can rate projects on Openhub!):*
>>>> *https://www.openhub.net/p/zaproxy/reviews/new
>>>> <https://www.openhub.net/p/zaproxy/reviews/new>*
>>>>
>>>> Measure the 'quality' of a project is not simple. We don't have a team
>>>> for this.
>>>>
>>>> Instead we should empower:
>>>>
>>>>    - Measure activity and indicators to allow projects use OWASP
>>>>    platform (Chapters and Conferences) to market projects
>>>>    - Empower the community to rate projects on Openhub:
>>>>    https://www.openhub.net/p/zaproxy/reviews/new
>>>>    - Provide sponsorship and support projects after they requested
>>>>    help. Such as run Bounty programs now that we have this platform available.
>>>>    - sponsor traveling cost for leaders to talk at  OWAPS conferences
>>>>
>>>> Place focus on supporting projects instead of regulating what you can't.
>>>>
>>>>
>>>> --
>>>> Johanna Curiel
>>>> OWASP Volunteer
>>>>
>>>> _______________________________________________
>>>> OWASP-Leaders mailing list
>>>> OWASP-Leaders at lists.owasp.org
>>>> https://lists.owasp.org/mailman/listinfo/owasp-leaders
>>>>
>>>>
>>>
>>>
>>> --
>>> OWASP ZAP <https://www.owasp.org/index.php/ZAP> Project leader
>>>
>>
>>
>>
>> --
>> Johanna Curiel
>> OWASP Volunteer
>>
>
>
>
> --
> OWASP ZAP <https://www.owasp.org/index.php/ZAP> Project leader
> _______________________________________________
> OWASP-Leaders mailing list
> OWASP-Leaders at lists.owasp.org
> https://lists.owasp.org/mailman/listinfo/owasp-leaders
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/owasp-leaders/attachments/20160511/8bc86d1f/attachment-0001.html>


More information about the OWASP-Leaders mailing list