[Owasp-leaders] New approach to OWAPS projects

johanna curiel curiel johanna.curiel at owasp.org
Wed May 11 13:55:10 UTC 2016


+Seba

Check this example review for criteria for a Document:
https://github.com/jowasp/review-features/blob/master/example_review_doc.md

No repository is obligatory but at least versioning of the document and
type of release well.


On Wed, May 11, 2016 at 9:39 AM, Seba <seba at owasp.org> wrote:

> fine with me as well
> bear in mind that not all projects are "code", but we do use github for
> SAMM
> regards
> Seba
>
> On Wed, May 11, 2016 at 1:13 PM psiinon <psiinon at gmail.com> wrote:
>
>> Sounds good to me :)
>>
>> On Wed, May 11, 2016 at 12:04 PM, johanna curiel curiel <
>> johanna.curiel at owasp.org> wrote:
>>
>>> >>But I still think the Flagship / Labs / Incubator classification is
>>> really useful, especially for those people outside of OWASP who want to
>>> know which projects they should start with.
>>>
>>> We keep this. The idea is to have the technical senior project
>>> coordinator + project coordinator maintain Openhub and to take those
>>> evaluations and verify the information from the CII Badge Criteria or
>>> Self-abasement questionnaire
>>>
>>> The reviews are published as I did here:
>>> https://github.com/jowasp/review-features/blob/master/example_review.md
>>>
>>> and we ask the community to review them too and provide 'ratings' in
>>> Open hub
>>> https://www.openhub.net/p/zaproxy/reviews/summary
>>>
>>> A project should fulfil indicators to get support. But we stop try
>>> measuring Quality because I don't think thats feasible.
>>>
>>> On Wed, May 11, 2016 at 6:56 AM, psiinon <psiinon at gmail.com> wrote:
>>>
>>>> I'm good with all of that.
>>>>
>>>> But I still think the Flagship / Labs / Incubator classification is
>>>> really useful, especially for those people outside of OWASP who want to
>>>> know which projects they should start with.
>>>> How to we manage the promotion and demotion of projects?
>>>> I dont think self certification will work here :/
>>>>
>>>> Cheers,
>>>>
>>>> Simon
>>>>
>>>> On Wed, May 11, 2016 at 11:26 AM, johanna curiel curiel <
>>>> johanna.curiel at owasp.org> wrote:
>>>>
>>>>> Project leaders,
>>>>>
>>>>> I think OWASP has failed multiple times to do a project assessments.
>>>>>
>>>>> This task has not been easy for anyone. Not in 2009 for the Global
>>>>> Committee lead by Jason Li, Neither for Samantha in 2013 and the project
>>>>> advisers(I was one of them) , not now.
>>>>>
>>>>> Instead a new realistic approach to projects should be introduced
>>>>>
>>>>>    - We already measure projects 'activity'
>>>>>    <https://www.openhub.net/p/zaproxy> using open hub (as long as we
>>>>>    keep on configuring this properly and maintaining but is simple)
>>>>>    - We could allow projects self asses wether  based on CII criteria
>>>>>    or an indicators through self assessment form like this one
>>>>>    <https://docs.google.com/a/owasp.org/forms/d/1fRL5Kg2vOWX3L6m2RDB0my3CS_WM9a95v-7b0ZFWzaY/edit?usp=sharing_eid&ts=56bdef81>
>>>>>    - We can use the results of self-assesment to evaluate as
>>>>>    indicators for providing sponsorship and support
>>>>>
>>>>> *For this part we don't need a team of specialist or reviewers. This
>>>>> could be published  and allow the community to  provide a rating star
>>>>> though Openhub (yes you can rate projects on Openhub!):*
>>>>> *https://www.openhub.net/p/zaproxy/reviews/new
>>>>> <https://www.openhub.net/p/zaproxy/reviews/new>*
>>>>>
>>>>> Measure the 'quality' of a project is not simple. We don't have a team
>>>>> for this.
>>>>>
>>>>> Instead we should empower:
>>>>>
>>>>>    - Measure activity and indicators to allow projects use OWASP
>>>>>    platform (Chapters and Conferences) to market projects
>>>>>    - Empower the community to rate projects on Openhub:
>>>>>    https://www.openhub.net/p/zaproxy/reviews/new
>>>>>    - Provide sponsorship and support projects after they requested
>>>>>    help. Such as run Bounty programs now that we have this platform available.
>>>>>    - sponsor traveling cost for leaders to talk at  OWAPS conferences
>>>>>
>>>>> Place focus on supporting projects instead of regulating what you
>>>>> can't.
>>>>>
>>>>>
>>>>> --
>>>>> Johanna Curiel
>>>>> OWASP Volunteer
>>>>>
>>>>> _______________________________________________
>>>>> OWASP-Leaders mailing list
>>>>> OWASP-Leaders at lists.owasp.org
>>>>> https://lists.owasp.org/mailman/listinfo/owasp-leaders
>>>>>
>>>>>
>>>>
>>>>
>>>> --
>>>> OWASP ZAP <https://www.owasp.org/index.php/ZAP> Project leader
>>>>
>>>
>>>
>>>
>>> --
>>> Johanna Curiel
>>> OWASP Volunteer
>>>
>>
>>
>>
>> --
>> OWASP ZAP <https://www.owasp.org/index.php/ZAP> Project leader
>> _______________________________________________
>> OWASP-Leaders mailing list
>> OWASP-Leaders at lists.owasp.org
>> https://lists.owasp.org/mailman/listinfo/owasp-leaders
>>
>


-- 
Johanna Curiel
OWASP Volunteer
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/owasp-leaders/attachments/20160511/ae533421/attachment.html>


More information about the OWASP-Leaders mailing list