[Owasp-leaders] New approach to OWAPS projects

Elizabeth Belousov eliz.bel at icloud.com
Wed May 11 14:20:48 UTC 2016


Eliminating the project assessment practices may lead to creating so called “bubble projects” where the project ratings would depend on the personal opinions and relationships, not on the value of a project. That itself contradicts OWASP’s principles of openness.

 

If OWASP didn’t carry through the project assessment in the past, it is NOT a sign of a permanent failure, there could be other contributing factors: lack of financial and human resources; lack of established measure of success (metrics, success indicators); cutting corners with the project releases. Also, past failures don’t mean we should stop trying to make a project review process better.

We need a global survey about the OWASP project assessment to consider changes based on data.




Regards,


Liz Belousov
Volunteer | OWASP Foundation
NYC chapter


On May 11, 2016, at 06:34 AM, johanna curiel curiel <johanna.curiel at owasp.org> wrote:


Project leaders,


I think OWASP has failed multiple times to do a project assessments.


This task has not been easy for anyone. Not in 2009 for the Global Committee lead by Jason Li, Neither for Samantha in 2013 and the project advisers(I was one of them) , not now.


Instead a new realistic approach to projects should be introduced
We already measure projects 'activity' using open hub (as long as we keep on configuring this properly and maintaining but is simple)
We could allow projects self asses wether  based on CII criteria or an indicators through self assessment form like this one

We can use the results of self-assesment to evaluate as indicators for providing sponsorship and support
For this part we don't need a team of specialist or reviewers. This could be published  and allow the community to  provide a rating star though Openhub (yes you can rate projects on Openhub!):
https://www.openhub.net/p/zaproxy/reviews/new



Measure the 'quality' of a project is not simple. We don't have a team for this. 


Instead we should empower:
Measure activity and indicators to allow projects use OWASP platform (Chapters and Conferences) to market projects

Empower the community to rate projects on Openhub:https://www.openhub.net/p/zaproxy/reviews/new

Provide sponsorship and support projects after they requested help. Such as run Bounty programs now that we have this platform available. 

sponsor traveling cost for leaders to talk at  OWAPS conferences
Place focus on supporting projects instead of regulating what you can't.





--

Johanna Curiel 
OWASP Volunteer
_______________________________________________
OWASP-Leaders mailing list
OWASP-Leaders at lists.owasp.org
https://lists.owasp.org/mailman/listinfo/owasp-leaders
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/owasp-leaders/attachments/20160511/f06be7ae/attachment-0001.html>


More information about the OWASP-Leaders mailing list