[Owasp-leaders] New approach to OWAPS projects
johanna curiel curiel
johanna.curiel at owasp.org
Wed May 11 15:04:11 UTC 2016
For the clarification to everyone:
I'm not involve in project reviews I just want to provide my point of view
based on past experience with Project Reviews.
I'm a concerned project leader.
I think we don't want to keep doing the same mistakes over again, I hope
whoever team/volunteers are now in charge of Project reviews should
communicate this with Project leaders.
On Wed, May 11, 2016 at 10:38 AM, johanna curiel curiel <
johanna.curiel at owasp.org> wrote:
> Hi Elizabeth
> >>We need a global survey about the OWASP project assessment to consider
> changes based on data.
> Agree. we should create a proposal and let project leaders vote.
> Being some one highly involved in the so called project assessments at
> OWASP I can assure there ANY assessment done by a small group of
> individuals will be biased and also based on personal opinions.
> Also is not a simple problem to solved since the financial input to pay
> reviews will be quite costly and...in the for what purpose? If we spend
> more budget on assessing that supporting projects thats a very bad sign.
> OWAPS is no Apache nor Linux, we want to forster innovation and
> collaboration. Using the project levels is to indicate users the stage of a
> The approach we want to do here is to use a well defined criteria with
> high level of indicators as mentioned here to avoid that.Allow the
> community to vote.
> When the project leader must first self assess if he fulfils the criteria,
> it will make them aware of his projects strengths and weaknesses.
> We also measure already many indicators of maturity level through Openhub:
> Take a look of what open hub measures, including a COCOMO model of code
> If we have an internal staff such as the Senior technical project
> coordinator to verify the data
> The reviews are open and public for the community and they can provide
> I suggest to read carefully and eventually we can try explaining this
> better to clarify the purpose.
> Is not about a free for all but a practical approach to a problem that has
> been an issue since projects exist
> We want to involve the community of project leaders to define this
> But my whole point is to stop creating so called 'volunteer team of
> assessors' that most quit after a while and only a few stays to make
> reviews. That has not work before nor will work now.
> >>Additionally maybe we could have an excel about the current method and
> what gaps the community feel need to be looked into to ensure quality of
> the projects, so that in having a vote we have a more informed one .
> Thats the idea.
> On Wed, May 11, 2016 at 10:20 AM, Elizabeth Belousov <eliz.bel at icloud.com>
>> Eliminating the project assessment practices may lead to creating so
>> called “bubble projects” where the project ratings would depend on the
>> personal opinions and relationships, not on the value of a project. That
>> itself contradicts OWASP’s principles of openness.
>> If OWASP didn’t carry through the project assessment in the past, it is
>> NOT a sign of a permanent failure, there could be other contributing
>> factors: lack of financial and human resources; lack of established measure
>> of success (metrics, success indicators); cutting corners with the project
>> releases. Also, past failures don’t mean we should stop trying to make a
>> project review process better.
>> We need a global survey about the OWASP project assessment to consider
>> changes based on data.
>> *Liz Belousov*
>> Volunteer* | *OWASP Foundation
>> NYC chapter
>> On May 11, 2016, at 06:34 AM, johanna curiel curiel <
>> johanna.curiel at owasp.org> wrote:
>> Project leaders,
>> I think OWASP has failed multiple times to do a project assessments.
>> This task has not been easy for anyone. Not in 2009 for the Global
>> Committee lead by Jason Li, Neither for Samantha in 2013 and the project
>> advisers(I was one of them) , not now.
>> Instead a new realistic approach to projects should be introduced
>> - We already measure projects 'activity'
>> <https://www.openhub.net/p/zaproxy> using open hub (as long as we
>> keep on configuring this properly and maintaining but is simple)
>> - We could allow projects self asses wether based on CII criteria or
>> an indicators through self assessment form like this one
>> - We can use the results of self-assesment to evaluate as indicators
>> for providing sponsorship and support
>> *For this part we don't need a team of specialist or reviewers. This
>> could be published and allow the community to provide a rating star
>> though Openhub (yes you can rate projects on Openhub!):*
>> Measure the 'quality' of a project is not simple. We don't have a team
>> for this.
>> Instead we should empower:
>> - Measure activity and indicators to allow projects use OWASP
>> platform (Chapters and Conferences) to market projects
>> - Empower the community to rate projects on Openhub:
>> - Provide sponsorship and support projects after they requested help.
>> Such as run Bounty programs now that we have this platform available.
>> - sponsor traveling cost for leaders to talk at OWAPS conferences
>> Place focus on supporting projects instead of regulating what you can't.
>> Johanna Curiel
>> OWASP Volunteer
>> OWASP-Leaders mailing list
>> OWASP-Leaders at lists.owasp.org
> Johanna Curiel
> OWASP Volunteer
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the OWASP-Leaders