[Owasp-leaders] [Owasp-community] Request to the board - move these defender projects to LAB

Matt Tesauro matt.tesauro at owasp.org
Wed May 25 16:38:43 UTC 2016


Riccardo,

First, I'm as guilty as many of us here - I know SKF and think its
awesome.  Problem is I didn't share that fact with you.

Second, as someone who has had an active (and flagship for a while) OWASP
project since 2008, I'm going to tell you that the feedback rate will be
half of half of half of what you'd like to see.  When OWASP WTE was still
the OWASP Live CD back around 2009, it was downloaded ~300,000 times [1].
Since the project started back in 2008, I've probably had 80 or 90 emails
about the project.  That is why any feedback you get (good or bad) is like
gold.  BTW, getting a Martin endorsement is no easy thing - that's a major
victory by itself.

So, what do I think the OWASP Foundation could do to help great projects
like OWASP SKF?  I see three key areas that need attention:

1. Provide incentives to create and maintain OWASP Projects
2. Provide infrastructure to support OWASP Projects
3. Provide promotion of OWASP Projects

I think the board is more then aware of the love projects need - that was a
large reason for Tom Brennan's run for a Board seat.  Having been around
for a while and projects being a soft spot for me since the Global Projects
Committee days, I've put down my further thoughts on those 3 points in a
Google Doc:

https://docs.google.com/document/d/1dcCgcy3FBM3ulA3SNq5lsZyLqeE2LkArmEi3DQV077o/edit?usp=sharing

As for what you can do today as an OWASP project leader:

1. Continue your awesome work knowing that for every one positive mention,
there's 1000 that think the same and just haven't said so.
2. Be patient with the Board/Foundation.  They have more then acknowledged
the need for a focus on projects. There's no way they could have
anticipated the unexpected events that lead to two vacant positions - the
Community Manager and Executive Director and now one less Board Member.
3. Continue to offer proactive and helpful suggestions on what works (and
what doesn't).  Like I said, feedback is GOLDEN and you cannot expect
change to happen in a vacuum. Your positive, proactive feedback provides
the signals for the Foundation to make the best decisions.  Without that
feedback, the Foundation is forced to make the best decision it can with
the info at hand.

So, thanks for taking up your favorite editor and creating the OWASP SKF -
the world is a better place for the work you've done - even it if hasn't
told you as much.

Cheers!

[1]
https://buildsecurityin.us-cert.gov/sites/default/files/05_Matt_Tesauro-DHS_Software_Assurance_Workshop_OWASP_WTE.pdf

--
-- Matt Tesauro
OWASP AppSec Pipeline Lead
https://www.owasp.org/index.php/OWASP_AppSec_Pipeline
OWASP WTE Project Lead
*https://www.owasp.org/index.php/OWASP_Web_Testing_Environment_Project
<https://www.owasp.org/index.php/OWASP_Web_Testing_Environment_Project>*
http://AppSecLive.org <http://appseclive.org/> - Community and Download site

On Fri, May 20, 2016 at 5:00 PM, Riccardo Ten Cate <
riccardo.ten.cate at owasp.org> wrote:

> Hey All,
>
> After several reviews, which we all passed according to standards, it
> would be kind of nice to see some progress with becoming a
> more mature project. It is not just about the status, but more the overall
> sense of feeling appreciated for the time and effort we are putting
> in trying to create awesome projects.
>
> "There is a team actively working on projects." is a phrase i heard far to
> much before, and it really does not motivate me to contribute to an
> organization which
> does not feels to want to help me back. Thank god for Martin Knobloch the
> dutch OWASP chapter leader for doing a great deal of contributions and
> helping us keeping motivated
> to achieve awesome things. If it would solely depend on the feedback and
> help we get from the overall community becoming more mature it would
> probably not be an OWASP project anymore.
>
> Johanna, thanks for trying to get us some steps further, it is very much
> appreciated by me.
>
> This is just my personal opinion and feeling i get from OWASP from time to
> time, it really disappoints and frustrates me as a project leader.
>
> with kind regards,
>
> Riccardo ten Cate
> Project Leader, Security knowledge framework
>
>
>
>
> On Fri, May 20, 2016 at 11:29 PM, Bev Corwin <bev.corwin at owasp.org> wrote:
>
>> +1 - Johanna, please be patient while OWASP leadership has a chance to
>> recover from recent staff changes, losses and other issues. I understand
>> your frustration, but it is counter productive to "dictate" outside of the
>> organizational processes. I'm really surprised because you have always been
>> one of the most supportive advocates of organizational processes. What
>> happened?
>>
>> On Fri, May 20, 2016 at 5:24 PM, Matt Konda <matt.konda at owasp.org> wrote:
>>
>>> Johanna,
>>>
>>> There is a team actively working on projects.  To bypass them and
>>> "promote" these projects outside of the review process with wiki updates is
>>> definitely against the spirit of what we are trying to do here.
>>>
>>> Please do not edit the projects wiki pages updating status of projects
>>> or we will have to ask for them to be *locked*.  The clear intent is
>>> that the project review team collectively makes decisions about
>>> promotions.  This will recommence when they are prepared and ready to
>>> process projects in a fair and reasonable way.  (We hope, very soon).
>>>
>>> Please be patient and let the people that are working on this (I was in
>>> a meeting with people working on projects for an hour today) work through
>>> this in the way that they see fit.  Your contributions are awesome and
>>> appreciated.  Let's let them shine while a broader team can take on the
>>> challenge and build on them.
>>>
>>> If you would like to talk further, I reached out in Slack and via google
>>> chat to discuss.
>>>
>>> Matt
>>>
>>>
>>> On Fri, May 20, 2016 at 4:09 PM, johanna curiel curiel <
>>> johanna.curiel at owasp.org> wrote:
>>>
>>>> I think we all agree these projects deserve to be LAB after more than
>>>> 10 months awaiting and having accomplished more than enough to have that
>>>> right
>>>>
>>>> I took the liberty to update this information, updated all the Wiki
>>>> inventories and dashboards , Claudia is up-to date of the changes
>>>>
>>>> If someone has a complaint or does not agree with this graduation then
>>>> please submit it here:
>>>>
>>>> https://docs.google.com/a/ossecsoft.org/forms/d/1SL04m4ZL2NrCFSF1BshfkFwKXkXL43DFR9PZA0KU8G8/viewform?edit_requested=true
>>>>
>>>> Regards
>>>>
>>>> Johanna
>>>>
>>>> On Fri, May 20, 2016 at 11:53 AM, Bev Corwin <bev.corwin at owasp.org>
>>>> wrote:
>>>>
>>>>> seraphimdroid on google play:
>>>>> https://play.google.com/store/apps/details?id=org.owasp.seraphimdroid
>>>>>
>>>>> Interesting reviews
>>>>>
>>>>> Bev
>>>>>
>>>>> On Fri, May 20, 2016 at 11:25 AM, Bev Corwin <bev.corwin at owasp.org>
>>>>> wrote:
>>>>>
>>>>>> Thank you Johanna,
>>>>>>
>>>>>> I thought that might be the project you were referring to, but your
>>>>>> email was missing the "knowledge" part of the name, so good to clarify.
>>>>>> Appreciate the follow up info, as well.
>>>>>>
>>>>>> Best wishes,
>>>>>> Bev
>>>>>>
>>>>>>
>>>>>> On Fri, May 20, 2016 at 11:22 AM, johanna curiel curiel <
>>>>>> johanna.curiel at owasp.org> wrote:
>>>>>>
>>>>>>>  OWASP Security Knowledge Framework
>>>>>>> <https://www.owasp.org/index.php/OWASP_Security_Knowledge_Framework#tab.3DMain>
>>>>>>>
>>>>>>> OWASP SeraphimDroid Project
>>>>>>> <https://www.owasp.org/index.php/OWASP_SeraphimDroid_Project>
>>>>>>>
>>>>>>> You can ask Claudia, these projects had already 2 reviews,
>>>>>>> Security Framework won the Rookie of the year BlackDuck award
>>>>>>>
>>>>>>> SeraphimDroid works very well, I tested on an emulator and an
>>>>>>> android infecting my phone.All have positive reviews Google Play store with
>>>>>>> a solid 4.5 points from more than 1000 downloads
>>>>>>> So far a solid development and these are defender projects.
>>>>>>>
>>>>>>> We need more of this and we need to promote them instead of lying in
>>>>>>> the dark
>>>>>>>
>>>>>>> If you don't mind and no one complains the upgrade is simple: move
>>>>>>> them on the list and update dashboard
>>>>>>>
>>>>>>> People lets be proactive. Time to show we need a balance.
>>>>>>>
>>>>>>> https://www.openhub.net/p/owasp-seraphimdroid
>>>>>>> https://www.openhub.net/p/skf-flask
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>> On Fri, May 20, 2016 at 11:12 AM, Bev Corwin <bev.corwin at owasp.org>
>>>>>>> wrote:
>>>>>>>
>>>>>>>> Dear Johanna,
>>>>>>>>
>>>>>>>> Could you kindly provide the URLs to the project pages for:
>>>>>>>>
>>>>>>>>    - OWASP SheraphimDroid
>>>>>>>>    - OWASP Security Framework
>>>>>>>>
>>>>>>>> Thank you and best wishes,
>>>>>>>> Bev
>>>>>>>>
>>>>>>>>
>>>>>>>> On Fri, May 20, 2016 at 9:49 AM, johanna curiel curiel <
>>>>>>>> johanna.curiel at owasp.org> wrote:
>>>>>>>>
>>>>>>>>> Hi All
>>>>>>>>>
>>>>>>>>> I'm not writing to the Board because my subscription to the board
>>>>>>>>> list has not been accepted yet
>>>>>>>>>
>>>>>>>>> I'm making an official request to the Board to move 2 projects
>>>>>>>>> that are defenders and are doing an awesome work
>>>>>>>>>
>>>>>>>>>
>>>>>>>>>    - OWASP SheraphimDroid
>>>>>>>>>    - OWASP Security Framework
>>>>>>>>>
>>>>>>>>>
>>>>>>>>> Based on our old criteria, including awards and community support,
>>>>>>>>> I believe they deserve to get out out the Incubator lists and be place in
>>>>>>>>> LAB. They both have made requests to move to LAB but due to the
>>>>>>>>> circumstances and lack of volunteers in Review process, they have not.
>>>>>>>>>
>>>>>>>>> I'm putting this on the agenda for a vote.
>>>>>>>>>
>>>>>>>>> Also, I would like that Google Ad words are allocated to promote
>>>>>>>>> these projects, including an incentive budget for SFK to pay a student
>>>>>>>>> internship for development which he could not obtain due to the lack of
>>>>>>>>> Google slots.
>>>>>>>>>
>>>>>>>>> regards
>>>>>>>>>
>>>>>>>>>
>>>>>>>>> --
>>>>>>>>> Johanna Curiel
>>>>>>>>> OWASP Volunteer
>>>>>>>>>
>>>>>>>>> _______________________________________________
>>>>>>>>> Owasp-community mailing list
>>>>>>>>> Owasp-community at lists.owasp.org
>>>>>>>>> https://lists.owasp.org/mailman/listinfo/owasp-community
>>>>>>>>>
>>>>>>>>>
>>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>> --
>>>>>>> Johanna Curiel
>>>>>>> OWASP Volunteer
>>>>>>>
>>>>>>
>>>>>>
>>>>>
>>>>
>>>>
>>>> --
>>>> Johanna Curiel
>>>> OWASP Volunteer
>>>>
>>>> _______________________________________________
>>>> Owasp-community mailing list
>>>> Owasp-community at lists.owasp.org
>>>> https://lists.owasp.org/mailman/listinfo/owasp-community
>>>>
>>>>
>>>
>>
>> _______________________________________________
>> OWASP-Leaders mailing list
>> OWASP-Leaders at lists.owasp.org
>> https://lists.owasp.org/mailman/listinfo/owasp-leaders
>>
>>
>
> _______________________________________________
> OWASP-Leaders mailing list
> OWASP-Leaders at lists.owasp.org
> https://lists.owasp.org/mailman/listinfo/owasp-leaders
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/owasp-leaders/attachments/20160525/22887bc2/attachment-0001.html>


More information about the OWASP-Leaders mailing list