[Owasp-leaders] [Owasp-community] Request to the board - move these defender projects to LAB

Riccardo Ten Cate riccardo.ten.cate at owasp.org
Mon May 30 19:07:28 UTC 2016


Hey Matt,

Very sorry for the late reply, work has been kinda demanding couple of days.
Thank you very much for your kind words, it is much appreciated. We will
definitely do the best we can
to make the SKF project even better and more helpfull!

We just started rewriting the project as an API to handle more concurrent
users since the project is also more and more being
integrated into enterprise company's when developing software.

Again, thanks for your kind words about the project, it definitely gives us
more synergy to make things even more awesome!

With kind regards,
Riccardo

On Fri, May 27, 2016 at 6:50 PM, Timur 'x' Khrotko (owasp) <timur at owasp.org>
wrote:

> Colleagues,
>
> it's also the outdated modes of communication we maintain with our
> community and within the organization that makes feedback bit harder, like
> in late eighties.))
>
> We still use wiki instead of meetup.com, github and facebook. We can hate
> fb, but for most normal creatures giving feedback via the modern facilities
> is an easy move. Even if you can not lock things easily at that facilities
> as the approach is different.
>
> In order to create transparency of our bureaucratic processes there can be
> public timelines and statuses of procedures and meetings, that can be put
> into google sheets. So the process fetichism and the agile expectations can
> live in love and dialogue.
>
> etc!
>
> Cheers,
> Timur
>
>
> On Wed, May 25, 2016 at 6:41 PM Matt Tesauro <matt.tesauro at owasp.org>
> wrote:
>
>> Riccardo,
>>
>> First, I'm as guilty as many of us here - I know SKF and think its
>> awesome.  Problem is I didn't share that fact with you.
>>
>> Second, as someone who has had an active (and flagship for a while) OWASP
>> project since 2008, I'm going to tell you that the feedback rate will be
>> half of half of half of what you'd like to see.  When OWASP WTE was still
>> the OWASP Live CD back around 2009, it was downloaded ~300,000 times [1].
>> Since the project started back in 2008, I've probably had 80 or 90 emails
>> about the project.  That is why any feedback you get (good or bad) is like
>> gold.  BTW, getting a Martin endorsement is no easy thing - that's a major
>> victory by itself.
>>
>> So, what do I think the OWASP Foundation could do to help great projects
>> like OWASP SKF?  I see three key areas that need attention:
>>
>> 1. Provide incentives to create and maintain OWASP Projects
>> 2. Provide infrastructure to support OWASP Projects
>> 3. Provide promotion of OWASP Projects
>>
>> I think the board is more then aware of the love projects need - that was
>> a large reason for Tom Brennan's run for a Board seat.  Having been around
>> for a while and projects being a soft spot for me since the Global Projects
>> Committee days, I've put down my further thoughts on those 3 points in a
>> Google Doc:
>>
>>
>> https://docs.google.com/document/d/1dcCgcy3FBM3ulA3SNq5lsZyLqeE2LkArmEi3DQV077o/edit?usp=sharing
>>
>> As for what you can do today as an OWASP project leader:
>>
>> 1. Continue your awesome work knowing that for every one positive
>> mention, there's 1000 that think the same and just haven't said so.
>> 2. Be patient with the Board/Foundation.  They have more then
>> acknowledged the need for a focus on projects. There's no way they could
>> have anticipated the unexpected events that lead to two vacant positions -
>> the Community Manager and Executive Director and now one less Board Member.
>> 3. Continue to offer proactive and helpful suggestions on what works (and
>> what doesn't).  Like I said, feedback is GOLDEN and you cannot expect
>> change to happen in a vacuum. Your positive, proactive feedback provides
>> the signals for the Foundation to make the best decisions.  Without that
>> feedback, the Foundation is forced to make the best decision it can with
>> the info at hand.
>>
>> So, thanks for taking up your favorite editor and creating the OWASP SKF
>> - the world is a better place for the work you've done - even it if hasn't
>> told you as much.
>>
>> Cheers!
>>
>> [1]
>> https://buildsecurityin.us-cert.gov/sites/default/files/05_Matt_Tesauro-DHS_Software_Assurance_Workshop_OWASP_WTE.pdf
>>
>> --
>> -- Matt Tesauro
>> OWASP AppSec Pipeline Lead
>> https://www.owasp.org/index.php/OWASP_AppSec_Pipeline
>> OWASP WTE Project Lead
>> *https://www.owasp.org/index.php/OWASP_Web_Testing_Environment_Project
>> <https://www.owasp.org/index.php/OWASP_Web_Testing_Environment_Project>*
>> http://AppSecLive.org <http://appseclive.org/> - Community and Download
>> site
>>
>> On Fri, May 20, 2016 at 5:00 PM, Riccardo Ten Cate <
>> riccardo.ten.cate at owasp.org> wrote:
>>
>>> Hey All,
>>>
>>> After several reviews, which we all passed according to standards, it
>>> would be kind of nice to see some progress with becoming a
>>> more mature project. It is not just about the status, but more the
>>> overall sense of feeling appreciated for the time and effort we are putting
>>> in trying to create awesome projects.
>>>
>>> "There is a team actively working on projects." is a phrase i heard far
>>> to much before, and it really does not motivate me to contribute to an
>>> organization which
>>> does not feels to want to help me back. Thank god for Martin Knobloch
>>> the dutch OWASP chapter leader for doing a great deal of contributions and
>>> helping us keeping motivated
>>> to achieve awesome things. If it would solely depend on the feedback and
>>> help we get from the overall community becoming more mature it would
>>> probably not be an OWASP project anymore.
>>>
>>> Johanna, thanks for trying to get us some steps further, it is very much
>>> appreciated by me.
>>>
>>> This is just my personal opinion and feeling i get from OWASP from time
>>> to time, it really disappoints and frustrates me as a project leader.
>>>
>>> with kind regards,
>>>
>>> Riccardo ten Cate
>>> Project Leader, Security knowledge framework
>>>
>>>
>>>
>>>
>>> On Fri, May 20, 2016 at 11:29 PM, Bev Corwin <bev.corwin at owasp.org>
>>> wrote:
>>>
>>>> +1 - Johanna, please be patient while OWASP leadership has a chance to
>>>> recover from recent staff changes, losses and other issues. I understand
>>>> your frustration, but it is counter productive to "dictate" outside of the
>>>> organizational processes. I'm really surprised because you have always been
>>>> one of the most supportive advocates of organizational processes. What
>>>> happened?
>>>>
>>>> On Fri, May 20, 2016 at 5:24 PM, Matt Konda <matt.konda at owasp.org>
>>>> wrote:
>>>>
>>>>> Johanna,
>>>>>
>>>>> There is a team actively working on projects.  To bypass them and
>>>>> "promote" these projects outside of the review process with wiki updates is
>>>>> definitely against the spirit of what we are trying to do here.
>>>>>
>>>>> Please do not edit the projects wiki pages updating status of projects
>>>>> or we will have to ask for them to be *locked*.  The clear intent is
>>>>> that the project review team collectively makes decisions about
>>>>> promotions.  This will recommence when they are prepared and ready to
>>>>> process projects in a fair and reasonable way.  (We hope, very soon).
>>>>>
>>>>> Please be patient and let the people that are working on this (I was
>>>>> in a meeting with people working on projects for an hour today) work
>>>>> through this in the way that they see fit.  Your contributions are awesome
>>>>> and appreciated.  Let's let them shine while a broader team can take on the
>>>>> challenge and build on them.
>>>>>
>>>>> If you would like to talk further, I reached out in Slack and via
>>>>> google chat to discuss.
>>>>>
>>>>> Matt
>>>>>
>>>>>
>>>>> On Fri, May 20, 2016 at 4:09 PM, johanna curiel curiel <
>>>>> johanna.curiel at owasp.org> wrote:
>>>>>
>>>>>> I think we all agree these projects deserve to be LAB after more than
>>>>>> 10 months awaiting and having accomplished more than enough to have that
>>>>>> right
>>>>>>
>>>>>> I took the liberty to update this information, updated all the Wiki
>>>>>> inventories and dashboards , Claudia is up-to date of the changes
>>>>>>
>>>>>> If someone has a complaint or does not agree with this graduation
>>>>>> then please submit it here:
>>>>>>
>>>>>> https://docs.google.com/a/ossecsoft.org/forms/d/1SL04m4ZL2NrCFSF1BshfkFwKXkXL43DFR9PZA0KU8G8/viewform?edit_requested=true
>>>>>>
>>>>>> Regards
>>>>>>
>>>>>> Johanna
>>>>>>
>>>>>> On Fri, May 20, 2016 at 11:53 AM, Bev Corwin <bev.corwin at owasp.org>
>>>>>> wrote:
>>>>>>
>>>>>>> seraphimdroid on google play:
>>>>>>> https://play.google.com/store/apps/details?id=org.owasp.seraphimdroid
>>>>>>>
>>>>>>> Interesting reviews
>>>>>>>
>>>>>>> Bev
>>>>>>>
>>>>>>> On Fri, May 20, 2016 at 11:25 AM, Bev Corwin <bev.corwin at owasp.org>
>>>>>>> wrote:
>>>>>>>
>>>>>>>> Thank you Johanna,
>>>>>>>>
>>>>>>>> I thought that might be the project you were referring to, but your
>>>>>>>> email was missing the "knowledge" part of the name, so good to clarify.
>>>>>>>> Appreciate the follow up info, as well.
>>>>>>>>
>>>>>>>> Best wishes,
>>>>>>>> Bev
>>>>>>>>
>>>>>>>>
>>>>>>>> On Fri, May 20, 2016 at 11:22 AM, johanna curiel curiel <
>>>>>>>> johanna.curiel at owasp.org> wrote:
>>>>>>>>
>>>>>>>>>  OWASP Security Knowledge Framework
>>>>>>>>> <https://www.owasp.org/index.php/OWASP_Security_Knowledge_Framework#tab.3DMain>
>>>>>>>>>
>>>>>>>>> OWASP SeraphimDroid Project
>>>>>>>>> <https://www.owasp.org/index.php/OWASP_SeraphimDroid_Project>
>>>>>>>>>
>>>>>>>>> You can ask Claudia, these projects had already 2 reviews,
>>>>>>>>> Security Framework won the Rookie of the year BlackDuck award
>>>>>>>>>
>>>>>>>>> SeraphimDroid works very well, I tested on an emulator and an
>>>>>>>>> android infecting my phone.All have positive reviews Google Play store with
>>>>>>>>> a solid 4.5 points from more than 1000 downloads
>>>>>>>>> So far a solid development and these are defender projects.
>>>>>>>>>
>>>>>>>>> We need more of this and we need to promote them instead of lying
>>>>>>>>> in the dark
>>>>>>>>>
>>>>>>>>> If you don't mind and no one complains the upgrade is simple: move
>>>>>>>>> them on the list and update dashboard
>>>>>>>>>
>>>>>>>>> People lets be proactive. Time to show we need a balance.
>>>>>>>>>
>>>>>>>>> https://www.openhub.net/p/owasp-seraphimdroid
>>>>>>>>> https://www.openhub.net/p/skf-flask
>>>>>>>>>
>>>>>>>>>
>>>>>>>>>
>>>>>>>>> On Fri, May 20, 2016 at 11:12 AM, Bev Corwin <bev.corwin at owasp.org
>>>>>>>>> > wrote:
>>>>>>>>>
>>>>>>>>>> Dear Johanna,
>>>>>>>>>>
>>>>>>>>>> Could you kindly provide the URLs to the project pages for:
>>>>>>>>>>
>>>>>>>>>>    - OWASP SheraphimDroid
>>>>>>>>>>    - OWASP Security Framework
>>>>>>>>>>
>>>>>>>>>> Thank you and best wishes,
>>>>>>>>>> Bev
>>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>> On Fri, May 20, 2016 at 9:49 AM, johanna curiel curiel <
>>>>>>>>>> johanna.curiel at owasp.org> wrote:
>>>>>>>>>>
>>>>>>>>>>> Hi All
>>>>>>>>>>>
>>>>>>>>>>> I'm not writing to the Board because my subscription to the
>>>>>>>>>>> board list has not been accepted yet
>>>>>>>>>>>
>>>>>>>>>>> I'm making an official request to the Board to move 2 projects
>>>>>>>>>>> that are defenders and are doing an awesome work
>>>>>>>>>>>
>>>>>>>>>>>
>>>>>>>>>>>    - OWASP SheraphimDroid
>>>>>>>>>>>    - OWASP Security Framework
>>>>>>>>>>>
>>>>>>>>>>>
>>>>>>>>>>> Based on our old criteria, including awards and community
>>>>>>>>>>> support, I believe they deserve to get out out the Incubator lists and be
>>>>>>>>>>> place in LAB. They both have made requests to move to LAB but due to the
>>>>>>>>>>> circumstances and lack of volunteers in Review process, they have not.
>>>>>>>>>>>
>>>>>>>>>>> I'm putting this on the agenda for a vote.
>>>>>>>>>>>
>>>>>>>>>>> Also, I would like that Google Ad words are allocated to promote
>>>>>>>>>>> these projects, including an incentive budget for SFK to pay a student
>>>>>>>>>>> internship for development which he could not obtain due to the lack of
>>>>>>>>>>> Google slots.
>>>>>>>>>>>
>>>>>>>>>>> regards
>>>>>>>>>>>
>>>>>>>>>>>
>>>>>>>>>>> --
>>>>>>>>>>> Johanna Curiel
>>>>>>>>>>> OWASP Volunteer
>>>>>>>>>>>
>>>>>>>>>>> _______________________________________________
>>>>>>>>>>> Owasp-community mailing list
>>>>>>>>>>> Owasp-community at lists.owasp.org
>>>>>>>>>>> https://lists.owasp.org/mailman/listinfo/owasp-community
>>>>>>>>>>>
>>>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>
>>>>>>>>>
>>>>>>>>> --
>>>>>>>>> Johanna Curiel
>>>>>>>>> OWASP Volunteer
>>>>>>>>>
>>>>>>>>
>>>>>>>>
>>>>>>>
>>>>>>
>>>>>>
>>>>>> --
>>>>>> Johanna Curiel
>>>>>> OWASP Volunteer
>>>>>>
>>>>>> _______________________________________________
>>>>>> Owasp-community mailing list
>>>>>> Owasp-community at lists.owasp.org
>>>>>> https://lists.owasp.org/mailman/listinfo/owasp-community
>>>>>>
>>>>>>
>>>>>
>>>>
>>>> _______________________________________________
>>>> OWASP-Leaders mailing list
>>>> OWASP-Leaders at lists.owasp.org
>>>> https://lists.owasp.org/mailman/listinfo/owasp-leaders
>>>>
>>>>
>>>
>>> _______________________________________________
>>> OWASP-Leaders mailing list
>>> OWASP-Leaders at lists.owasp.org
>>> https://lists.owasp.org/mailman/listinfo/owasp-leaders
>>>
>>>
>> _______________________________________________
>> OWASP-Leaders mailing list
>> OWASP-Leaders at lists.owasp.org
>> https://lists.owasp.org/mailman/listinfo/owasp-leaders
>>
>
> This message may contain confidential information - you should handle it
> accordingly.
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/owasp-leaders/attachments/20160530/82c630e7/attachment-0001.html>


More information about the OWASP-Leaders mailing list