[Owasp_project_leader_list] OWASP Project Audits

Jim Manico jim.manico at owasp.org
Tue Apr 22 19:19:31 UTC 2014


Simon,

It depends. A documentation project like the OWASP Top Ten gets released
every three years and that seems ok to me. For an active code library I'd
expect to see activity every month or two, similar to a assessment tool.

Tricky problem here....

--
Jim Manico
@Manicode
(808) 652-3805

On Apr 22, 2014, at 11:01 AM, Samantha Groves <samantha.groves at owasp.org>
wrote:

I agree. Lets get started? Who is doing what? I can send our form to the
lists.


On Tue, Apr 22, 2014 at 11:00 AM, psiinon <psiinon at gmail.com> wrote:

> I vote for a relatively aggressive approach to demoting projects.
> No apparent code changes, releases or home page edits in the last 12
> months? Email leader saying demotion is immanent. No response to email in
> one month? Demote.
> 1 email explaining why the project is still alive: keep alive for now..
>
> That should weed out a load of the deadwood!
>
> Obviously promoting projects requires a bit more effort, but ask the
> leaders to justify promotion as they have a vested interest in making it
> so, and that reduces the load on the reviewers.
>
> Cheers,
>
> Simon
>
>
> On Tue, Apr 22, 2014 at 6:50 PM, Jim Manico <jim.manico at owasp.org> wrote:
>
>> Samantha,
>>
>> What was the result of the previous project audit?
>>
>> My understanding is that no project has moved up or down the project
>> hierarchy in the past few years.
>>
>> Just curious what the endgame or goal is here.
>>
>> --
>> Jim Manico
>> @Manicode
>> (808) 652-3805
>>
>> On Apr 22, 2014, at 10:43 AM, Samantha Groves <samantha.groves at owasp.org>
>> wrote:
>>
>> Thank you guys.
>>
>> +1 I love it, and I would love it more if I had a handful of people
>> pitching in as I think it will go way faster. The last audit took quite a
>> while to do. The next one was scheduled to start in June, but we have
>> started early.
>>
>> For reference, this is what I did the last time:
>> https://docs.google.com/spreadsheet/ccc?key=0AllOCxlYdf1AdEdCYVJpdmZHaWJYZ055WHROa19qN3c&usp=sharing
>>
>> I put together the form Simon suggested:
>> https://docs.google.com/a/owasp.org/forms/d/14DYS3kY6P2uqJqAMd3F-cMfUPg-DXCK3sQvtggZ1gek/viewform
>>
>> Let me know what you think. We can e-mail this list, and all of the other
>> known active project leaders. They all have 3 weeks to respond, as Johanna
>> suggested. I agree with that. After that, the project is marked inactive.
>> How does that sound?
>>
>>
>>
>>
>> On Tue, Apr 22, 2014 at 7:35 AM, Matt Tesauro <matt.tesauro at owasp.org>wrote:
>>
>>> +1
>>>
>>> I agree that a quick survey of the project leaders may help get enough
>>> responses so that a sorting can occur allowing more detailed audits of the
>>> more active projects.  If a project won't answer a short form, they are
>>> quite unlikely to do a few audit.  Its also possible that I'm ignorant of
>>> all the work you're doing on these audits.
>>>
>>> I do think you're doing awesome (and somewhat thankless) work.  I
>>> remember trying to herd the cats while part of the Global Project
>>> Committee.  It is not an easy task.  Thanks for all your awesome work so
>>> far.
>>>
>>>
>>> --
>>> -- Matt Tesauro
>>> OWASP WTE Project Lead
>>> http://www.owasp.org/index.php/Category:OWASP_Live_CD_Project
>>> http://AppSecLive.org - Community and Download site
>>> OWASP OpenStack Security Project Lead
>>> https://www.owasp.org/index.php/OWASP_OpenStack_Security_Project
>>>
>>>
>>> On Tue, Apr 22, 2014 at 4:33 AM, psiinon <psiinon at gmail.com> wrote:
>>>
>>>> Samantha,
>>>> cc OWASP Project leaders,
>>>>
>>>> Auditing all of the OWASP Projects (as per
>>>> https://github.com/OWASP/Projects_Task_Force/issues/2) seems to be a
>>>> significant undertaking, and its one I think the project leaders could (and
>>>> possible _should_) help with.
>>>>
>>>> How about setting up a simple form with high level questions like:
>>>>
>>>>    - Project name:
>>>>    - Leaders name:
>>>>    - Ohloh link:
>>>>    - Source control link (if not on Ohloh):
>>>>    - Is your project active? (Yes, No, Clinging on for dear life)
>>>>    - When was the last release?
>>>>    - Link to last release:
>>>>    - When do you think the next release will be?
>>>>
>>>> Or whatever questions you want the answers to, but something that
>>>> someone can fill in very quickly.
>>>>
>>>> Then ask all of the project leaders to fill that out for each of their
>>>> projects.
>>>>
>>>> The audit should go further than this, but at least that would be
>>>> really useful input which project leaders should be able to supply quite
>>>> easily.
>>>>
>>>> And if a leader doesnt fill in this form after being prompted a couple
>>>> of times then maybe we should just move it to inactive status?
>>>>
>>>> Cheers,
>>>>
>>>> Simon
>>>>
>>>> --
>>>> OWASP ZAP <https://www.owasp.org/index.php/ZAP> Project leader
>>>>
>>>> _______________________________________________
>>>> Owasp_project_leader_list mailing list
>>>> Owasp_project_leader_list at lists.owasp.org
>>>> https://lists.owasp.org/mailman/listinfo/owasp_project_leader_list
>>>>
>>>>
>>>
>>
>>
>> --
>>
>> *Samantha Groves, MBA*
>>
>> *OWASP Projects Manager*
>>
>>
>> The OWASP Foundation
>>
>> Phoenix, USA
>>
>> Email: samantha.groves at owasp.org
>>
>> Skype: samanthahz
>>
>>
>> OWASP Global Projects<https://www.owasp.org/index.php/Category:OWASP_Project>
>>
>> Book a Meeting with Me <http://goo.gl/mZXdZ>
>>
>> OWASP Contact US Form <http://owasp4.owasp.org/contactus.html>
>>
>> New Project Application Form <http://www.tfaforms.com/263506>
>>
>>
>>
>>  _______________________________________________
>> Owasp_project_leader_list mailing list
>> Owasp_project_leader_list at lists.owasp.org
>> https://lists.owasp.org/mailman/listinfo/owasp_project_leader_list
>>
>>
>> _______________________________________________
>> Owasp_project_leader_list mailing list
>> Owasp_project_leader_list at lists.owasp.org
>> https://lists.owasp.org/mailman/listinfo/owasp_project_leader_list
>>
>>
>
>
> --
> OWASP ZAP <https://www.owasp.org/index.php/ZAP> Project leader
>



-- 

*Samantha Groves, MBA*

*OWASP Projects Manager*


The OWASP Foundation

Phoenix, USA

Email: samantha.groves at owasp.org

Skype: samanthahz


OWASP Global Projects<https://www.owasp.org/index.php/Category:OWASP_Project>

Book a Meeting with Me <http://goo.gl/mZXdZ>

OWASP Contact US Form <http://owasp4.owasp.org/contactus.html>

New Project Application Form <http://www.tfaforms.com/263506>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/owasp_project_leader_list/attachments/20140422/6f05ca57/attachment.html>


More information about the Owasp_project_leader_list mailing list