[Owasp_project_leader_list] OWASP Project Audits

johanna curiel curiel johanna.curiel at owasp.org
Wed Apr 23 18:55:45 UTC 2014


1. I need an as close to as possible accurate list of Active projects by
the beginning of June. <-- This is what I care about the most.

I'm working on cleaning inactive projects from LABS. Got 1 reaction. I'll
send a reminder the coming 3 weeks, no reaction , those projects will be
set as inactive.
I'll foucs right now on cleaning this list

2. How we do it? I leave that up to you guys/the community.

last year I worked on reviewing Incubators Tools & Code projects.The list I
sent is quite accurate so far and Jim worked updating some info in it. I
have no time to fill in criteria forms and I don't think this is necessary.

I based my judgment on activities in the project repository. 0 activity
means inactive.

I'm researching why are projects becoming inactive. This is part of the
pilot project.

I have time to review tools & code incubator projects only.

*Also if project leaders are not setting an account in ohloh, it makes it
difficult to measure but still looking at the repository activities ,
mailing list for example also provides this info but it has to be done
manually. I'll probably start adding(LAB) OWASP projects in ohloh for the
purpose to gathering data metrics.*

*Since Incubators are  experiments , I'll not focus my time on them. I
consider them so far a playground for experiments. *

*If project leaders consider his project deserves to move from Incubator to
LAB or to flagship, it will important to demonstrate WHY.*

*A more intensive accurate review will be needed for this but ONLY IF
REQUESTED BY THE PROJECT LEADER.*










On Wed, Apr 23, 2014 at 2:28 PM, Samantha Groves
<samantha.groves at owasp.org>wrote:

> Great suggestion, guys. Yes, we need to take the other two into account,
> as well. I am looping in Johanna as she is working on this, as well.
>
> Just so we are all clear on what the end game is:
>
> 1. I need an as close to as possible accurate list of Active projects by
> the beginning of June. <-- This is what I care about the most.
> 2. How we do it? I leave that up to you guys/the community.
> 3. You can use the process/documents I used in the past, but I leave that
> up to this team to decide. I trust you all know what you are doing. :-)
>
> questions/concerns?
>
>
>
>
> On Wed, Apr 23, 2014 at 12:29 AM, psiinon <psiinon at gmail.com> wrote:
>
>> Agreed - I was thinking more about code based projects :)
>>
>>
>> On Tue, Apr 22, 2014 at 8:19 PM, Jim Manico <jim.manico at owasp.org> wrote:
>>
>>> Simon,
>>>
>>> It depends. A documentation project like the OWASP Top Ten gets released
>>> every three years and that seems ok to me. For an active code library I'd
>>> expect to see activity every month or two, similar to a assessment tool.
>>>
>>> Tricky problem here....
>>>
>>> --
>>> Jim Manico
>>> @Manicode
>>> (808) 652-3805
>>>
>>> On Apr 22, 2014, at 11:01 AM, Samantha Groves <samantha.groves at owasp.org>
>>> wrote:
>>>
>>> I agree. Lets get started? Who is doing what? I can send our form to the
>>> lists.
>>>
>>>
>>> On Tue, Apr 22, 2014 at 11:00 AM, psiinon <psiinon at gmail.com> wrote:
>>>
>>>> I vote for a relatively aggressive approach to demoting projects.
>>>> No apparent code changes, releases or home page edits in the last 12
>>>> months? Email leader saying demotion is immanent. No response to email in
>>>> one month? Demote.
>>>> 1 email explaining why the project is still alive: keep alive for now..
>>>>
>>>> That should weed out a load of the deadwood!
>>>>
>>>> Obviously promoting projects requires a bit more effort, but ask the
>>>> leaders to justify promotion as they have a vested interest in making it
>>>> so, and that reduces the load on the reviewers.
>>>>
>>>> Cheers,
>>>>
>>>> Simon
>>>>
>>>>
>>>> On Tue, Apr 22, 2014 at 6:50 PM, Jim Manico <jim.manico at owasp.org>wrote:
>>>>
>>>>> Samantha,
>>>>>
>>>>> What was the result of the previous project audit?
>>>>>
>>>>> My understanding is that no project has moved up or down the project
>>>>> hierarchy in the past few years.
>>>>>
>>>>> Just curious what the endgame or goal is here.
>>>>>
>>>>> --
>>>>> Jim Manico
>>>>> @Manicode
>>>>> (808) 652-3805
>>>>>
>>>>> On Apr 22, 2014, at 10:43 AM, Samantha Groves <
>>>>> samantha.groves at owasp.org> wrote:
>>>>>
>>>>> Thank you guys.
>>>>>
>>>>> +1 I love it, and I would love it more if I had a handful of people
>>>>> pitching in as I think it will go way faster. The last audit took quite a
>>>>> while to do. The next one was scheduled to start in June, but we have
>>>>> started early.
>>>>>
>>>>> For reference, this is what I did the last time:
>>>>> https://docs.google.com/spreadsheet/ccc?key=0AllOCxlYdf1AdEdCYVJpdmZHaWJYZ055WHROa19qN3c&usp=sharing
>>>>>
>>>>> I put together the form Simon suggested:
>>>>> https://docs.google.com/a/owasp.org/forms/d/14DYS3kY6P2uqJqAMd3F-cMfUPg-DXCK3sQvtggZ1gek/viewform
>>>>>
>>>>> Let me know what you think. We can e-mail this list, and all of the
>>>>> other known active project leaders. They all have 3 weeks to respond, as
>>>>> Johanna suggested. I agree with that. After that, the project is marked
>>>>> inactive. How does that sound?
>>>>>
>>>>>
>>>>>
>>>>>
>>>>> On Tue, Apr 22, 2014 at 7:35 AM, Matt Tesauro <matt.tesauro at owasp.org>wrote:
>>>>>
>>>>>> +1
>>>>>>
>>>>>> I agree that a quick survey of the project leaders may help get
>>>>>> enough responses so that a sorting can occur allowing more detailed audits
>>>>>> of the more active projects.  If a project won't answer a short form, they
>>>>>> are quite unlikely to do a few audit.  Its also possible that I'm ignorant
>>>>>> of all the work you're doing on these audits.
>>>>>>
>>>>>> I do think you're doing awesome (and somewhat thankless) work.  I
>>>>>> remember trying to herd the cats while part of the Global Project
>>>>>> Committee.  It is not an easy task.  Thanks for all your awesome work so
>>>>>> far.
>>>>>>
>>>>>>
>>>>>> --
>>>>>> -- Matt Tesauro
>>>>>> OWASP WTE Project Lead
>>>>>> http://www.owasp.org/index.php/Category:OWASP_Live_CD_Project
>>>>>> http://AppSecLive.org - Community and Download site
>>>>>> OWASP OpenStack Security Project Lead
>>>>>> https://www.owasp.org/index.php/OWASP_OpenStack_Security_Project
>>>>>>
>>>>>>
>>>>>> On Tue, Apr 22, 2014 at 4:33 AM, psiinon <psiinon at gmail.com> wrote:
>>>>>>
>>>>>>> Samantha,
>>>>>>> cc OWASP Project leaders,
>>>>>>>
>>>>>>> Auditing all of the OWASP Projects (as per
>>>>>>> https://github.com/OWASP/Projects_Task_Force/issues/2) seems to be
>>>>>>> a significant undertaking, and its one I think the project leaders could
>>>>>>> (and possible _should_) help with.
>>>>>>>
>>>>>>> How about setting up a simple form with high level questions like:
>>>>>>>
>>>>>>>    - Project name:
>>>>>>>    - Leaders name:
>>>>>>>    - Ohloh link:
>>>>>>>    - Source control link (if not on Ohloh):
>>>>>>>    - Is your project active? (Yes, No, Clinging on for dear life)
>>>>>>>    - When was the last release?
>>>>>>>    - Link to last release:
>>>>>>>    - When do you think the next release will be?
>>>>>>>
>>>>>>> Or whatever questions you want the answers to, but something that
>>>>>>> someone can fill in very quickly.
>>>>>>>
>>>>>>> Then ask all of the project leaders to fill that out for each of
>>>>>>> their projects.
>>>>>>>
>>>>>>> The audit should go further than this, but at least that would be
>>>>>>> really useful input which project leaders should be able to supply quite
>>>>>>> easily.
>>>>>>>
>>>>>>> And if a leader doesnt fill in this form after being prompted a
>>>>>>> couple of times then maybe we should just move it to inactive status?
>>>>>>>
>>>>>>> Cheers,
>>>>>>>
>>>>>>> Simon
>>>>>>>
>>>>>>> --
>>>>>>> OWASP ZAP <https://www.owasp.org/index.php/ZAP> Project leader
>>>>>>>
>>>>>>> _______________________________________________
>>>>>>> Owasp_project_leader_list mailing list
>>>>>>> Owasp_project_leader_list at lists.owasp.org
>>>>>>> https://lists.owasp.org/mailman/listinfo/owasp_project_leader_list
>>>>>>>
>>>>>>>
>>>>>>
>>>>>
>>>>>
>>>>> --
>>>>>
>>>>> *Samantha Groves, MBA*
>>>>>
>>>>> *OWASP Projects Manager*
>>>>>
>>>>>
>>>>> The OWASP Foundation
>>>>>
>>>>> Phoenix, USA
>>>>>
>>>>> Email: samantha.groves at owasp.org
>>>>>
>>>>> Skype: samanthahz
>>>>>
>>>>>
>>>>> OWASP Global Projects<https://www.owasp.org/index.php/Category:OWASP_Project>
>>>>>
>>>>> Book a Meeting with Me <http://goo.gl/mZXdZ>
>>>>>
>>>>> OWASP Contact US Form <http://owasp4.owasp.org/contactus.html>
>>>>>
>>>>> New Project Application Form <http://www.tfaforms.com/263506>
>>>>>
>>>>>
>>>>>
>>>>>  _______________________________________________
>>>>> Owasp_project_leader_list mailing list
>>>>> Owasp_project_leader_list at lists.owasp.org
>>>>> https://lists.owasp.org/mailman/listinfo/owasp_project_leader_list
>>>>>
>>>>>
>>>>> _______________________________________________
>>>>> Owasp_project_leader_list mailing list
>>>>> Owasp_project_leader_list at lists.owasp.org
>>>>> https://lists.owasp.org/mailman/listinfo/owasp_project_leader_list
>>>>>
>>>>>
>>>>
>>>>
>>>> --
>>>> OWASP ZAP <https://www.owasp.org/index.php/ZAP> Project leader
>>>>
>>>
>>>
>>>
>>> --
>>>
>>> *Samantha Groves, MBA*
>>>
>>> *OWASP Projects Manager*
>>>
>>>
>>> The OWASP Foundation
>>>
>>> Phoenix, USA
>>>
>>> Email: samantha.groves at owasp.org
>>>
>>> Skype: samanthahz
>>>
>>>
>>> OWASP Global Projects<https://www.owasp.org/index.php/Category:OWASP_Project>
>>>
>>> Book a Meeting with Me <http://goo.gl/mZXdZ>
>>>
>>> OWASP Contact US Form <http://owasp4.owasp.org/contactus.html>
>>>
>>> New Project Application Form <http://www.tfaforms.com/263506>
>>>
>>>
>>>
>>>
>>
>>
>> --
>> OWASP ZAP <https://www.owasp.org/index.php/ZAP> Project leader
>>
>
>
>
> --
>
> *Samantha Groves, MBA*
>
> *OWASP Projects Manager*
>
>
> The OWASP Foundation
>
> Phoenix, USA
>
> Email: samantha.groves at owasp.org
>
> Skype: samanthahz
>
>
> OWASP Global Projects<https://www.owasp.org/index.php/Category:OWASP_Project>
>
> Book a Meeting with Me <http://goo.gl/mZXdZ>
>
> OWASP Contact US Form <http://owasp4.owasp.org/contactus.html>
>
> New Project Application Form <http://www.tfaforms.com/263506>
>
>
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/owasp_project_leader_list/attachments/20140423/39442816/attachment-0001.html>


More information about the Owasp_project_leader_list mailing list