[Owasp_project_leader_list] OWASP Project Audits

Samantha Groves samantha.groves at owasp.org
Wed Apr 23 19:31:45 UTC 2014


A few more questions, Johanna. If you are not doing the documentation
projects for the Incubator stage, who is? Any takers?

Also, in regard to the below statement...

*Also if project leaders are not setting an account in ohloh, it makes it
difficult to measure but still looking at the repository activities ,
mailing list for example also provides this info but it has to be done
manually. I'll probably start adding(LAB) OWASP projects in ohloh for the
purpose to gathering data metrics.*

Are you planning on letting the lab project leaders know you are doing
this? I recommend at least sending them a quick message of intent. ;-) Just
my two cents, but that is up to you.



SG



On Wed, Apr 23, 2014 at 12:17 PM, Jim Manico <jim.manico at owasp.org> wrote:

> +1 I like this direction, Johanna. :)
>
>
> --
> Jim Manico
> @Manicode
> (808) 652-3805
>
> On Apr 23, 2014, at 11:55 AM, johanna curiel curiel <
> johanna.curiel at owasp.org> wrote:
>
>
> 1. I need an as close to as possible accurate list of Active projects by
> the beginning of June. <-- This is what I care about the most.
>
> I'm working on cleaning inactive projects from LABS. Got 1 reaction. I'll
> send a reminder the coming 3 weeks, no reaction , those projects will be
> set as inactive.
> I'll foucs right now on cleaning this list
>
> 2. How we do it? I leave that up to you guys/the community.
>
> last year I worked on reviewing Incubators Tools & Code projects.The list
> I sent is quite accurate so far and Jim worked updating some info in it. I
> have no time to fill in criteria forms and I don't think this is necessary.
>
> I based my judgment on activities in the project repository. 0 activity
> means inactive.
>
> I'm researching why are projects becoming inactive. This is part of the
> pilot project.
>
> I have time to review tools & code incubator projects only.
>
> *Also if project leaders are not setting an account in ohloh, it makes it
> difficult to measure but still looking at the repository activities ,
> mailing list for example also provides this info but it has to be done
> manually. I'll probably start adding(LAB) OWASP projects in ohloh for the
> purpose to gathering data metrics.*
>
> *Since Incubators are  experiments , I'll not focus my time on them. I
> consider them so far a playground for experiments. *
>
> *If project leaders consider his project deserves to move from Incubator
> to LAB or to flagship, it will important to demonstrate WHY.*
>
> *A more intensive accurate review will be needed for this but ONLY IF
> REQUESTED BY THE PROJECT LEADER.*
>
>
>
>
>
>
>
>
>
>
> On Wed, Apr 23, 2014 at 2:28 PM, Samantha Groves <
> samantha.groves at owasp.org> wrote:
>
>> Great suggestion, guys. Yes, we need to take the other two into account,
>> as well. I am looping in Johanna as she is working on this, as well.
>>
>> Just so we are all clear on what the end game is:
>>
>> 1. I need an as close to as possible accurate list of Active projects by
>> the beginning of June. <-- This is what I care about the most.
>> 2. How we do it? I leave that up to you guys/the community.
>> 3. You can use the process/documents I used in the past, but I leave that
>> up to this team to decide. I trust you all know what you are doing. :-)
>>
>> questions/concerns?
>>
>>
>>
>>
>> On Wed, Apr 23, 2014 at 12:29 AM, psiinon <psiinon at gmail.com> wrote:
>>
>>> Agreed - I was thinking more about code based projects :)
>>>
>>>
>>> On Tue, Apr 22, 2014 at 8:19 PM, Jim Manico <jim.manico at owasp.org>wrote:
>>>
>>>> Simon,
>>>>
>>>> It depends. A documentation project like the OWASP Top Ten gets
>>>> released every three years and that seems ok to me. For an active code
>>>> library I'd expect to see activity every month or two, similar to a
>>>> assessment tool.
>>>>
>>>> Tricky problem here....
>>>>
>>>> --
>>>> Jim Manico
>>>> @Manicode
>>>> (808) 652-3805
>>>>
>>>> On Apr 22, 2014, at 11:01 AM, Samantha Groves <
>>>> samantha.groves at owasp.org> wrote:
>>>>
>>>> I agree. Lets get started? Who is doing what? I can send our form to
>>>> the lists.
>>>>
>>>>
>>>> On Tue, Apr 22, 2014 at 11:00 AM, psiinon <psiinon at gmail.com> wrote:
>>>>
>>>>> I vote for a relatively aggressive approach to demoting projects.
>>>>> No apparent code changes, releases or home page edits in the last 12
>>>>> months? Email leader saying demotion is immanent. No response to email in
>>>>> one month? Demote.
>>>>> 1 email explaining why the project is still alive: keep alive for now..
>>>>>
>>>>> That should weed out a load of the deadwood!
>>>>>
>>>>> Obviously promoting projects requires a bit more effort, but ask the
>>>>> leaders to justify promotion as they have a vested interest in making it
>>>>> so, and that reduces the load on the reviewers.
>>>>>
>>>>> Cheers,
>>>>>
>>>>> Simon
>>>>>
>>>>>
>>>>> On Tue, Apr 22, 2014 at 6:50 PM, Jim Manico <jim.manico at owasp.org>wrote:
>>>>>
>>>>>> Samantha,
>>>>>>
>>>>>> What was the result of the previous project audit?
>>>>>>
>>>>>> My understanding is that no project has moved up or down the project
>>>>>> hierarchy in the past few years.
>>>>>>
>>>>>> Just curious what the endgame or goal is here.
>>>>>>
>>>>>> --
>>>>>> Jim Manico
>>>>>> @Manicode
>>>>>> (808) 652-3805
>>>>>>
>>>>>> On Apr 22, 2014, at 10:43 AM, Samantha Groves <
>>>>>> samantha.groves at owasp.org> wrote:
>>>>>>
>>>>>> Thank you guys.
>>>>>>
>>>>>> +1 I love it, and I would love it more if I had a handful of people
>>>>>> pitching in as I think it will go way faster. The last audit took quite a
>>>>>> while to do. The next one was scheduled to start in June, but we have
>>>>>> started early.
>>>>>>
>>>>>> For reference, this is what I did the last time:
>>>>>> https://docs.google.com/spreadsheet/ccc?key=0AllOCxlYdf1AdEdCYVJpdmZHaWJYZ055WHROa19qN3c&usp=sharing
>>>>>>
>>>>>> I put together the form Simon suggested:
>>>>>> https://docs.google.com/a/owasp.org/forms/d/14DYS3kY6P2uqJqAMd3F-cMfUPg-DXCK3sQvtggZ1gek/viewform
>>>>>>
>>>>>> Let me know what you think. We can e-mail this list, and all of the
>>>>>> other known active project leaders. They all have 3 weeks to respond, as
>>>>>> Johanna suggested. I agree with that. After that, the project is marked
>>>>>> inactive. How does that sound?
>>>>>>
>>>>>>
>>>>>>
>>>>>>
>>>>>> On Tue, Apr 22, 2014 at 7:35 AM, Matt Tesauro <matt.tesauro at owasp.org
>>>>>> > wrote:
>>>>>>
>>>>>>> +1
>>>>>>>
>>>>>>> I agree that a quick survey of the project leaders may help get
>>>>>>> enough responses so that a sorting can occur allowing more detailed audits
>>>>>>> of the more active projects.  If a project won't answer a short form, they
>>>>>>> are quite unlikely to do a few audit.  Its also possible that I'm ignorant
>>>>>>> of all the work you're doing on these audits.
>>>>>>>
>>>>>>> I do think you're doing awesome (and somewhat thankless) work.  I
>>>>>>> remember trying to herd the cats while part of the Global Project
>>>>>>> Committee.  It is not an easy task.  Thanks for all your awesome work so
>>>>>>> far.
>>>>>>>
>>>>>>>
>>>>>>> --
>>>>>>> -- Matt Tesauro
>>>>>>> OWASP WTE Project Lead
>>>>>>> http://www.owasp.org/index.php/Category:OWASP_Live_CD_Project
>>>>>>> http://AppSecLive.org - Community and Download site
>>>>>>> OWASP OpenStack Security Project Lead
>>>>>>> https://www.owasp.org/index.php/OWASP_OpenStack_Security_Project
>>>>>>>
>>>>>>>
>>>>>>> On Tue, Apr 22, 2014 at 4:33 AM, psiinon <psiinon at gmail.com> wrote:
>>>>>>>
>>>>>>>> Samantha,
>>>>>>>> cc OWASP Project leaders,
>>>>>>>>
>>>>>>>> Auditing all of the OWASP Projects (as per
>>>>>>>> https://github.com/OWASP/Projects_Task_Force/issues/2) seems to be
>>>>>>>> a significant undertaking, and its one I think the project leaders could
>>>>>>>> (and possible _should_) help with.
>>>>>>>>
>>>>>>>> How about setting up a simple form with high level questions like:
>>>>>>>>
>>>>>>>>    - Project name:
>>>>>>>>    - Leaders name:
>>>>>>>>    - Ohloh link:
>>>>>>>>    - Source control link (if not on Ohloh):
>>>>>>>>    - Is your project active? (Yes, No, Clinging on for dear life)
>>>>>>>>    - When was the last release?
>>>>>>>>    - Link to last release:
>>>>>>>>    - When do you think the next release will be?
>>>>>>>>
>>>>>>>> Or whatever questions you want the answers to, but something that
>>>>>>>> someone can fill in very quickly.
>>>>>>>>
>>>>>>>> Then ask all of the project leaders to fill that out for each of
>>>>>>>> their projects.
>>>>>>>>
>>>>>>>> The audit should go further than this, but at least that would be
>>>>>>>> really useful input which project leaders should be able to supply quite
>>>>>>>> easily.
>>>>>>>>
>>>>>>>> And if a leader doesnt fill in this form after being prompted a
>>>>>>>> couple of times then maybe we should just move it to inactive status?
>>>>>>>>
>>>>>>>> Cheers,
>>>>>>>>
>>>>>>>> Simon
>>>>>>>>
>>>>>>>> --
>>>>>>>> OWASP ZAP <https://www.owasp.org/index.php/ZAP> Project leader
>>>>>>>>
>>>>>>>> _______________________________________________
>>>>>>>> Owasp_project_leader_list mailing list
>>>>>>>> Owasp_project_leader_list at lists.owasp.org
>>>>>>>> https://lists.owasp.org/mailman/listinfo/owasp_project_leader_list
>>>>>>>>
>>>>>>>>
>>>>>>>
>>>>>>
>>>>>>
>>>>>> --
>>>>>>
>>>>>> *Samantha Groves, MBA*
>>>>>>
>>>>>> *OWASP Projects Manager*
>>>>>>
>>>>>>
>>>>>> The OWASP Foundation
>>>>>>
>>>>>> Phoenix, USA
>>>>>>
>>>>>> Email: samantha.groves at owasp.org
>>>>>>
>>>>>> Skype: samanthahz
>>>>>>
>>>>>>
>>>>>> OWASP Global Projects<https://www.owasp.org/index.php/Category:OWASP_Project>
>>>>>>
>>>>>> Book a Meeting with Me <http://goo.gl/mZXdZ>
>>>>>>
>>>>>> OWASP Contact US Form <http://owasp4.owasp.org/contactus.html>
>>>>>>
>>>>>> New Project Application Form <http://www.tfaforms.com/263506>
>>>>>>
>>>>>>
>>>>>>
>>>>>>  _______________________________________________
>>>>>> Owasp_project_leader_list mailing list
>>>>>> Owasp_project_leader_list at lists.owasp.org
>>>>>> https://lists.owasp.org/mailman/listinfo/owasp_project_leader_list
>>>>>>
>>>>>>
>>>>>> _______________________________________________
>>>>>> Owasp_project_leader_list mailing list
>>>>>> Owasp_project_leader_list at lists.owasp.org
>>>>>> https://lists.owasp.org/mailman/listinfo/owasp_project_leader_list
>>>>>>
>>>>>>
>>>>>
>>>>>
>>>>> --
>>>>> OWASP ZAP <https://www.owasp.org/index.php/ZAP> Project leader
>>>>>
>>>>
>>>>
>>>>
>>>> --
>>>>
>>>> *Samantha Groves, MBA*
>>>>
>>>> *OWASP Projects Manager*
>>>>
>>>>
>>>> The OWASP Foundation
>>>>
>>>> Phoenix, USA
>>>>
>>>> Email: samantha.groves at owasp.org
>>>>
>>>> Skype: samanthahz
>>>>
>>>>
>>>> OWASP Global Projects<https://www.owasp.org/index.php/Category:OWASP_Project>
>>>>
>>>> Book a Meeting with Me <http://goo.gl/mZXdZ>
>>>>
>>>> OWASP Contact US Form <http://owasp4.owasp.org/contactus.html>
>>>>
>>>> New Project Application Form <http://www.tfaforms.com/263506>
>>>>
>>>>
>>>>
>>>>
>>>
>>>
>>> --
>>> OWASP ZAP <https://www.owasp.org/index.php/ZAP> Project leader
>>>
>>
>>
>>
>> --
>>
>> *Samantha Groves, MBA*
>>
>> *OWASP Projects Manager*
>>
>>
>> The OWASP Foundation
>>
>> Phoenix, USA
>>
>> Email: samantha.groves at owasp.org
>>
>> Skype: samanthahz
>>
>>
>> OWASP Global Projects<https://www.owasp.org/index.php/Category:OWASP_Project>
>>
>> Book a Meeting with Me <http://goo.gl/mZXdZ>
>>
>> OWASP Contact US Form <http://owasp4.owasp.org/contactus.html>
>>
>> New Project Application Form <http://www.tfaforms.com/263506>
>>
>>
>>
>>
>


-- 

*Samantha Groves, MBA*

*OWASP Projects Manager*


The OWASP Foundation

Phoenix, USA

Email: samantha.groves at owasp.org

Skype: samanthahz


OWASP Global Projects<https://www.owasp.org/index.php/Category:OWASP_Project>

Book a Meeting with Me <http://goo.gl/mZXdZ>

OWASP Contact US Form <http://owasp4.owasp.org/contactus.html>

New Project Application Form <http://www.tfaforms.com/263506>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/owasp_project_leader_list/attachments/20140423/b11266d3/attachment-0001.html>


More information about the Owasp_project_leader_list mailing list