[Owasp_project_leader_list] OWASP Project Audits

johanna curiel curiel johanna.curiel at owasp.org
Wed Apr 23 19:27:04 UTC 2014


Can you re-send the list? I want to make sure we are talking about the same
thing.
https://docs.google.com/a/owasp.org/spreadsheet/ccc?key=0Am8S4R_cON7JdC1DMEVqS2VnZUM3R0x1Y2U1NzQyNXc&usp=drive_web#gid=0

To confirm, you only looked at Tool and Code Projects that are Incubators?
Yes

Did you review them based on quality or activity?
Activity and quality based on their documentation on how to install the
projects and the releases, versioning, testing etc.

If activity, did you both ask any of the Leaders about their activity? If
so, did they confirm their activity or inactivity?
We sent an email weeks ago about it. Jim reacted and a couple of Project
leaders. Many didn't.



On Wed, Apr 23, 2014 at 3:17 PM, Jim Manico <jim.manico at owasp.org> wrote:

> +1 I like this direction, Johanna. :)
>
>
> --
> Jim Manico
> @Manicode
> (808) 652-3805
>
> On Apr 23, 2014, at 11:55 AM, johanna curiel curiel <
> johanna.curiel at owasp.org> wrote:
>
>
> 1. I need an as close to as possible accurate list of Active projects by
> the beginning of June. <-- This is what I care about the most.
>
> I'm working on cleaning inactive projects from LABS. Got 1 reaction. I'll
> send a reminder the coming 3 weeks, no reaction , those projects will be
> set as inactive.
> I'll foucs right now on cleaning this list
>
> 2. How we do it? I leave that up to you guys/the community.
>
> last year I worked on reviewing Incubators Tools & Code projects.The list
> I sent is quite accurate so far and Jim worked updating some info in it. I
> have no time to fill in criteria forms and I don't think this is necessary.
>
> I based my judgment on activities in the project repository. 0 activity
> means inactive.
>
> I'm researching why are projects becoming inactive. This is part of the
> pilot project.
>
> I have time to review tools & code incubator projects only.
>
> *Also if project leaders are not setting an account in ohloh, it makes it
> difficult to measure but still looking at the repository activities ,
> mailing list for example also provides this info but it has to be done
> manually. I'll probably start adding(LAB) OWASP projects in ohloh for the
> purpose to gathering data metrics.*
>
> *Since Incubators are  experiments , I'll not focus my time on them. I
> consider them so far a playground for experiments. *
>
> *If project leaders consider his project deserves to move from Incubator
> to LAB or to flagship, it will important to demonstrate WHY.*
>
> *A more intensive accurate review will be needed for this but ONLY IF
> REQUESTED BY THE PROJECT LEADER.*
>
>
>
>
>
>
>
>
>
>
> On Wed, Apr 23, 2014 at 2:28 PM, Samantha Groves <
> samantha.groves at owasp.org> wrote:
>
>> Great suggestion, guys. Yes, we need to take the other two into account,
>> as well. I am looping in Johanna as she is working on this, as well.
>>
>> Just so we are all clear on what the end game is:
>>
>> 1. I need an as close to as possible accurate list of Active projects by
>> the beginning of June. <-- This is what I care about the most.
>> 2. How we do it? I leave that up to you guys/the community.
>> 3. You can use the process/documents I used in the past, but I leave that
>> up to this team to decide. I trust you all know what you are doing. :-)
>>
>> questions/concerns?
>>
>>
>>
>>
>> On Wed, Apr 23, 2014 at 12:29 AM, psiinon <psiinon at gmail.com> wrote:
>>
>>> Agreed - I was thinking more about code based projects :)
>>>
>>>
>>> On Tue, Apr 22, 2014 at 8:19 PM, Jim Manico <jim.manico at owasp.org>wrote:
>>>
>>>> Simon,
>>>>
>>>> It depends. A documentation project like the OWASP Top Ten gets
>>>> released every three years and that seems ok to me. For an active code
>>>> library I'd expect to see activity every month or two, similar to a
>>>> assessment tool.
>>>>
>>>> Tricky problem here....
>>>>
>>>> --
>>>> Jim Manico
>>>> @Manicode
>>>> (808) 652-3805
>>>>
>>>> On Apr 22, 2014, at 11:01 AM, Samantha Groves <
>>>> samantha.groves at owasp.org> wrote:
>>>>
>>>> I agree. Lets get started? Who is doing what? I can send our form to
>>>> the lists.
>>>>
>>>>
>>>> On Tue, Apr 22, 2014 at 11:00 AM, psiinon <psiinon at gmail.com> wrote:
>>>>
>>>>> I vote for a relatively aggressive approach to demoting projects.
>>>>> No apparent code changes, releases or home page edits in the last 12
>>>>> months? Email leader saying demotion is immanent. No response to email in
>>>>> one month? Demote.
>>>>> 1 email explaining why the project is still alive: keep alive for now..
>>>>>
>>>>> That should weed out a load of the deadwood!
>>>>>
>>>>> Obviously promoting projects requires a bit more effort, but ask the
>>>>> leaders to justify promotion as they have a vested interest in making it
>>>>> so, and that reduces the load on the reviewers.
>>>>>
>>>>> Cheers,
>>>>>
>>>>> Simon
>>>>>
>>>>>
>>>>> On Tue, Apr 22, 2014 at 6:50 PM, Jim Manico <jim.manico at owasp.org>wrote:
>>>>>
>>>>>> Samantha,
>>>>>>
>>>>>> What was the result of the previous project audit?
>>>>>>
>>>>>> My understanding is that no project has moved up or down the project
>>>>>> hierarchy in the past few years.
>>>>>>
>>>>>> Just curious what the endgame or goal is here.
>>>>>>
>>>>>> --
>>>>>> Jim Manico
>>>>>> @Manicode
>>>>>> (808) 652-3805
>>>>>>
>>>>>> On Apr 22, 2014, at 10:43 AM, Samantha Groves <
>>>>>> samantha.groves at owasp.org> wrote:
>>>>>>
>>>>>> Thank you guys.
>>>>>>
>>>>>> +1 I love it, and I would love it more if I had a handful of people
>>>>>> pitching in as I think it will go way faster. The last audit took quite a
>>>>>> while to do. The next one was scheduled to start in June, but we have
>>>>>> started early.
>>>>>>
>>>>>> For reference, this is what I did the last time:
>>>>>> https://docs.google.com/spreadsheet/ccc?key=0AllOCxlYdf1AdEdCYVJpdmZHaWJYZ055WHROa19qN3c&usp=sharing
>>>>>>
>>>>>> I put together the form Simon suggested:
>>>>>> https://docs.google.com/a/owasp.org/forms/d/14DYS3kY6P2uqJqAMd3F-cMfUPg-DXCK3sQvtggZ1gek/viewform
>>>>>>
>>>>>> Let me know what you think. We can e-mail this list, and all of the
>>>>>> other known active project leaders. They all have 3 weeks to respond, as
>>>>>> Johanna suggested. I agree with that. After that, the project is marked
>>>>>> inactive. How does that sound?
>>>>>>
>>>>>>
>>>>>>
>>>>>>
>>>>>> On Tue, Apr 22, 2014 at 7:35 AM, Matt Tesauro <matt.tesauro at owasp.org
>>>>>> > wrote:
>>>>>>
>>>>>>> +1
>>>>>>>
>>>>>>> I agree that a quick survey of the project leaders may help get
>>>>>>> enough responses so that a sorting can occur allowing more detailed audits
>>>>>>> of the more active projects.  If a project won't answer a short form, they
>>>>>>> are quite unlikely to do a few audit.  Its also possible that I'm ignorant
>>>>>>> of all the work you're doing on these audits.
>>>>>>>
>>>>>>> I do think you're doing awesome (and somewhat thankless) work.  I
>>>>>>> remember trying to herd the cats while part of the Global Project
>>>>>>> Committee.  It is not an easy task.  Thanks for all your awesome work so
>>>>>>> far.
>>>>>>>
>>>>>>>
>>>>>>> --
>>>>>>> -- Matt Tesauro
>>>>>>> OWASP WTE Project Lead
>>>>>>> http://www.owasp.org/index.php/Category:OWASP_Live_CD_Project
>>>>>>> http://AppSecLive.org - Community and Download site
>>>>>>> OWASP OpenStack Security Project Lead
>>>>>>> https://www.owasp.org/index.php/OWASP_OpenStack_Security_Project
>>>>>>>
>>>>>>>
>>>>>>> On Tue, Apr 22, 2014 at 4:33 AM, psiinon <psiinon at gmail.com> wrote:
>>>>>>>
>>>>>>>> Samantha,
>>>>>>>> cc OWASP Project leaders,
>>>>>>>>
>>>>>>>> Auditing all of the OWASP Projects (as per
>>>>>>>> https://github.com/OWASP/Projects_Task_Force/issues/2) seems to be
>>>>>>>> a significant undertaking, and its one I think the project leaders could
>>>>>>>> (and possible _should_) help with.
>>>>>>>>
>>>>>>>> How about setting up a simple form with high level questions like:
>>>>>>>>
>>>>>>>>    - Project name:
>>>>>>>>    - Leaders name:
>>>>>>>>    - Ohloh link:
>>>>>>>>    - Source control link (if not on Ohloh):
>>>>>>>>    - Is your project active? (Yes, No, Clinging on for dear life)
>>>>>>>>    - When was the last release?
>>>>>>>>    - Link to last release:
>>>>>>>>    - When do you think the next release will be?
>>>>>>>>
>>>>>>>> Or whatever questions you want the answers to, but something that
>>>>>>>> someone can fill in very quickly.
>>>>>>>>
>>>>>>>> Then ask all of the project leaders to fill that out for each of
>>>>>>>> their projects.
>>>>>>>>
>>>>>>>> The audit should go further than this, but at least that would be
>>>>>>>> really useful input which project leaders should be able to supply quite
>>>>>>>> easily.
>>>>>>>>
>>>>>>>> And if a leader doesnt fill in this form after being prompted a
>>>>>>>> couple of times then maybe we should just move it to inactive status?
>>>>>>>>
>>>>>>>> Cheers,
>>>>>>>>
>>>>>>>> Simon
>>>>>>>>
>>>>>>>> --
>>>>>>>> OWASP ZAP <https://www.owasp.org/index.php/ZAP> Project leader
>>>>>>>>
>>>>>>>> _______________________________________________
>>>>>>>> Owasp_project_leader_list mailing list
>>>>>>>> Owasp_project_leader_list at lists.owasp.org
>>>>>>>> https://lists.owasp.org/mailman/listinfo/owasp_project_leader_list
>>>>>>>>
>>>>>>>>
>>>>>>>
>>>>>>
>>>>>>
>>>>>> --
>>>>>>
>>>>>> *Samantha Groves, MBA*
>>>>>>
>>>>>> *OWASP Projects Manager*
>>>>>>
>>>>>>
>>>>>> The OWASP Foundation
>>>>>>
>>>>>> Phoenix, USA
>>>>>>
>>>>>> Email: samantha.groves at owasp.org
>>>>>>
>>>>>> Skype: samanthahz
>>>>>>
>>>>>>
>>>>>> OWASP Global Projects<https://www.owasp.org/index.php/Category:OWASP_Project>
>>>>>>
>>>>>> Book a Meeting with Me <http://goo.gl/mZXdZ>
>>>>>>
>>>>>> OWASP Contact US Form <http://owasp4.owasp.org/contactus.html>
>>>>>>
>>>>>> New Project Application Form <http://www.tfaforms.com/263506>
>>>>>>
>>>>>>
>>>>>>
>>>>>>  _______________________________________________
>>>>>> Owasp_project_leader_list mailing list
>>>>>> Owasp_project_leader_list at lists.owasp.org
>>>>>> https://lists.owasp.org/mailman/listinfo/owasp_project_leader_list
>>>>>>
>>>>>>
>>>>>> _______________________________________________
>>>>>> Owasp_project_leader_list mailing list
>>>>>> Owasp_project_leader_list at lists.owasp.org
>>>>>> https://lists.owasp.org/mailman/listinfo/owasp_project_leader_list
>>>>>>
>>>>>>
>>>>>
>>>>>
>>>>> --
>>>>> OWASP ZAP <https://www.owasp.org/index.php/ZAP> Project leader
>>>>>
>>>>
>>>>
>>>>
>>>> --
>>>>
>>>> *Samantha Groves, MBA*
>>>>
>>>> *OWASP Projects Manager*
>>>>
>>>>
>>>> The OWASP Foundation
>>>>
>>>> Phoenix, USA
>>>>
>>>> Email: samantha.groves at owasp.org
>>>>
>>>> Skype: samanthahz
>>>>
>>>>
>>>> OWASP Global Projects<https://www.owasp.org/index.php/Category:OWASP_Project>
>>>>
>>>> Book a Meeting with Me <http://goo.gl/mZXdZ>
>>>>
>>>> OWASP Contact US Form <http://owasp4.owasp.org/contactus.html>
>>>>
>>>> New Project Application Form <http://www.tfaforms.com/263506>
>>>>
>>>>
>>>>
>>>>
>>>
>>>
>>> --
>>> OWASP ZAP <https://www.owasp.org/index.php/ZAP> Project leader
>>>
>>
>>
>>
>> --
>>
>> *Samantha Groves, MBA*
>>
>> *OWASP Projects Manager*
>>
>>
>> The OWASP Foundation
>>
>> Phoenix, USA
>>
>> Email: samantha.groves at owasp.org
>>
>> Skype: samanthahz
>>
>>
>> OWASP Global Projects<https://www.owasp.org/index.php/Category:OWASP_Project>
>>
>> Book a Meeting with Me <http://goo.gl/mZXdZ>
>>
>> OWASP Contact US Form <http://owasp4.owasp.org/contactus.html>
>>
>> New Project Application Form <http://www.tfaforms.com/263506>
>>
>>
>>
>>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/owasp_project_leader_list/attachments/20140423/ac5aef8d/attachment-0001.html>


More information about the Owasp_project_leader_list mailing list