[Owasp_project_leader_list] OWASP Project Audits

johanna curiel curiel johanna.curiel at owasp.org
Wed Apr 23 19:41:06 UTC 2014


A few more questions, Johanna. If you are not doing the documentation
projects for the Incubator stage, who is? Any takers?

Has any sense to review experimental incubator projects? I don't think so
after all the emails regarding the purpose of these reviews and how much
time it requires to do it and that is not realistic to do it etc.

I personally like to research and test code and tool projects because I'm
a pen tester and programmer but I have no time or interest to read
documentation. And this takes also a lot of time.

I think that reviewing incubators projects contradicts what we have
mentioned regarding Project reviews.

Samantha could you clarify what is the purpose of reviewing incubators
projects, especially documentation projects?
again  I mentioned this should be done by request.



On Wed, Apr 23, 2014 at 3:34 PM, johanna curiel curiel <
johanna.curiel at owasp.org> wrote:

> Are you planning on letting the lab project leaders know you are doing
> this? I recommend at least sending them a quick message of intent. ;-) Just
> my two cents, but that is up to you.
>
> The prefer way to go is that the project leaders set their own account,
> not me.
>
> I think most lab & flagship projects are already in ohloh. I agree on
> sending a message before doing so but I can always change the account
> settings to allow project leaders manage their own accounts
>
>
> On Wed, Apr 23, 2014 at 3:31 PM, Samantha Groves <
> samantha.groves at owasp.org> wrote:
>
>> A few more questions, Johanna. If you are not doing the documentation
>> projects for the Incubator stage, who is? Any takers?
>>
>> Also, in regard to the below statement...
>>
>> *Also if project leaders are not setting an account in ohloh, it makes it
>> difficult to measure but still looking at the repository activities ,
>> mailing list for example also provides this info but it has to be done
>> manually. I'll probably start adding(LAB) OWASP projects in ohloh for the
>> purpose to gathering data metrics.*
>>
>> Are you planning on letting the lab project leaders know you are doing
>> this? I recommend at least sending them a quick message of intent. ;-) Just
>> my two cents, but that is up to you.
>>
>>
>>
>> SG
>>
>>
>>
>> On Wed, Apr 23, 2014 at 12:17 PM, Jim Manico <jim.manico at owasp.org>wrote:
>>
>>> +1 I like this direction, Johanna. :)
>>>
>>>
>>> --
>>> Jim Manico
>>> @Manicode
>>> (808) 652-3805
>>>
>>> On Apr 23, 2014, at 11:55 AM, johanna curiel curiel <
>>> johanna.curiel at owasp.org> wrote:
>>>
>>>
>>> 1. I need an as close to as possible accurate list of Active projects by
>>> the beginning of June. <-- This is what I care about the most.
>>>
>>> I'm working on cleaning inactive projects from LABS. Got 1 reaction.
>>> I'll send a reminder the coming 3 weeks, no reaction , those projects will
>>> be set as inactive.
>>> I'll foucs right now on cleaning this list
>>>
>>> 2. How we do it? I leave that up to you guys/the community.
>>>
>>> last year I worked on reviewing Incubators Tools & Code projects.The
>>> list I sent is quite accurate so far and Jim worked updating some info in
>>> it. I have no time to fill in criteria forms and I don't think this is
>>> necessary.
>>>
>>> I based my judgment on activities in the project repository. 0 activity
>>> means inactive.
>>>
>>> I'm researching why are projects becoming inactive. This is part of the
>>> pilot project.
>>>
>>> I have time to review tools & code incubator projects only.
>>>
>>> *Also if project leaders are not setting an account in ohloh, it makes
>>> it difficult to measure but still looking at the repository activities ,
>>> mailing list for example also provides this info but it has to be done
>>> manually. I'll probably start adding(LAB) OWASP projects in ohloh for the
>>> purpose to gathering data metrics.*
>>>
>>> *Since Incubators are  experiments , I'll not focus my time on them. I
>>> consider them so far a playground for experiments. *
>>>
>>> *If project leaders consider his project deserves to move from Incubator
>>> to LAB or to flagship, it will important to demonstrate WHY.*
>>>
>>> *A more intensive accurate review will be needed for this but ONLY IF
>>> REQUESTED BY THE PROJECT LEADER.*
>>>
>>>
>>>
>>>
>>>
>>>
>>>
>>>
>>>
>>>
>>> On Wed, Apr 23, 2014 at 2:28 PM, Samantha Groves <
>>> samantha.groves at owasp.org> wrote:
>>>
>>>> Great suggestion, guys. Yes, we need to take the other two into
>>>> account, as well. I am looping in Johanna as she is working on this, as
>>>> well.
>>>>
>>>> Just so we are all clear on what the end game is:
>>>>
>>>> 1. I need an as close to as possible accurate list of Active projects
>>>> by the beginning of June. <-- This is what I care about the most.
>>>> 2. How we do it? I leave that up to you guys/the community.
>>>> 3. You can use the process/documents I used in the past, but I leave
>>>> that up to this team to decide. I trust you all know what you are doing. :-)
>>>>
>>>> questions/concerns?
>>>>
>>>>
>>>>
>>>>
>>>> On Wed, Apr 23, 2014 at 12:29 AM, psiinon <psiinon at gmail.com> wrote:
>>>>
>>>>> Agreed - I was thinking more about code based projects :)
>>>>>
>>>>>
>>>>> On Tue, Apr 22, 2014 at 8:19 PM, Jim Manico <jim.manico at owasp.org>wrote:
>>>>>
>>>>>> Simon,
>>>>>>
>>>>>> It depends. A documentation project like the OWASP Top Ten gets
>>>>>> released every three years and that seems ok to me. For an active code
>>>>>> library I'd expect to see activity every month or two, similar to a
>>>>>> assessment tool.
>>>>>>
>>>>>> Tricky problem here....
>>>>>>
>>>>>> --
>>>>>> Jim Manico
>>>>>> @Manicode
>>>>>> (808) 652-3805
>>>>>>
>>>>>> On Apr 22, 2014, at 11:01 AM, Samantha Groves <
>>>>>> samantha.groves at owasp.org> wrote:
>>>>>>
>>>>>> I agree. Lets get started? Who is doing what? I can send our form to
>>>>>> the lists.
>>>>>>
>>>>>>
>>>>>> On Tue, Apr 22, 2014 at 11:00 AM, psiinon <psiinon at gmail.com> wrote:
>>>>>>
>>>>>>> I vote for a relatively aggressive approach to demoting projects.
>>>>>>> No apparent code changes, releases or home page edits in the last 12
>>>>>>> months? Email leader saying demotion is immanent. No response to email in
>>>>>>> one month? Demote.
>>>>>>> 1 email explaining why the project is still alive: keep alive for
>>>>>>> now..
>>>>>>>
>>>>>>> That should weed out a load of the deadwood!
>>>>>>>
>>>>>>> Obviously promoting projects requires a bit more effort, but ask the
>>>>>>> leaders to justify promotion as they have a vested interest in making it
>>>>>>> so, and that reduces the load on the reviewers.
>>>>>>>
>>>>>>> Cheers,
>>>>>>>
>>>>>>> Simon
>>>>>>>
>>>>>>>
>>>>>>> On Tue, Apr 22, 2014 at 6:50 PM, Jim Manico <jim.manico at owasp.org>wrote:
>>>>>>>
>>>>>>>> Samantha,
>>>>>>>>
>>>>>>>> What was the result of the previous project audit?
>>>>>>>>
>>>>>>>> My understanding is that no project has moved up or down the
>>>>>>>> project hierarchy in the past few years.
>>>>>>>>
>>>>>>>> Just curious what the endgame or goal is here.
>>>>>>>>
>>>>>>>> --
>>>>>>>> Jim Manico
>>>>>>>> @Manicode
>>>>>>>> (808) 652-3805
>>>>>>>>
>>>>>>>> On Apr 22, 2014, at 10:43 AM, Samantha Groves <
>>>>>>>> samantha.groves at owasp.org> wrote:
>>>>>>>>
>>>>>>>> Thank you guys.
>>>>>>>>
>>>>>>>> +1 I love it, and I would love it more if I had a handful of people
>>>>>>>> pitching in as I think it will go way faster. The last audit took quite a
>>>>>>>> while to do. The next one was scheduled to start in June, but we have
>>>>>>>> started early.
>>>>>>>>
>>>>>>>> For reference, this is what I did the last time:
>>>>>>>> https://docs.google.com/spreadsheet/ccc?key=0AllOCxlYdf1AdEdCYVJpdmZHaWJYZ055WHROa19qN3c&usp=sharing
>>>>>>>>
>>>>>>>> I put together the form Simon suggested:
>>>>>>>> https://docs.google.com/a/owasp.org/forms/d/14DYS3kY6P2uqJqAMd3F-cMfUPg-DXCK3sQvtggZ1gek/viewform
>>>>>>>>
>>>>>>>> Let me know what you think. We can e-mail this list, and all of the
>>>>>>>> other known active project leaders. They all have 3 weeks to respond, as
>>>>>>>> Johanna suggested. I agree with that. After that, the project is marked
>>>>>>>> inactive. How does that sound?
>>>>>>>>
>>>>>>>>
>>>>>>>>
>>>>>>>>
>>>>>>>> On Tue, Apr 22, 2014 at 7:35 AM, Matt Tesauro <
>>>>>>>> matt.tesauro at owasp.org> wrote:
>>>>>>>>
>>>>>>>>> +1
>>>>>>>>>
>>>>>>>>> I agree that a quick survey of the project leaders may help get
>>>>>>>>> enough responses so that a sorting can occur allowing more detailed audits
>>>>>>>>> of the more active projects.  If a project won't answer a short form, they
>>>>>>>>> are quite unlikely to do a few audit.  Its also possible that I'm ignorant
>>>>>>>>> of all the work you're doing on these audits.
>>>>>>>>>
>>>>>>>>> I do think you're doing awesome (and somewhat thankless) work.  I
>>>>>>>>> remember trying to herd the cats while part of the Global Project
>>>>>>>>> Committee.  It is not an easy task.  Thanks for all your awesome work so
>>>>>>>>> far.
>>>>>>>>>
>>>>>>>>>
>>>>>>>>> --
>>>>>>>>> -- Matt Tesauro
>>>>>>>>> OWASP WTE Project Lead
>>>>>>>>> http://www.owasp.org/index.php/Category:OWASP_Live_CD_Project
>>>>>>>>> http://AppSecLive.org - Community and Download site
>>>>>>>>> OWASP OpenStack Security Project Lead
>>>>>>>>> https://www.owasp.org/index.php/OWASP_OpenStack_Security_Project
>>>>>>>>>
>>>>>>>>>
>>>>>>>>> On Tue, Apr 22, 2014 at 4:33 AM, psiinon <psiinon at gmail.com>wrote:
>>>>>>>>>
>>>>>>>>>> Samantha,
>>>>>>>>>> cc OWASP Project leaders,
>>>>>>>>>>
>>>>>>>>>> Auditing all of the OWASP Projects (as per
>>>>>>>>>> https://github.com/OWASP/Projects_Task_Force/issues/2) seems to
>>>>>>>>>> be a significant undertaking, and its one I think the project leaders could
>>>>>>>>>> (and possible _should_) help with.
>>>>>>>>>>
>>>>>>>>>> How about setting up a simple form with high level questions like:
>>>>>>>>>>
>>>>>>>>>>    - Project name:
>>>>>>>>>>    - Leaders name:
>>>>>>>>>>    - Ohloh link:
>>>>>>>>>>    - Source control link (if not on Ohloh):
>>>>>>>>>>    - Is your project active? (Yes, No, Clinging on for dear life)
>>>>>>>>>>    - When was the last release?
>>>>>>>>>>    - Link to last release:
>>>>>>>>>>    - When do you think the next release will be?
>>>>>>>>>>
>>>>>>>>>> Or whatever questions you want the answers to, but something that
>>>>>>>>>> someone can fill in very quickly.
>>>>>>>>>>
>>>>>>>>>> Then ask all of the project leaders to fill that out for each of
>>>>>>>>>> their projects.
>>>>>>>>>>
>>>>>>>>>> The audit should go further than this, but at least that would be
>>>>>>>>>> really useful input which project leaders should be able to supply quite
>>>>>>>>>> easily.
>>>>>>>>>>
>>>>>>>>>> And if a leader doesnt fill in this form after being prompted a
>>>>>>>>>> couple of times then maybe we should just move it to inactive status?
>>>>>>>>>>
>>>>>>>>>> Cheers,
>>>>>>>>>>
>>>>>>>>>> Simon
>>>>>>>>>>
>>>>>>>>>> --
>>>>>>>>>> OWASP ZAP <https://www.owasp.org/index.php/ZAP> Project leader
>>>>>>>>>>
>>>>>>>>>> _______________________________________________
>>>>>>>>>> Owasp_project_leader_list mailing list
>>>>>>>>>> Owasp_project_leader_list at lists.owasp.org
>>>>>>>>>> https://lists.owasp.org/mailman/listinfo/owasp_project_leader_list
>>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>
>>>>>>>>
>>>>>>>>
>>>>>>>> --
>>>>>>>>
>>>>>>>> *Samantha Groves, MBA*
>>>>>>>>
>>>>>>>> *OWASP Projects Manager*
>>>>>>>>
>>>>>>>>
>>>>>>>> The OWASP Foundation
>>>>>>>>
>>>>>>>> Phoenix, USA
>>>>>>>>
>>>>>>>> Email: samantha.groves at owasp.org
>>>>>>>>
>>>>>>>> Skype: samanthahz
>>>>>>>>
>>>>>>>>
>>>>>>>> OWASP Global Projects<https://www.owasp.org/index.php/Category:OWASP_Project>
>>>>>>>>
>>>>>>>> Book a Meeting with Me <http://goo.gl/mZXdZ>
>>>>>>>>
>>>>>>>> OWASP Contact US Form <http://owasp4.owasp.org/contactus.html>
>>>>>>>>
>>>>>>>> New Project Application Form <http://www.tfaforms.com/263506>
>>>>>>>>
>>>>>>>>
>>>>>>>>
>>>>>>>>  _______________________________________________
>>>>>>>> Owasp_project_leader_list mailing list
>>>>>>>> Owasp_project_leader_list at lists.owasp.org
>>>>>>>> https://lists.owasp.org/mailman/listinfo/owasp_project_leader_list
>>>>>>>>
>>>>>>>>
>>>>>>>> _______________________________________________
>>>>>>>> Owasp_project_leader_list mailing list
>>>>>>>> Owasp_project_leader_list at lists.owasp.org
>>>>>>>> https://lists.owasp.org/mailman/listinfo/owasp_project_leader_list
>>>>>>>>
>>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>> --
>>>>>>> OWASP ZAP <https://www.owasp.org/index.php/ZAP> Project leader
>>>>>>>
>>>>>>
>>>>>>
>>>>>>
>>>>>> --
>>>>>>
>>>>>> *Samantha Groves, MBA*
>>>>>>
>>>>>> *OWASP Projects Manager*
>>>>>>
>>>>>>
>>>>>> The OWASP Foundation
>>>>>>
>>>>>> Phoenix, USA
>>>>>>
>>>>>> Email: samantha.groves at owasp.org
>>>>>>
>>>>>> Skype: samanthahz
>>>>>>
>>>>>>
>>>>>> OWASP Global Projects<https://www.owasp.org/index.php/Category:OWASP_Project>
>>>>>>
>>>>>> Book a Meeting with Me <http://goo.gl/mZXdZ>
>>>>>>
>>>>>> OWASP Contact US Form <http://owasp4.owasp.org/contactus.html>
>>>>>>
>>>>>> New Project Application Form <http://www.tfaforms.com/263506>
>>>>>>
>>>>>>
>>>>>>
>>>>>>
>>>>>
>>>>>
>>>>> --
>>>>> OWASP ZAP <https://www.owasp.org/index.php/ZAP> Project leader
>>>>>
>>>>
>>>>
>>>>
>>>> --
>>>>
>>>> *Samantha Groves, MBA*
>>>>
>>>> *OWASP Projects Manager*
>>>>
>>>>
>>>> The OWASP Foundation
>>>>
>>>> Phoenix, USA
>>>>
>>>> Email: samantha.groves at owasp.org
>>>>
>>>> Skype: samanthahz
>>>>
>>>>
>>>> OWASP Global Projects<https://www.owasp.org/index.php/Category:OWASP_Project>
>>>>
>>>> Book a Meeting with Me <http://goo.gl/mZXdZ>
>>>>
>>>> OWASP Contact US Form <http://owasp4.owasp.org/contactus.html>
>>>>
>>>> New Project Application Form <http://www.tfaforms.com/263506>
>>>>
>>>>
>>>>
>>>>
>>>
>>
>>
>> --
>>
>> *Samantha Groves, MBA*
>>
>> *OWASP Projects Manager*
>>
>>
>> The OWASP Foundation
>>
>> Phoenix, USA
>>
>> Email: samantha.groves at owasp.org
>>
>> Skype: samanthahz
>>
>>
>> OWASP Global Projects<https://www.owasp.org/index.php/Category:OWASP_Project>
>>
>> Book a Meeting with Me <http://goo.gl/mZXdZ>
>>
>> OWASP Contact US Form <http://owasp4.owasp.org/contactus.html>
>>
>> New Project Application Form <http://www.tfaforms.com/263506>
>>
>>
>>
>>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/owasp_project_leader_list/attachments/20140423/25cfc0a6/attachment-0001.html>


More information about the Owasp_project_leader_list mailing list