[Owasp_project_leader_list] OWASP Project Audits

Samantha Groves samantha.groves at owasp.org
Wed Apr 23 19:56:11 UTC 2014


Yes, agreed. I would do it for Labs and current Flagships. We should get
more help for this. Incubators, can do it on their own if they would like.
I don't think it should be mandatory for them. Objections?


On Wed, Apr 23, 2014 at 12:44 PM, johanna curiel curiel <
johanna.curiel at owasp.org> wrote:

> Setting on an ohloh account takes only 5 minutes
>
> I don't think this is much too ask.
>
> But If I alone have to do  5 min x 100 projects then we are talking about
> spending some quite  time that I think project leaders should do
>
> that's why I'm doing this only for labs.
>
> regards
>
> Johanna
>
>
> On Wed, Apr 23, 2014 at 3:41 PM, johanna curiel curiel <
> johanna.curiel at owasp.org> wrote:
>
>> A few more questions, Johanna. If you are not doing the documentation
>> projects for the Incubator stage, who is? Any takers?
>>
>> Has any sense to review experimental incubator projects? I don't think so
>> after all the emails regarding the purpose of these reviews and how much
>> time it requires to do it and that is not realistic to do it etc.
>>
>> I personally like to research and test code and tool projects because I'm
>> a pen tester and programmer but I have no time or interest to read
>> documentation. And this takes also a lot of time.
>>
>> I think that reviewing incubators projects contradicts what we have
>> mentioned regarding Project reviews.
>>
>> Samantha could you clarify what is the purpose of reviewing incubators
>> projects, especially documentation projects?
>> again  I mentioned this should be done by request.
>>
>>
>>
>> On Wed, Apr 23, 2014 at 3:34 PM, johanna curiel curiel <
>> johanna.curiel at owasp.org> wrote:
>>
>>> Are you planning on letting the lab project leaders know you are doing
>>> this? I recommend at least sending them a quick message of intent. ;-) Just
>>> my two cents, but that is up to you.
>>>
>>> The prefer way to go is that the project leaders set their own account,
>>> not me.
>>>
>>> I think most lab & flagship projects are already in ohloh. I agree on
>>> sending a message before doing so but I can always change the account
>>> settings to allow project leaders manage their own accounts
>>>
>>>
>>> On Wed, Apr 23, 2014 at 3:31 PM, Samantha Groves <
>>> samantha.groves at owasp.org> wrote:
>>>
>>>> A few more questions, Johanna. If you are not doing the documentation
>>>> projects for the Incubator stage, who is? Any takers?
>>>>
>>>> Also, in regard to the below statement...
>>>>
>>>> *Also if project leaders are not setting an account in ohloh, it makes
>>>> it difficult to measure but still looking at the repository activities ,
>>>> mailing list for example also provides this info but it has to be done
>>>> manually. I'll probably start adding(LAB) OWASP projects in ohloh for the
>>>> purpose to gathering data metrics.*
>>>>
>>>> Are you planning on letting the lab project leaders know you are doing
>>>> this? I recommend at least sending them a quick message of intent. ;-) Just
>>>> my two cents, but that is up to you.
>>>>
>>>>
>>>>
>>>> SG
>>>>
>>>>
>>>>
>>>> On Wed, Apr 23, 2014 at 12:17 PM, Jim Manico <jim.manico at owasp.org>wrote:
>>>>
>>>>> +1 I like this direction, Johanna. :)
>>>>>
>>>>>
>>>>> --
>>>>> Jim Manico
>>>>> @Manicode
>>>>> (808) 652-3805
>>>>>
>>>>> On Apr 23, 2014, at 11:55 AM, johanna curiel curiel <
>>>>> johanna.curiel at owasp.org> wrote:
>>>>>
>>>>>
>>>>> 1. I need an as close to as possible accurate list of Active projects
>>>>> by the beginning of June. <-- This is what I care about the most.
>>>>>
>>>>> I'm working on cleaning inactive projects from LABS. Got 1 reaction.
>>>>> I'll send a reminder the coming 3 weeks, no reaction , those projects will
>>>>> be set as inactive.
>>>>> I'll foucs right now on cleaning this list
>>>>>
>>>>> 2. How we do it? I leave that up to you guys/the community.
>>>>>
>>>>> last year I worked on reviewing Incubators Tools & Code projects.The
>>>>> list I sent is quite accurate so far and Jim worked updating some info in
>>>>> it. I have no time to fill in criteria forms and I don't think this is
>>>>> necessary.
>>>>>
>>>>> I based my judgment on activities in the project repository. 0
>>>>> activity means inactive.
>>>>>
>>>>> I'm researching why are projects becoming inactive. This is part of
>>>>> the pilot project.
>>>>>
>>>>> I have time to review tools & code incubator projects only.
>>>>>
>>>>> *Also if project leaders are not setting an account in ohloh, it makes
>>>>> it difficult to measure but still looking at the repository activities ,
>>>>> mailing list for example also provides this info but it has to be done
>>>>> manually. I'll probably start adding(LAB) OWASP projects in ohloh for the
>>>>> purpose to gathering data metrics.*
>>>>>
>>>>> *Since Incubators are  experiments , I'll not focus my time on them. I
>>>>> consider them so far a playground for experiments. *
>>>>>
>>>>> *If project leaders consider his project deserves to move from
>>>>> Incubator to LAB or to flagship, it will important to demonstrate WHY.*
>>>>>
>>>>> *A more intensive accurate review will be needed for this but ONLY IF
>>>>> REQUESTED BY THE PROJECT LEADER.*
>>>>>
>>>>>
>>>>>
>>>>>
>>>>>
>>>>>
>>>>>
>>>>>
>>>>>
>>>>>
>>>>> On Wed, Apr 23, 2014 at 2:28 PM, Samantha Groves <
>>>>> samantha.groves at owasp.org> wrote:
>>>>>
>>>>>> Great suggestion, guys. Yes, we need to take the other two into
>>>>>> account, as well. I am looping in Johanna as she is working on this, as
>>>>>> well.
>>>>>>
>>>>>> Just so we are all clear on what the end game is:
>>>>>>
>>>>>> 1. I need an as close to as possible accurate list of Active projects
>>>>>> by the beginning of June. <-- This is what I care about the most.
>>>>>> 2. How we do it? I leave that up to you guys/the community.
>>>>>> 3. You can use the process/documents I used in the past, but I leave
>>>>>> that up to this team to decide. I trust you all know what you are doing. :-)
>>>>>>
>>>>>> questions/concerns?
>>>>>>
>>>>>>
>>>>>>
>>>>>>
>>>>>> On Wed, Apr 23, 2014 at 12:29 AM, psiinon <psiinon at gmail.com> wrote:
>>>>>>
>>>>>>> Agreed - I was thinking more about code based projects :)
>>>>>>>
>>>>>>>
>>>>>>> On Tue, Apr 22, 2014 at 8:19 PM, Jim Manico <jim.manico at owasp.org>wrote:
>>>>>>>
>>>>>>>> Simon,
>>>>>>>>
>>>>>>>> It depends. A documentation project like the OWASP Top Ten gets
>>>>>>>> released every three years and that seems ok to me. For an active code
>>>>>>>> library I'd expect to see activity every month or two, similar to a
>>>>>>>> assessment tool.
>>>>>>>>
>>>>>>>> Tricky problem here....
>>>>>>>>
>>>>>>>> --
>>>>>>>> Jim Manico
>>>>>>>> @Manicode
>>>>>>>> (808) 652-3805
>>>>>>>>
>>>>>>>> On Apr 22, 2014, at 11:01 AM, Samantha Groves <
>>>>>>>> samantha.groves at owasp.org> wrote:
>>>>>>>>
>>>>>>>> I agree. Lets get started? Who is doing what? I can send our form
>>>>>>>> to the lists.
>>>>>>>>
>>>>>>>>
>>>>>>>> On Tue, Apr 22, 2014 at 11:00 AM, psiinon <psiinon at gmail.com>wrote:
>>>>>>>>
>>>>>>>>> I vote for a relatively aggressive approach to demoting projects.
>>>>>>>>> No apparent code changes, releases or home page edits in the last
>>>>>>>>> 12 months? Email leader saying demotion is immanent. No response to email
>>>>>>>>> in one month? Demote.
>>>>>>>>> 1 email explaining why the project is still alive: keep alive for
>>>>>>>>> now..
>>>>>>>>>
>>>>>>>>> That should weed out a load of the deadwood!
>>>>>>>>>
>>>>>>>>> Obviously promoting projects requires a bit more effort, but ask
>>>>>>>>> the leaders to justify promotion as they have a vested interest in making
>>>>>>>>> it so, and that reduces the load on the reviewers.
>>>>>>>>>
>>>>>>>>> Cheers,
>>>>>>>>>
>>>>>>>>> Simon
>>>>>>>>>
>>>>>>>>>
>>>>>>>>> On Tue, Apr 22, 2014 at 6:50 PM, Jim Manico <jim.manico at owasp.org>wrote:
>>>>>>>>>
>>>>>>>>>> Samantha,
>>>>>>>>>>
>>>>>>>>>> What was the result of the previous project audit?
>>>>>>>>>>
>>>>>>>>>> My understanding is that no project has moved up or down the
>>>>>>>>>> project hierarchy in the past few years.
>>>>>>>>>>
>>>>>>>>>> Just curious what the endgame or goal is here.
>>>>>>>>>>
>>>>>>>>>> --
>>>>>>>>>> Jim Manico
>>>>>>>>>> @Manicode
>>>>>>>>>> (808) 652-3805
>>>>>>>>>>
>>>>>>>>>> On Apr 22, 2014, at 10:43 AM, Samantha Groves <
>>>>>>>>>> samantha.groves at owasp.org> wrote:
>>>>>>>>>>
>>>>>>>>>> Thank you guys.
>>>>>>>>>>
>>>>>>>>>> +1 I love it, and I would love it more if I had a handful of
>>>>>>>>>> people pitching in as I think it will go way faster. The last audit took
>>>>>>>>>> quite a while to do. The next one was scheduled to start in June, but we
>>>>>>>>>> have started early.
>>>>>>>>>>
>>>>>>>>>> For reference, this is what I did the last time:
>>>>>>>>>> https://docs.google.com/spreadsheet/ccc?key=0AllOCxlYdf1AdEdCYVJpdmZHaWJYZ055WHROa19qN3c&usp=sharing
>>>>>>>>>>
>>>>>>>>>> I put together the form Simon suggested:
>>>>>>>>>> https://docs.google.com/a/owasp.org/forms/d/14DYS3kY6P2uqJqAMd3F-cMfUPg-DXCK3sQvtggZ1gek/viewform
>>>>>>>>>>
>>>>>>>>>> Let me know what you think. We can e-mail this list, and all of
>>>>>>>>>> the other known active project leaders. They all have 3 weeks to respond,
>>>>>>>>>> as Johanna suggested. I agree with that. After that, the project is marked
>>>>>>>>>> inactive. How does that sound?
>>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>> On Tue, Apr 22, 2014 at 7:35 AM, Matt Tesauro <
>>>>>>>>>> matt.tesauro at owasp.org> wrote:
>>>>>>>>>>
>>>>>>>>>>> +1
>>>>>>>>>>>
>>>>>>>>>>> I agree that a quick survey of the project leaders may help get
>>>>>>>>>>> enough responses so that a sorting can occur allowing more detailed audits
>>>>>>>>>>> of the more active projects.  If a project won't answer a short form, they
>>>>>>>>>>> are quite unlikely to do a few audit.  Its also possible that I'm ignorant
>>>>>>>>>>> of all the work you're doing on these audits.
>>>>>>>>>>>
>>>>>>>>>>> I do think you're doing awesome (and somewhat thankless) work.
>>>>>>>>>>>  I remember trying to herd the cats while part of the Global Project
>>>>>>>>>>> Committee.  It is not an easy task.  Thanks for all your awesome work so
>>>>>>>>>>> far.
>>>>>>>>>>>
>>>>>>>>>>>
>>>>>>>>>>> --
>>>>>>>>>>> -- Matt Tesauro
>>>>>>>>>>> OWASP WTE Project Lead
>>>>>>>>>>> http://www.owasp.org/index.php/Category:OWASP_Live_CD_Project
>>>>>>>>>>> http://AppSecLive.org - Community and Download site
>>>>>>>>>>> OWASP OpenStack Security Project Lead
>>>>>>>>>>> https://www.owasp.org/index.php/OWASP_OpenStack_Security_Project
>>>>>>>>>>>
>>>>>>>>>>>
>>>>>>>>>>> On Tue, Apr 22, 2014 at 4:33 AM, psiinon <psiinon at gmail.com>wrote:
>>>>>>>>>>>
>>>>>>>>>>>> Samantha,
>>>>>>>>>>>> cc OWASP Project leaders,
>>>>>>>>>>>>
>>>>>>>>>>>> Auditing all of the OWASP Projects (as per
>>>>>>>>>>>> https://github.com/OWASP/Projects_Task_Force/issues/2) seems
>>>>>>>>>>>> to be a significant undertaking, and its one I think the project leaders
>>>>>>>>>>>> could (and possible _should_) help with.
>>>>>>>>>>>>
>>>>>>>>>>>> How about setting up a simple form with high level questions
>>>>>>>>>>>> like:
>>>>>>>>>>>>
>>>>>>>>>>>>    - Project name:
>>>>>>>>>>>>    - Leaders name:
>>>>>>>>>>>>    - Ohloh link:
>>>>>>>>>>>>    - Source control link (if not on Ohloh):
>>>>>>>>>>>>    - Is your project active? (Yes, No, Clinging on for dear
>>>>>>>>>>>>    life)
>>>>>>>>>>>>    - When was the last release?
>>>>>>>>>>>>    - Link to last release:
>>>>>>>>>>>>    - When do you think the next release will be?
>>>>>>>>>>>>
>>>>>>>>>>>> Or whatever questions you want the answers to, but something
>>>>>>>>>>>> that someone can fill in very quickly.
>>>>>>>>>>>>
>>>>>>>>>>>> Then ask all of the project leaders to fill that out for each
>>>>>>>>>>>> of their projects.
>>>>>>>>>>>>
>>>>>>>>>>>> The audit should go further than this, but at least that would
>>>>>>>>>>>> be really useful input which project leaders should be able to supply quite
>>>>>>>>>>>> easily.
>>>>>>>>>>>>
>>>>>>>>>>>> And if a leader doesnt fill in this form after being prompted a
>>>>>>>>>>>> couple of times then maybe we should just move it to inactive status?
>>>>>>>>>>>>
>>>>>>>>>>>> Cheers,
>>>>>>>>>>>>
>>>>>>>>>>>> Simon
>>>>>>>>>>>>
>>>>>>>>>>>> --
>>>>>>>>>>>> OWASP ZAP <https://www.owasp.org/index.php/ZAP> Project leader
>>>>>>>>>>>>
>>>>>>>>>>>> _______________________________________________
>>>>>>>>>>>> Owasp_project_leader_list mailing list
>>>>>>>>>>>> Owasp_project_leader_list at lists.owasp.org
>>>>>>>>>>>>
>>>>>>>>>>>> https://lists.owasp.org/mailman/listinfo/owasp_project_leader_list
>>>>>>>>>>>>
>>>>>>>>>>>>
>>>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>> --
>>>>>>>>>>
>>>>>>>>>> *Samantha Groves, MBA*
>>>>>>>>>>
>>>>>>>>>> *OWASP Projects Manager*
>>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>> The OWASP Foundation
>>>>>>>>>>
>>>>>>>>>> Phoenix, USA
>>>>>>>>>>
>>>>>>>>>> Email: samantha.groves at owasp.org
>>>>>>>>>>
>>>>>>>>>> Skype: samanthahz
>>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>> OWASP Global Projects<https://www.owasp.org/index.php/Category:OWASP_Project>
>>>>>>>>>>
>>>>>>>>>> Book a Meeting with Me <http://goo.gl/mZXdZ>
>>>>>>>>>>
>>>>>>>>>> OWASP Contact US Form <http://owasp4.owasp.org/contactus.html>
>>>>>>>>>>
>>>>>>>>>> New Project Application Form <http://www.tfaforms.com/263506>
>>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>>  _______________________________________________
>>>>>>>>>> Owasp_project_leader_list mailing list
>>>>>>>>>> Owasp_project_leader_list at lists.owasp.org
>>>>>>>>>> https://lists.owasp.org/mailman/listinfo/owasp_project_leader_list
>>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>> _______________________________________________
>>>>>>>>>> Owasp_project_leader_list mailing list
>>>>>>>>>> Owasp_project_leader_list at lists.owasp.org
>>>>>>>>>> https://lists.owasp.org/mailman/listinfo/owasp_project_leader_list
>>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>
>>>>>>>>>
>>>>>>>>> --
>>>>>>>>> OWASP ZAP <https://www.owasp.org/index.php/ZAP> Project leader
>>>>>>>>>
>>>>>>>>
>>>>>>>>
>>>>>>>>
>>>>>>>> --
>>>>>>>>
>>>>>>>> *Samantha Groves, MBA*
>>>>>>>>
>>>>>>>> *OWASP Projects Manager*
>>>>>>>>
>>>>>>>>
>>>>>>>> The OWASP Foundation
>>>>>>>>
>>>>>>>> Phoenix, USA
>>>>>>>>
>>>>>>>> Email: samantha.groves at owasp.org
>>>>>>>>
>>>>>>>> Skype: samanthahz
>>>>>>>>
>>>>>>>>
>>>>>>>> OWASP Global Projects<https://www.owasp.org/index.php/Category:OWASP_Project>
>>>>>>>>
>>>>>>>> Book a Meeting with Me <http://goo.gl/mZXdZ>
>>>>>>>>
>>>>>>>> OWASP Contact US Form <http://owasp4.owasp.org/contactus.html>
>>>>>>>>
>>>>>>>> New Project Application Form <http://www.tfaforms.com/263506>
>>>>>>>>
>>>>>>>>
>>>>>>>>
>>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>> --
>>>>>>> OWASP ZAP <https://www.owasp.org/index.php/ZAP> Project leader
>>>>>>>
>>>>>>
>>>>>>
>>>>>>
>>>>>> --
>>>>>>
>>>>>> *Samantha Groves, MBA*
>>>>>>
>>>>>> *OWASP Projects Manager*
>>>>>>
>>>>>>
>>>>>> The OWASP Foundation
>>>>>>
>>>>>> Phoenix, USA
>>>>>>
>>>>>> Email: samantha.groves at owasp.org
>>>>>>
>>>>>> Skype: samanthahz
>>>>>>
>>>>>>
>>>>>> OWASP Global Projects<https://www.owasp.org/index.php/Category:OWASP_Project>
>>>>>>
>>>>>> Book a Meeting with Me <http://goo.gl/mZXdZ>
>>>>>>
>>>>>> OWASP Contact US Form <http://owasp4.owasp.org/contactus.html>
>>>>>>
>>>>>> New Project Application Form <http://www.tfaforms.com/263506>
>>>>>>
>>>>>>
>>>>>>
>>>>>>
>>>>>
>>>>
>>>>
>>>> --
>>>>
>>>> *Samantha Groves, MBA*
>>>>
>>>> *OWASP Projects Manager*
>>>>
>>>>
>>>> The OWASP Foundation
>>>>
>>>> Phoenix, USA
>>>>
>>>> Email: samantha.groves at owasp.org
>>>>
>>>> Skype: samanthahz
>>>>
>>>>
>>>> OWASP Global Projects<https://www.owasp.org/index.php/Category:OWASP_Project>
>>>>
>>>> Book a Meeting with Me <http://goo.gl/mZXdZ>
>>>>
>>>> OWASP Contact US Form <http://owasp4.owasp.org/contactus.html>
>>>>
>>>> New Project Application Form <http://www.tfaforms.com/263506>
>>>>
>>>>
>>>>
>>>>
>>>
>>
>


-- 

*Samantha Groves, MBA*

*OWASP Projects Manager*


The OWASP Foundation

Phoenix, USA

Email: samantha.groves at owasp.org

Skype: samanthahz


OWASP Global Projects<https://www.owasp.org/index.php/Category:OWASP_Project>

Book a Meeting with Me <http://goo.gl/mZXdZ>

OWASP Contact US Form <http://owasp4.owasp.org/contactus.html>

New Project Application Form <http://www.tfaforms.com/263506>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/owasp_project_leader_list/attachments/20140423/5103487f/attachment-0001.html>


More information about the Owasp_project_leader_list mailing list