[Owasp_project_leader_list] OWASP Project Audits

Larry Conklin larry.conklin at owasp.org
Thu Apr 24 02:01:42 UTC 2014


Samantha, Is this something you want me to do for the code review guide?


On Tue, Apr 22, 2014 at 1:01 PM, Samantha Groves
<samantha.groves at owasp.org>wrote:

> I agree. Lets get started? Who is doing what? I can send our form to the
> lists.
>
>
> On Tue, Apr 22, 2014 at 11:00 AM, psiinon <psiinon at gmail.com> wrote:
>
>> I vote for a relatively aggressive approach to demoting projects.
>> No apparent code changes, releases or home page edits in the last 12
>> months? Email leader saying demotion is immanent. No response to email in
>> one month? Demote.
>> 1 email explaining why the project is still alive: keep alive for now..
>>
>> That should weed out a load of the deadwood!
>>
>> Obviously promoting projects requires a bit more effort, but ask the
>> leaders to justify promotion as they have a vested interest in making it
>> so, and that reduces the load on the reviewers.
>>
>> Cheers,
>>
>> Simon
>>
>>
>> On Tue, Apr 22, 2014 at 6:50 PM, Jim Manico <jim.manico at owasp.org> wrote:
>>
>>> Samantha,
>>>
>>> What was the result of the previous project audit?
>>>
>>> My understanding is that no project has moved up or down the project
>>> hierarchy in the past few years.
>>>
>>> Just curious what the endgame or goal is here.
>>>
>>> --
>>> Jim Manico
>>> @Manicode
>>> (808) 652-3805
>>>
>>> On Apr 22, 2014, at 10:43 AM, Samantha Groves <samantha.groves at owasp.org>
>>> wrote:
>>>
>>> Thank you guys.
>>>
>>> +1 I love it, and I would love it more if I had a handful of people
>>> pitching in as I think it will go way faster. The last audit took quite a
>>> while to do. The next one was scheduled to start in June, but we have
>>> started early.
>>>
>>> For reference, this is what I did the last time:
>>> https://docs.google.com/spreadsheet/ccc?key=0AllOCxlYdf1AdEdCYVJpdmZHaWJYZ055WHROa19qN3c&usp=sharing
>>>
>>> I put together the form Simon suggested:
>>> https://docs.google.com/a/owasp.org/forms/d/14DYS3kY6P2uqJqAMd3F-cMfUPg-DXCK3sQvtggZ1gek/viewform
>>>
>>> Let me know what you think. We can e-mail this list, and all of the
>>> other known active project leaders. They all have 3 weeks to respond, as
>>> Johanna suggested. I agree with that. After that, the project is marked
>>> inactive. How does that sound?
>>>
>>>
>>>
>>>
>>> On Tue, Apr 22, 2014 at 7:35 AM, Matt Tesauro <matt.tesauro at owasp.org>wrote:
>>>
>>>> +1
>>>>
>>>> I agree that a quick survey of the project leaders may help get enough
>>>> responses so that a sorting can occur allowing more detailed audits of the
>>>> more active projects.  If a project won't answer a short form, they are
>>>> quite unlikely to do a few audit.  Its also possible that I'm ignorant of
>>>> all the work you're doing on these audits.
>>>>
>>>> I do think you're doing awesome (and somewhat thankless) work.  I
>>>> remember trying to herd the cats while part of the Global Project
>>>> Committee.  It is not an easy task.  Thanks for all your awesome work so
>>>> far.
>>>>
>>>>
>>>> --
>>>> -- Matt Tesauro
>>>> OWASP WTE Project Lead
>>>> http://www.owasp.org/index.php/Category:OWASP_Live_CD_Project
>>>> http://AppSecLive.org - Community and Download site
>>>> OWASP OpenStack Security Project Lead
>>>> https://www.owasp.org/index.php/OWASP_OpenStack_Security_Project
>>>>
>>>>
>>>> On Tue, Apr 22, 2014 at 4:33 AM, psiinon <psiinon at gmail.com> wrote:
>>>>
>>>>> Samantha,
>>>>> cc OWASP Project leaders,
>>>>>
>>>>> Auditing all of the OWASP Projects (as per
>>>>> https://github.com/OWASP/Projects_Task_Force/issues/2) seems to be a
>>>>> significant undertaking, and its one I think the project leaders could (and
>>>>> possible _should_) help with.
>>>>>
>>>>> How about setting up a simple form with high level questions like:
>>>>>
>>>>>    - Project name:
>>>>>    - Leaders name:
>>>>>    - Ohloh link:
>>>>>    - Source control link (if not on Ohloh):
>>>>>    - Is your project active? (Yes, No, Clinging on for dear life)
>>>>>    - When was the last release?
>>>>>    - Link to last release:
>>>>>    - When do you think the next release will be?
>>>>>
>>>>> Or whatever questions you want the answers to, but something that
>>>>> someone can fill in very quickly.
>>>>>
>>>>> Then ask all of the project leaders to fill that out for each of their
>>>>> projects.
>>>>>
>>>>> The audit should go further than this, but at least that would be
>>>>> really useful input which project leaders should be able to supply quite
>>>>> easily.
>>>>>
>>>>> And if a leader doesnt fill in this form after being prompted a couple
>>>>> of times then maybe we should just move it to inactive status?
>>>>>
>>>>> Cheers,
>>>>>
>>>>> Simon
>>>>>
>>>>> --
>>>>> OWASP ZAP <https://www.owasp.org/index.php/ZAP> Project leader
>>>>>
>>>>> _______________________________________________
>>>>> Owasp_project_leader_list mailing list
>>>>> Owasp_project_leader_list at lists.owasp.org
>>>>> https://lists.owasp.org/mailman/listinfo/owasp_project_leader_list
>>>>>
>>>>>
>>>>
>>>
>>>
>>> --
>>>
>>> *Samantha Groves, MBA*
>>>
>>> *OWASP Projects Manager*
>>>
>>>
>>> The OWASP Foundation
>>>
>>> Phoenix, USA
>>>
>>> Email: samantha.groves at owasp.org
>>>
>>> Skype: samanthahz
>>>
>>>
>>> OWASP Global Projects<https://www.owasp.org/index.php/Category:OWASP_Project>
>>>
>>> Book a Meeting with Me <http://goo.gl/mZXdZ>
>>>
>>> OWASP Contact US Form <http://owasp4.owasp.org/contactus.html>
>>>
>>> New Project Application Form <http://www.tfaforms.com/263506>
>>>
>>>
>>>
>>>  _______________________________________________
>>> Owasp_project_leader_list mailing list
>>> Owasp_project_leader_list at lists.owasp.org
>>> https://lists.owasp.org/mailman/listinfo/owasp_project_leader_list
>>>
>>>
>>> _______________________________________________
>>> Owasp_project_leader_list mailing list
>>> Owasp_project_leader_list at lists.owasp.org
>>> https://lists.owasp.org/mailman/listinfo/owasp_project_leader_list
>>>
>>>
>>
>>
>> --
>> OWASP ZAP <https://www.owasp.org/index.php/ZAP> Project leader
>>
>
>
>
> --
>
> *Samantha Groves, MBA*
>
> *OWASP Projects Manager*
>
>
> The OWASP Foundation
>
> Phoenix, USA
>
> Email: samantha.groves at owasp.org
>
> Skype: samanthahz
>
>
> OWASP Global Projects<https://www.owasp.org/index.php/Category:OWASP_Project>
>
> Book a Meeting with Me <http://goo.gl/mZXdZ>
>
> OWASP Contact US Form <http://owasp4.owasp.org/contactus.html>
>
> New Project Application Form <http://www.tfaforms.com/263506>
>
>
>
>
> _______________________________________________
> Owasp_project_leader_list mailing list
> Owasp_project_leader_list at lists.owasp.org
> https://lists.owasp.org/mailman/listinfo/owasp_project_leader_list
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/owasp_project_leader_list/attachments/20140423/9b49442e/attachment-0001.html>


More information about the Owasp_project_leader_list mailing list