[Owasp_project_leader_list] [Owasp-leaders] OWASP Project Manager Report: March 28, 2014

Azeddine Islam Mennouchi azeddine.mennouchi at owasp.org
Sun Mar 30 13:36:35 UTC 2014


Hey,
Okay we can see that an offert was done to put this evaluations criteria
Putting an evaluation form for OWASP projects is like developing a
mutliplatforme software a lot of speciale cases to be respected
An other things I wanted to say is that there is a diff. Between evaluating
the maturity of the project and the quality of the project
A project can be a quality project even in its beginning phases so we need
to put this in consediration

Regards Islam,
Le 30 mars 2014 11:11, "Jim Manico" <jim.manico at owasp.org> a écrit :

> I agree 100% that "code defense", "documentation" and "tools" all need
> different evaluation criteria. I think those are actually in place, we just
> need to use them across all projects.
>
> --
> Jim Manico
> @Manicode
> (808) 652-3805
>
> On Mar 30, 2014, at 3:29 AM, Andrew van der Stock <vanderaj at owasp.org>
> wrote:
>
> As a Project Leader of a Documentation project, I had no choice but to
> rate the bits of the Guide that deal with the various metrics highly as
> that's the DevGuide's entire raison d'etre, but yet, the Guide needs an
> in-depth project review desperately. We should be a "Red" flagged flagship
> product.
>
> We need contributors, I need help to build a self-sustaining community and
> ecosystem around the Guide, and honestly, it would be great if I could find
> dedicated project managers who would stick around and poke me and the mail
> list with a stick more than just once or twice before disappearing. PM'ing
> a large project is a thankless and tireless task, but it's one that I
> really need help with. It's not that I'm no good at PM, it's that there are
> not many folks who can keep the Guide in their head and see where it needs
> to go. I'm not precious about the Guide - anyone can contribute on GitHub,
> but it should have a conceptual integrity and flow.
>
> I would humbly suggest a different Project readiness / status metric is
> used for documentation projects. If you ask a fish to climb a tree, it'll
> never succeed. Let's not ask documentation projects to adhere to SAMM
> metrics. We are not code, and we're not produced like code.
>
> thanks
> Andrew
>
>
> On Sun, Mar 30, 2014 at 2:28 PM, <tonyuv at owasp.org> wrote:
>
>>  I would like to preface by saying that I too apologize for being a
>> leader that catches up too infrequently to these threads, thereby
>> introducing feedback that is probably too little and too late, but in
>> seeing this I simply had to state that OpenSAMM is a framework to be
>> applied to a security program.  Using it to measure aspects of project
>> quality is immense overkill.  Users familiar with OpenSAMM would be forced
>> to perverse aspects of the framework in order to make it topical to
>> measuring project effectiveness.
>>
>> Now, if already decided upon, I can respect the decision that was taken
>> and perhaps we can evolve (or rather simplify) the criteria from there,
>> especially since I didn't provide my feedback in the past whenever it was
>> appropriate.  Nonetheless,  I do think OpenSAMM is non-congruent to a
>> simple and quick form of measurement for project effectiveness.  I'm no
>> certified PMP, but I would probably lend from evaluation techniques
>> depicted in Prince2 or PMBok.
>>
>> Tony UV
>>
>> Sent from Windows Mail
>>
>>  *From:* Dinis Cruz <dinis.cruz at owasp.org>
>> *Sent:* Saturday, March 29, 2014 8:15 AM
>> *To:* psiinon <psiinon at gmail.com>
>> *Cc:* OWASP Leaders <owasp-leaders at lists.owasp.org>,
>> owasp_project_leader_list at lists.owasp.org
>>
>> Jim , I think you are reading too much into the word 'value' specially
>> since it is not at all implying that that form is measuring quality
>>
>> But its good feedback and its probably better to rename the form ;)
>>
>> I also don't see a prob with using OpenSAMM in that form. Its 'a' metric
>> and at this stage what the we really need is good information about the
>> status, usability and 'value to the user' of all/most of our projects
>> (measuring Quality comes much later)
>>
>> Samantha, please take all these (and other) comments with a pinch-of-salt
>> (or glass of wine). After all, the good news is that finally there is some
>> energy around OWASP projects (and the hard battles/discussions have not
>> even started :) )
>>
>> Like we like to say in England: 'Keep Calm and Carry On'
>>
>> BTW, for the record, I think Samantha is doing a fantastic job, and my
>> only regret is that I don't have more time to help her.
>>
>> Dinis
>> On 29 Mar 2014 11:44, "psiinon" <psiinon at gmail.com> wrote:
>>
>>> Seconded.
>>>
>>> OpenSAMM is a great way to categorize projects, its not suitable for
>>> evaluating project quality.
>>> I've had similar feedback from people I've asked to evaluate ZAP using
>>> it.
>>> Were there specific reasons why we stopped using the old form?
>>> From memory it seamed fairly suitable.
>>> I'm happy to give feedback on it or any other criteria that is proposed
>>> for this purpose - I've got a fair amount of experience evaluating tools
>>> and libraries :)
>>>
>>> Cheers,
>>>
>>> Simon
>>>
>>>
>>> On Sat, Mar 29, 2014 at 10:45 AM, Jim Manico <jim.manico at owasp.org>wrote:
>>>
>>>>  Samantha,
>>>>
>>>> I am not on the board of technical directors because it is a deep
>>>> conflict of interest since I manage so many OWASP technical projects. I
>>>> invest tons of energy and time as an OWASP volunteer in many other ways. I
>>>> have provided *criteria* for technical project evaluations on several
>>>> occasions throughout the years as well. Technical evaluation is just one
>>>> criteria of quality, and yes I've reviewed all the links you shared and
>>>> think you are mostly on the right track with your evaluation teams.
>>>>
>>>> Samantha, evaluating the quality of a OWASP project using OpenSAMM, a
>>>> Software Development Lifecycle Evaluation criteria, seems so far from the
>>>> mission of evaluating projects for quality, I felt I needed to step up and
>>>> speak out so we stop this practice immediately and move to a quality based
>>>> evaluation.
>>>>
>>>> The *measurement* of projects for quality is, per my understanding, the
>>>> main reason we hired you. You have done a great job of building teams to
>>>> work on this, but I implore you to condense the evaluation form into one
>>>> form for each type of project, and minimize the OpenSAMM questions. I am
>>>> loud about this because I see the evaluations underway already and we need
>>>> to streamline this process into something that is scalable and effective.
>>>>
>>>> I realize you are managing 177 projects *and more*. We may want to
>>>> change your focus from traveling to conferences (since we hired Laura Grau
>>>> to manage conferences) so you can focus more on your project management
>>>> duties. This is of course Sarah's call.
>>>>
>>>> I have no problem with your critique of my personality, that's fine.
>>>> But that does not change the fact that we desperately need proper quality
>>>> evaluation of projects and I implore you to heed my advice. I see in your
>>>> report that you are about to undertake a review of all flagships, that is
>>>> another reason why I am loudly suggesting you change course and stop using
>>>> the OpenSAMM criteria.
>>>>
>>>> - Jim
>>>>
>>>>
>>>>
>>>>
>>>>
>>>>
>>>>  Jim,
>>>>
>>>>  I am sorry to disappoint you, but no you were not the only leader to
>>>> throw a tantrum on the staff this week. You certainly were one of them, but
>>>> not the only one. I deal with over 100 leaders in any given day so to
>>>> assume that my reports are only about your actions is very inaccurate.
>>>>
>>>>  Now, I appreciate your concerns, and if you would take the time to
>>>> read about the very hard work our community members have accomplished
>>>> (mainly our technical project advisors<http://owasp.blogspot.com/2013/09/meet-our-new-technical-project-advisors.html> who
>>>> are very "Technical") that were brought together after you refused to help
>>>> me put this assessment criteria together after yet another tantrum of
>>>> yours, you would know the hard work that went into creating this
>>>> system/criteria. I recommend familiarizing yourself with the process before
>>>> making very inaccurate assumptions about what is actually happening.
>>>>
>>>>  What the advisors did at the summit<https://www.owasp.org/images/c/c3/OWASP_2013_PROJECT_SUMMIT_REPORT.pdf>:
>>>> pg. 25
>>>>
>>>>  Definition of assessments/reviews: Chapter 7<https://www.owasp.org/images/d/d8/PROJECT_LEADER-HANDBOOK_2014.pdf>
>>>>
>>>>  Jim, I love and respect you as a person, but this behavior is very
>>>> detrimental to our community and serves no purpose other than to alienate
>>>> very hard working volunteers that are taking on a task that has not been
>>>> able to be managed in a very long time (even before my time here) due to
>>>> the large amount of projects we have in our inventory and the lack of
>>>> resources we have as an organization. You, as one of our Board of
>>>> Directors, should know this better than anyone in our community. If you
>>>> have a better way of managing this, then by all means recommend it. Just
>>>> remember, I am not managing 5 projects, I am managing 177 and our system
>>>> must accommodate them all.
>>>>
>>>>  I implore you to take a step back, and think about what your actions
>>>> are actually accomplishing.
>>>>
>>>>  With respect,
>>>>
>>>>  Samantha
>>>>
>>>>
>>>>
>>>>
>>>>
>>>> On Fri, Mar 28, 2014 at 11:43 PM, Jim Manico <jim.manico at owasp.org>wrote:
>>>>
>>>>>  Samantha,
>>>>>
>>>>> In this report you say:
>>>>>
>>>>> "My suggestion to those that are so very quick to criticizes the hard
>>>>> work of others is to please familiarize yourself with the actual efforts
>>>>> that have gone into these endeavors. If you see an issue with something
>>>>> that we have done, please let us know, and I welcome you to pitch in and
>>>>> help out. Many of our processes and procedures are dependent on volunteer
>>>>> contributions, and if we have no support in these areas, then there isn't
>>>>> much we can do on the operations side as the resources we require are
>>>>> simply not available."
>>>>>
>>>>> That was most certainly me. I have been concerned that the various
>>>>> code projects at the flagship level are not deserving of that status. I
>>>>> have also requested that several projects I assist or manage be evaluated
>>>>> and it's been 6+ months with no activity on that front - or better put, as
>>>>> a project manager of 3 OWASP projects that I've requested evaluation for,
>>>>> no one has contacted me as a project manager about the status of those
>>>>> reviews, so I imagine other project managers in this situation have gotten
>>>>> the same.
>>>>>
>>>>> What made me flip from "patience on this" to "alerting the board and
>>>>> Sarah that I am very concerned about what is going on" is that finally when
>>>>> you asked me to distribute a form to help folks evaluate Dependency Check,
>>>>> it was nonsensical. It was a list of OpenSAMM categorizes that should be
>>>>> used to evaluate a companies SDLC; categories that really have nothing to
>>>>> do with OWASP project quality evaluation. It makes me ask, what is going
>>>>> on? And I'm very upset that this form is being using the evaluate other
>>>>> projects, it a step in the wrong direction. I'd like to see this fixed
>>>>> really soon.
>>>>>
>>>>> Thank you.
>>>>> - Jim
>>>>>
>>>>>
>>>>>
>>>>> On 3/29/14, 8:53 AM, Samantha Groves wrote:
>>>>>
>>>>>  Hello Leaders,
>>>>>
>>>>> Below is the link to my weekly projects report. Please reach out to me
>>>>> if you have any questions about any of the items in the report, and I will
>>>>> do my best to answer them.
>>>>>
>>>>> Projects Weekly Report: March 28, 2014<https://www.owasp.org/index.php/Projects/Reports/2014-28-03>
>>>>>
>>>>> Have a great weekend.
>>>>>
>>>>> Thank you, Leaders.
>>>>>
>>>>> Samantha
>>>>>
>>>>>  --
>>>>>
>>>>> *Samantha Groves, MBA*
>>>>>
>>>>> *OWASP Projects Manager*
>>>>>
>>>>>
>>>>>  The OWASP Foundation
>>>>>
>>>>> Phoenix, USA
>>>>>
>>>>> Email: samantha.groves at owasp.org
>>>>>
>>>>> Skype: samanthahz
>>>>>
>>>>>
>>>>>  OWASP Global Projects<https://www.owasp.org/index.php/Category:OWASP_Project>
>>>>>
>>>>> Book a Meeting with Me <http://goo.gl/mZXdZ>
>>>>>
>>>>> OWASP Contact US Form <http://owasp4.owasp.org/contactus.html>
>>>>>
>>>>> New Project Application Form <http://www.tfaforms.com/263506>
>>>>>
>>>>>
>>>>>
>>>>>
>>>>>
>>>>>  _______________________________________________
>>>>> Owasp_project_leader_list mailing listOwasp_project_leader_list at lists.owasp.orghttps://lists.owasp.org/mailman/listinfo/owasp_project_leader_list
>>>>>
>>>>>
>>>>>
>>>>
>>>>
>>>>  --
>>>>
>>>> *Samantha Groves, MBA*
>>>>
>>>> *OWASP Projects Manager*
>>>>
>>>>
>>>>  The OWASP Foundation
>>>>
>>>> Phoenix, USA
>>>>
>>>> Email: samantha.groves at owasp.org
>>>>
>>>> Skype: samanthahz
>>>>
>>>>
>>>>  OWASP Global Projects<https://www.owasp.org/index.php/Category:OWASP_Project>
>>>>
>>>> Book a Meeting with Me <http://goo.gl/mZXdZ>
>>>>
>>>> OWASP Contact US Form <http://owasp4.owasp.org/contactus.html>
>>>>
>>>> New Project Application Form <http://www.tfaforms.com/263506>
>>>>
>>>>
>>>>
>>>>
>>>>
>>>> _______________________________________________
>>>> Owasp_project_leader_list mailing list
>>>> Owasp_project_leader_list at lists.owasp.org
>>>> https://lists.owasp.org/mailman/listinfo/owasp_project_leader_list
>>>>
>>>>
>>>
>>>
>>> --
>>> OWASP ZAP <https://www.owasp.org/index.php/ZAP> Project leader
>>>
>>> _______________________________________________
>>> Owasp_project_leader_list mailing list
>>> Owasp_project_leader_list at lists.owasp.org
>>> https://lists.owasp.org/mailman/listinfo/owasp_project_leader_list
>>>
>>>
>> _______________________________________________
>> OWASP-Leaders mailing list
>> OWASP-Leaders at lists.owasp.org
>> https://lists.owasp.org/mailman/listinfo/owasp-leaders
>>
>>
> _______________________________________________
> Owasp_project_leader_list mailing list
> Owasp_project_leader_list at lists.owasp.org
> https://lists.owasp.org/mailman/listinfo/owasp_project_leader_list
>
>
> _______________________________________________
> OWASP-Leaders mailing list
> OWASP-Leaders at lists.owasp.org
> https://lists.owasp.org/mailman/listinfo/owasp-leaders
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/owasp_project_leader_list/attachments/20140330/1e4fdeba/attachment-0001.html>


More information about the Owasp_project_leader_list mailing list