Difference between revisions of "Task Force/OWASP Projects"

Revision as of 20:02, 16 July 2014

This task force is focused on OWASP Projects with a first focus on cleaning up the OWASP incubator list

Current To-do list

• update this page so it has all the latest content
• "...send last warning and clean up of incubator projects that have not been updated in more than a year, especially without a first release. we give a chance to react otherwise they get set to inactive projects and the wiki starts to clear up..."
• Inactive/Active Project Audits: See here for more details
• Project Reviews: See here for more details
• Need to get all project repos added to Ohloh: http://www.ohloh.net/orgs/OWASP
• [Task: Project Metrics Collection Project Metrics Collection: Data needed]
• More Summit Sessions
• Help Jonathan promote media project for different media needs around OWASP
• Find a Summit Session parter for Eoin for Dev Guide Session
• Summit Sponsorship Needs

To-do list: Future Tasks

• Gather support and funding to have 1 large OWASP Summit.
• Design a more sustainable revenue stream using the Project’s IP.
• Identify & promote cross-project collaboration to move clusters of projects forward, with e.g. work groups that work on a certain domain.
• Start a task force of people with spare cycles that can help projects that need extra man-power of are falling behind in delivery of new releases (especially the flag ship projects).

Completed Tasks

• create a mailing list (in google groups) for this task force: Completed by Samantha - April 15th 2014
• Submissions for Open Source Showcase at AppSec EU: See here for more details: Completed by Team. - May 02, 2014
• Need to review Java HTML Sanitizer Project: See here for more details: Removed from the Review List - Samantha - May 02, 2014
• Wikify Projects Dashboard: Removed as agreed it is unnecessary - Samantha - May 02, 2014

Execution Power

This task force exists on the assumption that it has a mandate from the OWASP leaders to act on behalf of the OWASP community on what is best for OWASP Projects.

If somebody (namely an OWASP Leader or Board member) disagree with any of the decisions made, he/she has two options:

• join this Task Force
• create another equivalent 'OWASP Projects group' and do a better job there

Current Members

• Johanna Curiel
• Chuck (invitation pending)
• Dinis Cruz
• Jonathan Marcil
• Jason Johnson
• Gary D. Robinson
• Kait Disney-Leugers & Sarah Baso as OWASP Staff

OWASP Projects Task Force (Concept)

This is a new type of OWASP initiative, focused on 'getting things done', the concept is still evolving but here are the current (in draft) guiding principles:

1. this 'task force is an invitation-only group' (to join the task force, requests should be made directly with existing task force members)
2. all existing members have VETO power, and it is assumed that all decisions are backed up with all existing members
3. only existing members can send the invitations
4. there is a 1 month minimum activity required (or the member is temporarily out).
5. invitations are automatically approved in 24h
6. existing members can VETO new members (and existing members can be kickout by majority)
7. there an one special member who has veto power the responsibility to enforce the 'one month contribution MIA scenario' (i.e. to kick out the 'non contributing members')
8. all communication MUST be made (as much as practically possible) under public mediums: Wiki, public mailings, public Hangout sessions
9. there are NO decisions made BEHIND closed doors, or without a solid digital (hyperlinkable) trail

Discussions

Google Group