This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit https://owasp.org
Difference between revisions of "Governance/ProjectProgramModels"
Sarah Baso (talk | contribs) |
(→Additional Comments) |
||
Line 111: | Line 111: | ||
= Additional Comments = | = Additional Comments = | ||
Use this space to provide additional comments on any of the existing text. For example, perhaps you disagree with something that is above. Please note your thoughts in this section. | Use this space to provide additional comments on any of the existing text. For example, perhaps you disagree with something that is above. Please note your thoughts in this section. | ||
− | # | + | |
+ | # James McGovern - I can't quite tell if this model will provide service equally to builders vs breakers vs defenders. Has OWASP looked at models that are role-aligned? For example stuff that CISOs care about vs developers vs project managers, etc |
Revision as of 19:19, 6 May 2014
Purpose
OWASP needs help from our community to define an OWASP Projects Program model that will meet the needs of our leaders. To do so we are engaging the community to discuss and flush out different options. We would like to have a vote on this to ensure that the community has a say in how the foundation moves forward.
The Options
Please feel free to add additional bullets to any of the cells. Please do not remove existing items.
Option | 1 - Flagships get majority of resources to increase quality. | 2 - Develop two separate programs: Quality focused and Innovation focused | 3 - Community project review centric model |
Summary Description |
Drop the Lab designation, and only have Incubator and Flagship projects. Flagship project status would be determined by community vote, and our resources would go towards developing Flagship projects, based on community input. Incubators would get less attention and support.
|
Separate focus of OWASP projects into two separate programs. One will focus on increasing the quality of a handful of projects selected by the community, and the other program will focus on developing a platform for new leaders that facilitates innovation, research, and testing.
|
This is the approach we are currently using. This approach requires that the community conduct project reviews to graduate projects, and it requires a twice yearly project audit to demote projects that are currently inactive.
|
How are Flagships Selected? | Community Vote | Community Vote | Community Project Health and Quality Reviews |
New Project Designations |
|
|
|
Project Quality |
Consolidate Foundation resources to help improve quality of Flagship projects only. This will give the majority of our resources to a handful of projects. |
|
The foundation has no direct influence over the quality of the project. The quality of the project is dependent on the project leader’s individual time, resources, and output. |
Project Reviews |
The Foundation facilitates a technical review of the community selected "Official" projects once a year, and the Incubator projects only get reviewed if they ask for one. The reviews are conducted by the community for supported projects. |
|
Project reviews are only done for those projects that want reviews, or that would like to graduate to the next level. |
Resources and Funding |
The majority of our resources and funding will go towards the development of higher quality Official OWASP projects. Supported projects will still have access to resources, but they will be minimal. |
Each program would need to have their own budget. The Flagship program would only spend their funds on items that increase project quality. It would be required that flagship submit a detailed project plan and budget. The Projects Program would have a budget that would fund items like project dev work, the project summit, OSS, marketing/design costs, etc. |
All projects get access to funding; however, Flagships get priority for funding for project development work. Funding items like project dev work, the project summit, OSS, marketing/design costs, etc are still available to all projects. |
Positives of this approach |
|
|
|
Negatives of this approach |
|
|
|
Any other considerations |
|
|
|
Additional Comments
Use this space to provide additional comments on any of the existing text. For example, perhaps you disagree with something that is above. Please note your thoughts in this section.
- James McGovern - I can't quite tell if this model will provide service equally to builders vs breakers vs defenders. Has OWASP looked at models that are role-aligned? For example stuff that CISOs care about vs developers vs project managers, etc