This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit https://owasp.org

Difference between revisions of "Governance/ProjectProgramModels"

From OWASP
Jump to: navigation, search
Line 75: Line 75:
 
| '''Positives of this approach'''
 
| '''Positives of this approach'''
 
|| <!--Option 1-->
 
|| <!--Option 1-->
# Very decentralized and scalable, no impact on operations staff
+
# Simplifies the process from an operational perspective as we would be primarily focusing on increasing the quality of a very small community selected group of projects.
# Project leader empowerment
+
# Increases community involvement.
 +
# Incentivizes Leaders to make their projects user friendly, high quality, and highly volunteer engaged.
 
||<!--Option 2-->
 
||<!--Option 2-->
# Revenue generation
+
# Separates two different focus areas into two separate programs.
# All contributors get recognition
+
# Increases community involvement. 
# Companies that allow employees to work on a project will show many people with @company.com contributors
+
# Incentivizes Leaders to make their projects user friendly, high quality, and highly volunteer engaged.
 
||<!--Option 3-->
 
||<!--Option 3-->
# Maintains focus on OWASP, less dilution of OWASP brand
+
# No adaptation needed in the operational and financial plan for 2014
# Centralized location for sponsorship recognition. - Wall of fame
 
 
|-
 
|-
 
| '''Negatives of this approach'''
 
| '''Negatives of this approach'''
 
||<!--Option 1-->
 
||<!--Option 1-->
# Lack of consistency across projects
+
# Community vote might turn into a popularity contest. 
# No clear engagement on how contributors get involved
+
# OWASP Official projects will take the majority of resources from all other projects
# May be open to abuse due to lack of standards
+
# We will still have two separate focus areas under one program.
 +
# Project development work will still be dependent on volunteer resources.
 
||<!--Option 2-->
 
||<!--Option 2-->
# Individuals and companies that contribute lots of time may be trumped (in recognition) by any company that donates money
+
# Will require an additional foundation hire to manage Flagship Project Program.
# Corporate Logos on projects may cause vendor neutrality concerns and discourage contribution
+
# Project development work will still be dependent on volunteer resources.
 
||<!--Option 3-->
 
||<!--Option 3-->
# A company would not have any branding/advertising incentives to sponsor a project that could use the funds
+
# The model requires too many resources to manage efficiently.
 +
# Foundation has no direct influence over project quality. Foundation can only suggest improvements.
 
|-
 
|-
 
| '''Any other considerations'''
 
| '''Any other considerations'''

Revision as of 23:19, 30 April 2014

Purpose

OWASP needs help from our community to define an OWASP Projects Program model that will meet the needs of our overall community. To do so we are engaging the community to discuss and flush out different options. We would like to have a vote on this to ensure that the community has a say in how the foundation moves forward.

The Options

Please feel free to add additional bullets to any of the cells. Please do not remove existing items.

Option 1 - Flagships get majority of resources to increase quality. 2 - Develop two separate programs: Quality focused and Innovation focused 3 - Community project review centric model
Summary Description

We would drop the lab designation, and only have Incubator and Flagship projects. Flagship projects would be voted on by the community, and our resources would go towards developing the Flagship projects, based on community input. Incubators would get less attention and support.

  • This approach keeps both Flagships and Incubators under the same program.
  • This model would remove resources from Incubators and funnel the majority of resources into the Flagship Projects.

This approach separates focus areas into two separate programs. One will focus on increasing the quality of a handful of projects selected by the community, and the other program will focus on developing a platform for new leaders that facilitates innovation, research, and testing.

  • This approach would take two community requests (increase quality, platform for innovation), and separate each request into to programs.
  • This method allows the foundation to have clearly defined goals for each program.

This is the approach we are currently using. This approach requires that the community conduct project reviews to graduate projects, and it requires a twice yearly project audit to demote projects that are currently inactive.

  • Current approach
  • This model requires a large task force of community reviewers to make sure our project graduation process is functioning to an acceptable level.
How are Flagships Selected? Community Vote Community Vote Community Project Health and Quality Reviews
New Project Designations
  • Official OWASP Project: As Josh suggested, these would be projects that OWASP actively maintains and uses to promote the foundation. In reality, these are what flagship projects should be under the current system. The majority of our resources and time should be used to improve the quality and sustain these projects.
  • OWASP supported Projects: These would be similar to what the incubators are under our current system. As I have mentioned before, having this space for our community is very important as it encourages innovation, and it allows starting members to become engaged and involved. These can be managed in the same way we manage incubators now.
  • OWASP Sunset Projects: This is another one of Josh’s ideas that I am very happy to support. Projects like ESAPI or WebScarab would fit under this title. These are projects that are still being used by consumers, but that we cannot directly support as they are not actively maintained or being worked on.
  • OWASP Flagship Project: These would be projects that OWASP actively maintains and uses to promote the foundation. The majority of our resources and time should be used to improve the quality and sustain these projects.
  • OWASP Incubator Projects: These would be all of the rest of our projects. These can be managed in the same way we manage incubators and lab projects now.
  • OWASP Sunset Projects: This is the same as Proposal 1. Projects like ESAPI or WebScarab would fit under this title. These are projects that are still being used by consumers, but that we cannot directly support as they are not actively maintained or being worked on.
  • OWASP Flagship Project: These would be projects that OWASP helps maintain, but does not directly manage. We will use these to promote the foundation.
  • OWASP Lab Projects: Projects with beta or stable release that wish to graduate to Lab.
  • OWASP Incubator Projects: These would be all of the new projects. These can be managed in the same way we manage incubators projects now.
  • OWASP Sunset Projects: Projects like ESAPI or WebScarab would fit under this title. These are projects that are still being used by consumers, but that we cannot directly support as they are not actively maintained or being worked on.
Project Quality

Consolidate foundation resources to help improve quality of Flagships only. This will give the majority of our resources to a handful of projects.

  • Flagship Project Program: As mentioned above, these projects would be the ones OWASP actively maintains and seeks to increase the quality of. We can re-name this program. I recommend that we should have no more than 6 projects in this program for any given year. Further, I recommend that these projects be voted on by the community (which projects should be flagship).
  • Primary Goal of the Program: To increase the quality of a select few number of OWASP projects selected by our community stakeholders and consumers.
  • OWASP Projects Program: This would be similar to what we have now which is a platform for research and innovation. All projects under this platform would have the same designation unless they are sunset or inactive projects. They would get the same benefits they do now and the same opportunities.
  • Primary Goal of the Program: To maintain a research and innovation platform for our community to test ideas and theories.

The foundation has no direct influence over the quality of the project. The quality of the project is dependent on the project leader’s individual time, resources, and output.

Project Reviews

Only professionally review the community selected Official projects once a year, and the Incubator projects only get reviewed if they ask for one. The reviews are conducted by the community for supported projects.

  • For the OWASP Projects Program, we would only conduct reviews for those projects that ask for them. The reviews will be primarily to give feedback to the leader about their research/ideas and on their project health.
  • For the Flagship Program, reviews would be mandatory, and I recommend the new technical person conduct them. I further recommend they be done every quarter for each project. It is far more manageable since we would only have 6 or so projects in this program.

Project reviews are only done for those projects that want reviews, or that would like to graduate to the next level.

Resources and Funding

The majority of our resources and funding will go towards the development of higher quality Official OWASP projects. Supported projects will still have access to resources, but they will be minimal.

Each program would need to have their own budget. The Flagship program would only spend their funds on items that increase project quality. I suggest you get a very detailed project plan and budget for these. The Projects Program would have a budget that would fund items like project dev work, the project summit, OSS, marketing/design costs, etc.

All projects get access to funding; however, Flagships get priority for funding for project development work. Funding items like project dev work, the project summit, OSS, marketing/design costs, etc are still available to all projects.

Positives of this approach
  1. Simplifies the process from an operational perspective as we would be primarily focusing on increasing the quality of a very small community selected group of projects.
  2. Increases community involvement.
  3. Incentivizes Leaders to make their projects user friendly, high quality, and highly volunteer engaged.
  1. Separates two different focus areas into two separate programs.
  2. Increases community involvement.
  3. Incentivizes Leaders to make their projects user friendly, high quality, and highly volunteer engaged.
  1. No adaptation needed in the operational and financial plan for 2014
Negatives of this approach
  1. Community vote might turn into a popularity contest.
  2. OWASP Official projects will take the majority of resources from all other projects.
  3. We will still have two separate focus areas under one program.
  4. Project development work will still be dependent on volunteer resources.
  1. Will require an additional foundation hire to manage Flagship Project Program.
  2. Project development work will still be dependent on volunteer resources.
  1. The model requires too many resources to manage efficiently.
  2. Foundation has no direct influence over project quality. Foundation can only suggest improvements.
Any other considerations
  1. ...
  1. ...

Additional Comments

Use this space to provide additional comments on any of the existing text. For example, perhaps you disagree with something that is above. Please note your thoughts in this section.