This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit https://owasp.org

Difference between revisions of "Governance/ProjectProgramModels"

From OWASP
Jump to: navigation, search
Line 1: Line 1:
 
= Purpose =  
 
= Purpose =  
OWASP needs help from our community to define an OWASP Projects Program model that will meet the needs of our overall community. To do so we are engaging the community to discuss and flush out different options. We would like to have a vote on this to ensure that the community has a say in how the foundation moves forward. The new program model will take effect
+
OWASP needs help from our community to define an OWASP Projects Program model that will meet the needs of our overall community. To do so we are engaging the community to discuss and flush out different options. We would like to have a vote on this to ensure that the community has a say in how the foundation moves forward.  
  
 
= The Options =
 
= The Options =

Revision as of 22:45, 30 April 2014

Purpose

OWASP needs help from our community to define an OWASP Projects Program model that will meet the needs of our overall community. To do so we are engaging the community to discuss and flush out different options. We would like to have a vote on this to ensure that the community has a say in how the foundation moves forward.

The Options

Please feel free to add additional bullets to any of the cells. Please do not remove existing items.

Option 1 - Flagships get majority of resources to increase quality. 2 - Develop two separate programs: Quality focused and Innovation focused 3 - Community project review centric model
Summary Description

Each individual project leader makes all decisions on sponsorship and recognition. Project leaders determine the requirements and placements of logos at their discretion

  • Current approach
  • This approach is the most decentralized, least regulated, and would result in the least consistency across OWASP projects

Anyone can pay to place a sponsorship logo on a project per a centralized policy.All contributors get name, email address, company (if desired), hyperlink (no logo) per leadership decision. No logos for just contributions of any sort

  • This approach is centralized, regulated, and would result in consistency across OWASP projects

Projects list individual contributors on a dedicated acknowledgement page per project which is consistent across all project ( Name, email, company name). Financial sponsors only listed on a dedicated sponsor page on a centralized owasp webpage (e.g. no logos on projects)

  • This approach is the most centralized, more regulated, and would result in the most consistency across OWASP projects
Can OWASP projects be directly sponsored by a company Yes Yes No - however companies can sponsor the OWASP Foundation and the foundation can distribute funds to projects through items like summer of code / project reboot / etc
Are company logos placed within the OWASP project? Yes Yes No
How are logos handled (placement, cost, logo size, etc) both on the wiki page and within any output/deliverable (e.g tool, documentation)

At the sole discretion of the project leader

By OWASP wide standard policy for project sponsorship. Logos would be included at a standard place for all projects.

There are no project sponsors. Instead sponsors of the OWASP foundation are on a listed dedicated sponsorship page which may include the logo.

How are company contributions acknowledged?

At the sole discretion of the project leader

The same as individual contributors. However, since an individual can list their company name a company with many volunteers to a project would see their company name listed multiple times on the project acknowledgement page.

The same as individual contributors. However, since an individual can list their company name a company with many volunteers to a project would see their company name listed multiple times on the project acknowledgement page.

How are individual contributions acknowledged

At the sole discretion of the project leader

All contributors will have their name, email address, company (if desired) listed on the contributors page for the project.

All contributors will have their name, email address, company (if desired) listed on the contributors page for the project.

Positives of this approach
  1. Very decentralized and scalable, no impact on operations staff
  2. Project leader empowerment
  1. Revenue generation
  2. All contributors get recognition
  3. Companies that allow employees to work on a project will show many people with @company.com contributors
  1. Maintains focus on OWASP, less dilution of OWASP brand
  2. Centralized location for sponsorship recognition. - Wall of fame
Negatives of this approach
  1. Lack of consistency across projects
  2. No clear engagement on how contributors get involved
  3. May be open to abuse due to lack of standards
  1. Individuals and companies that contribute lots of time may be trumped (in recognition) by any company that donates money
  2. Corporate Logos on projects may cause vendor neutrality concerns and discourage contribution
  1. A company would not have any branding/advertising incentives to sponsor a project that could use the funds
Any other considerations
  1. ...
  1. ...

Additional Comments

Use this space to provide additional comments on any of the existing text. For example, perhaps you disagree with something that is above. Please note your thoughts in this section.