OWASP Global ProjectsCommittee

Brad CauseyLeo CavallariPravir ChandraJason LiMatt Tesauro

**Paulo Coimbra****Dinis Cruz**

Presentation Overview

• The original plan post-Portugal• One year later• Assessment Criteria v2• Survey & orphaned projects• Wiki templates and project meta-data• Next Steps• Goals for 2010• Structured discussions• Questions/Comments/Flames

The original plan post-Portugal

• Define and apply quality/health metrics to projectso Incorporate results for categorization

• Create and capture project meta-data• Provide repository for all OWASP projects

o Migrate projects to new repository• Create project "kit" for new projects

o Template for project pages• Revamp the view of OWASP projects

o Rework "Projects" page and tables• Improve transitions from SoC to full projects• Formulate high-level workflows for documentation

projects

One Year Later

• Assessment Criteria v2• Project surveys• Identified orphaned

projects• Finding Leaders for

orphaned projects• Supported new projects• Centralized Data about

projects – Wiki Templates

• Revised SoC plans

Assessment Criteria v2

• Why does OWASP have the ACv2?o  Evaluation of future SoC projectso  Collect a common set of info on projects

•  Why collect all this info on projects?o Currently situation = grab bag of projectso GPC would like to promote projects

External audiencesProject to project integrationRecruit volunteers

Assessment Criteria v2

• My project is a release, my release is a project?  Eh?o ACv2 makes a distinction between a project and

the releases the project createso Releases are measured against Alpha, Beta, Stable

Project leads decide when they want a release reviewed - point releases vs trunk

o Projects are measured against levels of healtho Project health is still very early in development

GPC has a lot of work to do here

Reviewers Wanted!!!!

• We have a lot of projects• Project make a lot of releases• We ALWAYS can use reviewersoJust contact the GPCoSpread the word

Easy way to get involvedFirst step for new contributors!

Survey & Orphaned Projects

• Conducted project surveyo First global look across

all projectso Collected loads of usable

meta-data• Will conduct the survey

yearly• Identified projects that

were un-owned (orphans)• Always looking for new

project leaders for orphans

Wiki Templates & Project Meta-data

• Used wiki templates to standardize data cataloging for OWASP projects

• Enables dynamic re-use of data without duplication• Allows us to dynamically generate summary pages for

each projecto Consistent look and feel

• Enables future dashboarding effortso Like the current project information tab

Next Steps

• Need project leader buy-in/feedback on Assessment Criteria v2

• Need reviewers for projects and releases

• NOT an Assessment Criteria v3 (at least not for a year!)

Goals for 2010

1.Apply Assessment Criteria v2 to all projects

•Unified dashboard for OWASP projects

•Launch and manage Season of Code 2010

Discussion: Assessment Criteria v2

• Do you understand it?

• Does it make sense what changed?

• Do you understand how it affects you?

Discussion: Wiki Templates & Project Pages

• Thoughts and feedback?

• Objections to changing project pages?

• How would this impact your project?

Discussion: Season of Code

• No SoC 2009o We realized there were some challenges that

we didn't expecto Push submitted proposals until next cycle

• New season of code plano Changes on focus of proposalso Changes to payment structure

Questions/Comments/Flames

• What do you think about what we've done?o Future plans?

• What more can the GPC do to help you?