OWASP Global Projects Committee Brad Causey Leo Cavallari Pravir Chandra Jason Li Matt Tesauro **Paulo Coimbra** **Dinis Cruz**

Presentation Overview The original plan post-Portugal One year later Assessment Criteria v2 Survey & orphaned projects Wiki templates and project meta-data Next Steps Goals for 2010 Structured discussions Questions/Comments/Flames

The original plan post-Portugal Define and apply quality/health metrics to projects o Incorporate results for categorization Create and capture project meta-data Provide repository for all OWASP projects o Migrate projects to new repository Create project "kit" for new projects o Template for project pages Revamp the view of OWASP projects o Rework "Projects" page and tables Improve transitions from SoC to full projects Formulate high-level workflows for documentation projects

One Year Later Assessment Criteria v2 Project surveys Identified orphaned projects Finding Leaders for orphaned projects Supported new projects Centralized Data about projects – Wiki Templates Revised SoC plans

Assessment Criteria v2 Why does OWASP have the ACv2? o Evaluation of future SoC projects o Collect a common set of info on projects Why collect all this info on projects? o Currently situation = grab bag of projects o GPC would like to promote projects  External audiences  Project to project integration  Recruit volunteers

Assessment Criteria v2 My project is a release, my release is a project? Eh? o ACv2 makes a distinction between a project and the releases the project creates o Releases are measured against Alpha, Beta, Stable  Project leads decide when they want a release reviewed - point releases vs trunk o Projects are measured against levels of health o Project health is still very early in development  GPC has a lot of work to do here

Reviewers Wanted!!!! We have a lot of projects Project make a lot of releases We ALWAYS can use reviewers o Just contact the GPC o Spread the word  Easy way to get involved  First step for new contributors!

Survey & Orphaned Projects Conducted project survey o First global look across all projects o Collected loads of usable meta-data Will conduct the survey yearly Identified projects that were un-owned (orphans) Always looking for new project leaders for orphans

Wiki Templates & Project Meta-data Used wiki templates to standardize data cataloging for OWASP projects Enables dynamic re-use of data without duplication Allows us to dynamically generate summary pages for each project o Consistent look and feel Enables future dashboarding efforts o Like the current project information tab

Next Steps Need project leader buy-in/feedback on Assessment Criteria v2 Need reviewers for projects and releases NOT an Assessment Criteria v3 (at least not for a year!)

Goals for Apply Assessment Criteria v2 to all projects 2.Unified dashboard for OWASP projects 3.Launch and manage Season of Code 2010

Discussion: Assessment Criteria v2 Do you understand it? Does it make sense what changed? Do you understand how it affects you?

Discussion: Wiki Templates & Project Pages Thoughts and feedback? Objections to changing project pages? How would this impact your project?

Discussion: Season of Code No SoC 2009 o We realized there were some challenges that we didn't expect o Push submitted proposals until next cycle New season of code plan o Changes on focus of proposals o Changes to payment structure

Questions/Comments/Flames What do you think about what we've done? o Future plans? What more can the GPC do to help you?