forked from pastme/coderbounty
/
OWASP.txt
57 lines (33 loc) · 3.75 KB
/
OWASP.txt
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
OWASP
Coderbounty seeks to become a project of OWASP and at the same time become a profitable company.
Recap of meeting from Tom:
In concept, we could list every OWASP project (since they all have a min of $500 now) and really try to get 10-15 of the active leaders to become interactive and post bounties for sprints. OWASP operations needs to feed it and provide quarterly payouts with funding from here:
https://www.owasp.org/index.php/Donation_Scoreboard <-- note tabs
The Bounties could help us also achieve partial gamification within OWASP for builders working on cheat sheets, projects in GIT, writing code and related tasks. Could we do the same thing with a odesk.com or freelancer.com account... maybe but I think you captured the simplification nicely!
P.S. - IMHO This is exactly the type of PLATFORM value that OWASP needs to provide to projects. If the project is not a OWASP <Project> it would not be in the tool and get the support and full time management of the back office team as example.
https://www.owasp.org/images/d/d8/PROJECT_LEADER-HANDBOOK_2014.pdf
---
Sean (an OWASP Brooklyn chapter leader) has expressed some concerns:
1) when signing the project donation contract, how does this affect a project like this? Can we make this mutually beneficial?
2) the handbook states that projects must remain volunteer run. Since Coderbounty pays everyone involved, would this be an issue?
Notes from Johanna:
This is a special project. Most OWASP projects are security and open source related initiatives.
Coderbounty is a software platform that handles bounties and is not security related. This project could be considered into the 'operational project' category
This is a great initiative. As a fellow OWASP global member and having being involved with many projects I would like to offer a word of advice regarding setting this into an OWASP project.
OWASP projects have some constrains and guidelines that are important to follow. Since the project is more an 'operational' kind of platform to other projects, please consider your target group: project leaders.
Some considerations you could take into account when developing the platform are:
What kind of benefits and features does this platform offer to OWASP project leaders compare to other similar existing ones?
Example(Projects can accumulate points for each bounty offer and in this way their money spent into running a bounties can increase
IF a commission is charged, define how that money could be used into other initiatives to benefit
projects .Example: 30% of the 10% earned commission will go to the Flagship/LAB projects budget for running bounties
As an organization that preaches security, consider running security bounties to help secure the platform
The value has to be determined and if it is a OWASP Foundation managed service (by the business) as part of the platform for the world the charity serves as well as from the individual volunteers that want to get things done on projects they are working on.. There are two perspectives and workflows in some cases
From psiinon
The value has to be determined and if it is a OWASP Foundation managed service (by the business) as part of the platform for the world the charity serves as well as from the individual volunteers that want to get things done on projects they are working on.. There are two perspectives and workflows in some cases
This is on the table have a read
https://docs.google.com/document/d/1PvNeEWgoO1w51VhHLwqqSgo0mBh-RvmSFUKMTz4QrYg/edit?usp=sharing
From Bev:
Would also be a great talk topic for a Q1 meeting Sean will smart tag
it for Feb meeting in NYC if you are available (dates/location in
progress..) as you onboard the application it will not only describe
the project workflow but how innovation happens at OWASP bottom up.