Task Force/OWASP Projects

This task force is focused on OWASP Projects with a first focus on cleaning up the OWASP incubator list

Current To-do list
Tracking of current stuff is done temporary here as we plan to use Jira in the long run.


 * Clean up of Incubator Projects and inactivate projects without a release or updates for over a year.
 * Inactive/Active Project Audits:https://groups.google.com/a/owasp.org/forum/?hl=en#!forum/projects-task-force (must be OWASP member)
 * Project Reviews: See here for more details
 * [Task: Project Metrics Collection Project Metrics Collection: Data needed]


 * Plan next EU Project Summit 2015 Amsterdam
 * AppSecUSA 2014 Projects Summit Rescue
 * Call for sponsorship for the Project Summit - Jonathan has been sending out notes to chapter leaders ask for their help in making the Project Summit possible at AppSec USA.
 * LAB Projects Code Analysis Report
 * The Proposal Evaluation Methodology for OWASP Projects - Johanna has put together a proposal for evaluating project. The proposal can be found here: Proposal Evaluation.
 * Create a Projects Dashboard which will be open for the community to review the status of projects.

To-do list: Future Tasks

 * Gather support and funding to have 1 large OWASP Summit.
 * Design a more sustainable revenue stream using the Project’s IP.
 * Identify & promote cross-project collaboration to move clusters of projects forward, with e.g. work groups that work on a certain domain.
 * Start a task force of people with spare cycles that can help projects that need extra man-power of are falling behind in delivery of new releases (especially the flag ship projects).

Completed Tasks

 * create a new mailing list (in google groups) for this task force: https://groups.google.com/a/owasp.org/forum/?hl=en#!forum/projects-task-force
 * Submissions for Open Source Showcase at AppSec EU: See here for more details: Completed by Team. - May 02, 2014
 * Need to review Java HTML Sanitizer Project: See here for more details: Removed from the Review List - Samantha - May 02, 2014
 * Wikify Projects Dashboard: Removed as agreed it is unnecessary - Samantha - May 02, 2014
 * Move the Google Groups to OWASP Google App - Jonathan - July 16, 2014
 * Inactivated all Incubator Documentation projects with no release in over a year and no updates. - August 2, 2014.
 * Need to get all project repos added to https://www.openhub.net/orgs/OWASP: DONE- 88 projects have an open repository

Failed Tasks

 * 2014 Cambridge Summit Sponsorship Needs

Execution Power
This task force exists on the assumption that it has a mandate from the OWASP leaders to act on behalf of the OWASP community on what is best for OWASP Projects. We are in the process of submitting a Committee Proposal for Project reviews

If somebody (namely an OWASP Leader or Board member) disagree with any of the decisions made, he/she has two options:


 * join this Task Force/Committe
 * create another equivalent 'OWASP Projects group' and do a better job there

note that Committee 2.0 will change this as this task force might converge to a new Committee or fall under one if needed

Current Members

 * Johanna Curiel
 * Dinis Cruz
 * Jonathan Marcil
 * Jason Johnson
 * Gary D. Robinson
 * Kait Disney-Leugers (Staff)

OWASP Projects Task Force (Concept)
This is a new type of OWASP initiative, focused on 'getting things done', the concept is still evolving but here are the current (in draft) guiding principles:


 * 1)  this 'task force is an invitation-only group' (to join the task force, requests should be made directly with existing task force members)
 * 2) all existing members have VETO power, and it is assumed that all decisions are backed up with all existing members
 * 3) only existing members can send the invitations
 * 4) there is a 1 month minimum activity required (or the member is temporarily out).
 * 5) invitations are automatically approved in 24h
 * 6) existing members can VETO new members (and existing members can be kickout by majority)
 * 7) there an one special member who has veto power the responsibility to enforce the 'one month contribution MIA scenario' (i.e. to kick out the 'non contributing members')
 * 8) all communication MUST be made (as much as practically possible) under public mediums: Wiki, public mailings, public Hangout sessions
 * 9) there are NO decisions made BEHIND closed doors, or without a solid digital (hyperlinkable) trail

Discussions
Google Group You must be logged in your OWASP Google App account to view and post to the group.