Difference between revisions of "Governance/ProjectProgramModels"

From OWASP
Jump to: navigation, search
Line 13: Line 13:
 
| '''Summary Description'''
 
| '''Summary Description'''
 
||<!--Option 1-->
 
||<!--Option 1-->
Each individual project leader makes all decisions on sponsorship and recognition. Project leaders determine the requirements and placements of logos at their discretion
+
We would drop the lab designation, and only have Incubator and Flagship projects. Flagship projects would be voted on by the community, and our resources would go towards developing the Flagship projects, based on community input. Incubators would get less attention and support.
*Current approach
+
*This approach keeps both Flagships and Incubators under the same program.
*This approach is the most decentralized, least regulated, and would result in the least consistency across OWASP projects
+
*This model would remove resources from Incubators and funnel the majority of resources into the Flagship Projects.
 
||<!--Option 2-->
 
||<!--Option 2-->
Anyone can pay to place a sponsorship logo on a project per a centralized policy.All contributors get name, email address, company (if desired), hyperlink (no logo) per leadership decision. No logos for just contributions of any sort
+
This approach separates focus areas into two separate programs. One will focus on increasing the quality of a handful of projects selected by the community, and the other program will focus on developing a platform for new leaders that facilitates innovation, research, and testing.  
*This approach is centralized, regulated, and would result in consistency across OWASP projects
+
*This approach would take two community requests (increase quality, platform for innovation), and separate each request into to programs.
 +
*This method allows the foundation to have clearly defined goals for each program.
 
||<!--Option 3-->
 
||<!--Option 3-->
Projects list individual contributors on a dedicated acknowledgement page per project which is consistent across all project ( Name, email, company name). Financial sponsors only listed on a dedicated sponsor page on a centralized owasp webpage (e.g. no logos on projects)
+
This is the approach we are currently using. This approach requires that the community conduct project reviews to graduate projects, and it requires a twice yearly project audit to demote projects that are currently inactive.
*This approach is the most centralized, more regulated, and would result in the most consistency across OWASP projects
+
*Current approach
 +
*This model requires a large task force of community reviewers to make sure our project graduation process is functioning to an acceptable level.
 
|-
 
|-
 
| '''Can OWASP projects be directly sponsored by a company'''
 
| '''Can OWASP projects be directly sponsored by a company'''

Revision as of 17:54, 30 April 2014

Purpose

OWASP needs help from our community to define an OWASP Projects Program model that will meet the needs of our overall community. To do so we are engaging the community to discuss and flush out different options. We would like to have a vote on this to ensure that the community has a say in how the foundation moves forward.

The Options

Please feel free to add additional bullets to any of the cells. Please do not remove existing items.

Option 1 - Flagships get majority of resources to increase quality. 2 - Develop two separate programs: Quality focused and Innovation focused 3 - Community project review centric model
Summary Description

We would drop the lab designation, and only have Incubator and Flagship projects. Flagship projects would be voted on by the community, and our resources would go towards developing the Flagship projects, based on community input. Incubators would get less attention and support.

  • This approach keeps both Flagships and Incubators under the same program.
  • This model would remove resources from Incubators and funnel the majority of resources into the Flagship Projects.

This approach separates focus areas into two separate programs. One will focus on increasing the quality of a handful of projects selected by the community, and the other program will focus on developing a platform for new leaders that facilitates innovation, research, and testing.

  • This approach would take two community requests (increase quality, platform for innovation), and separate each request into to programs.
  • This method allows the foundation to have clearly defined goals for each program.

This is the approach we are currently using. This approach requires that the community conduct project reviews to graduate projects, and it requires a twice yearly project audit to demote projects that are currently inactive.

  • Current approach
  • This model requires a large task force of community reviewers to make sure our project graduation process is functioning to an acceptable level.
Can OWASP projects be directly sponsored by a company Yes Yes No - however companies can sponsor the OWASP Foundation and the foundation can distribute funds to projects through items like summer of code / project reboot / etc
Are company logos placed within the OWASP project? Yes Yes No
How are logos handled (placement, cost, logo size, etc) both on the wiki page and within any output/deliverable (e.g tool, documentation)

At the sole discretion of the project leader

By OWASP wide standard policy for project sponsorship. Logos would be included at a standard place for all projects.

There are no project sponsors. Instead sponsors of the OWASP foundation are on a listed dedicated sponsorship page which may include the logo.

How are company contributions acknowledged?

At the sole discretion of the project leader

The same as individual contributors. However, since an individual can list their company name a company with many volunteers to a project would see their company name listed multiple times on the project acknowledgement page.

The same as individual contributors. However, since an individual can list their company name a company with many volunteers to a project would see their company name listed multiple times on the project acknowledgement page.

How are individual contributions acknowledged

At the sole discretion of the project leader

All contributors will have their name, email address, company (if desired) listed on the contributors page for the project.

All contributors will have their name, email address, company (if desired) listed on the contributors page for the project.

Positives of this approach
  1. Very decentralized and scalable, no impact on operations staff
  2. Project leader empowerment
  1. Revenue generation
  2. All contributors get recognition
  3. Companies that allow employees to work on a project will show many people with @company.com contributors
  1. Maintains focus on OWASP, less dilution of OWASP brand
  2. Centralized location for sponsorship recognition. - Wall of fame
Negatives of this approach
  1. Lack of consistency across projects
  2. No clear engagement on how contributors get involved
  3. May be open to abuse due to lack of standards
  1. Individuals and companies that contribute lots of time may be trumped (in recognition) by any company that donates money
  2. Corporate Logos on projects may cause vendor neutrality concerns and discourage contribution
  1. A company would not have any branding/advertising incentives to sponsor a project that could use the funds
Any other considerations
  1. ...
  1. ...

Additional Comments

Use this space to provide additional comments on any of the existing text. For example, perhaps you disagree with something that is above. Please note your thoughts in this section.