OWASP Summer of Code 2008 Previous Updates

From OWASP
Revision as of 10:05, 17 July 2008 by Paulo Coimbra (Talk | contribs)

Jump to: navigation, search

Click here to return to the previous page.

Previous Updates

  • June 26
  • As you know, we have almost reached the time to perform the 50% review.
  • However, it’s time to recognize that we have been somewhat imprecise in our definition of the 50% review‘s deadline. To have all projects reviewed, we should have defined a period, a start and an end date, instead of a specific day. Therefore, regarding this matter, we will not be strict.
  • On the contrary, please be aware that we expect the final deliveries ready by, maximum, 15th September, as we are planning to set up an International Conference to publicly present them.
  • However, we are still recommending June 29 to be assumed as the reference date to begin this process.
  • In accordance, we would like to see each project template being updated until the referred date (June 29) by uploading in there all project main links and documentation as can be seen, for example, here or here. Thereafter, both author’s project and reviewers should begin the assessment task. – As we are still receiving questions inquiring about the assessment/review methodology, I am sending again a couple of guidance lines (see please the page bottom).
  • Regarding the provisory pointed out reviewers, as not everybody have yet done what was asked in the previous SoC’s update, I must reiterate the following requests:
    • Please add the note ‘Confirmed’ or ‘Unconfirmed’ directly on this page, just below the reviewers names. Please, pay special attention if you find the reference TBC (To be confirmed).
    • Please, ask your reviewers for them to add, as soon as possible, just below their names, a link with a couple of lines mentioning their professional background - as you know this information will be needed to achieve OWASP Board’s confirmation.
  • Please, send me off your postal address and Pay Pal reference. Once the 50% review is finished, we will need it to pay.
  • To conclude, regarding the projects that haven’t yet found the required reviewers, I take the opportunity to ask the authors drop me a line if assistance is needed.
  • JUNE 16:
  • OWASP Summer of Code's Project Pages, Reviewers Status, Pay Pal and Postal Addresses.
  • Your pages were created and can be found here. Please confirm all data - mistakes can have been made - and feel free to change it as you find best.
  • In addition, as you will see, the text that I have chosen to introduce your project is too long. So, could you please find out a terse phrase to substitute it?
  • Regarding the provisory pointed out reviewers please allow me, I have again a couple of requests:
    • Please add the note ‘Confirmed’ or ‘Unconfirmed’ directly on this page, just below their names. Please, pay special attention if you find the reference TBC (To be confirmed).
    • Please, ask your reviewers for them to add, as soon as possible, just below their names, a link with a couple of lines mentioning their professional background - as you know this information will be needed to achieve OWASP Board’s confirmation.
  • I take the opportunity to ask you all to send me off, please, your postal address and Pay Pal reference. Once the 50% review is finished, we will need it to pay. We also need the former information to weigh up the price of your flights to the OWASP Summit.
  • To conclude, I inform that I will be out of office until 23rd, next Monday – if you have any urgent matter please contact Dinis Cruz (dinis.cruz@owasp.org).
  • Keep up the good work and, please, do not forget that we have the 50% review scheduled for June 29th.
  • Many thanks, best regards.
  • Paulo Coimbra.
  • JUNE 9:
  • The reviewer’s question/OWASP EU Summit 2008.
  • To deal with it, I have created a new page here.
  • To begin with, the referred page includes a field named Status Target. I have filled it in accordance with the SoC’s operational rules. So, if any of you disagrees with my criterion, please let me know.
  • Next, regarding the provisory pointed out reviewers, please allow me, I have a couple of requests for you:
    • Please confirm that no mistake was made and feel free to change it, directly on the referred page, in accordance with your own choice if you find any error or misunderstanding. Please, pay special attention if you find the reference TBC (To be confirmed).
    • Please, ask your reviewers for them to add, as soon as possible, just below their names, a link with a couple of lines mentioning their professional background - as you know this information will be needed to achieve OWASP Board’s confirmation.
  • Taking the opportunity, regarding the roles of reviewers and contributors, we recommend keeping a clear distinction between them. No one working as author/contributor should act simultaneously as reviewer in the same project. We believe that clear and distinctive roles create the scientific/technical conditions to have final improved deliveries and we hope that you can agree with us.
  • With respect to your project page, it goes without saying that I am delayed. Please forgive me. I have already initiated this process and I am counting on finishing it very soon. However, your help would be very much appreciated - if you want to take a stab at setting it up, you can use the Skavenger template as example. Otherwise, I will do it for you.
  • Concerning the good news that I’ve promised in my last update, I am very glad to announce that we are planning to invite all SoC’s authors and reviewers to attend a conference to publicly present the deliveries.
  • The rules to attend the referred conference are far from being finalized or definitively established, although I can anticipate that we are planning to pay part, at least, of the flights and accommodation expenses. Concerning this matter, please, don’t get back to me asking for additional information - you can follow all the issue here as I have not, for now, additional information. I am very thrilled with this scenario and I hope you find it worth doing.
  • As always, we are counting on you to support OWASP.
  • Keep up the good work and, please do not forget that we have the 50% review scheduled to June 29th.
  • Many thanks, best regards
  • Paulo Coimbra
  • MAY 26:
    • Update made in OWASP Summer of Code 2008 set of rules.
    • The specificity of the documentation projects, and the remarkable extension and complexity of some of them, has been mentioned by a few authors/project leaders.
    • Hence, regarding the question of the number of the reviewers for each documentation project, we have decided to propose you a new frame to deal with that matter.
    • That is to say, we are proposing to have one reviewer for each 200 pages of content.
    • However, all projects have to have, at least, two reviewers.
    • Regarding the associated question of payment, as we have assumed before, we will reward this contribution either with a free ticket to attend the OWASP NYC AppSec 2008 Conference or with 12, 5% of the value of the project to be reviewed.
  • MAY 14:

0. Call for OWASP Summer of Code’s 2008 Reviewers.

  • As you probably already know, OWASP has awarded 31 grants to promising application security researchers as part of the OWASP Summer of Code 2008 (SoC 2008).
  • As a result, we are seeking out for project reviewers so as to have all these projects assessed.
  • Consequently, if you are interested in performing such task, please don’t hesitate and let us know as soon as possible. As a volunteer organization, we rely absolutely on your contribution. Hence, we lively encourage you to put forward your application to assume this reviewer role.
  • To make your decision please look at the following information:

1. Where are the projects to review?

  • These projects can be found here.

2. What are the reviewers’ main tasks?

  • A. The main tasks are the result of a set of rules previously established in both the OWASP Summer of Code 2008 initiative and the OWASP Project Assessment criteria.
  • B. To exemplify, please take into consideration the.
  • C. Simplifying , I would say that the work review will basically consist in certifying that the project’s objectives and deliveries were accomplished and, taking into consideration the OWASP Project Assessment criteria, in certifying that the Beta Status was reached. Additionally we expect the reviewer always to be available to provide useful advice to the project developer. These tasks must be performed twice: the first one, the 50% Review, by June 29 and the second one, the Final Review, by September 15.
  • D. Regarding the question of the project status, it is important to clarify that, even though the majority of the projects have to reach Beta status, there are also some others, in which the status target is Release Quality. That is to say, that each project built on previous work done within OWASP (Existing OWASP Projects) should obtain Reviewers’ agreement that a Release Quality stage was achieved.

3. Who can be a reviewer?

  • If you are interested in contributing and feeling comfortable with the technical matters in question, you can be project reviewer. We encourage also the OWASP Summer of Code 2008 participants to take part in reviewing someone else’s SoC 2008 project. However, please pay attention to the fact that, at least, one of the two Project Reviewers should be an OWASP Project or Chapter Leader.

4. Will this work be paid?

  • Well, in terms of paying the market value of your work, we wouldn’t dare say ‘yes’. However, we will reward this contribution either with a free ticket to attend the OWASP NYC AppSec 2008 Conference or with 12,5% of the value of the project to be reviewed.

5. Where can I find the project’s progress page in which I am interested? That is to ask, where can I find the page similar to the one?

  • Currently, nowhere, but very soon each project will be supplied with its own progress page.

6. So, if I am interested in being one of the reviewers, how should I proceed?

  • A. Please drop me a line to let me know about your interest.
  • B. I will put you in direct contact with the project’s author.
  • C. Having reached the author’s agreement, please inform us.
  • D. As all reviewers must have OWASP Board approval, we will inform you as soon as possible about their decision.
  • APRIL 30:
    • With regard to the progress pages, we are still working on a sample of it. You can see here and here what we are doing. Once we have it finalized, we’ll get back to you. However, if you need right now to have a wiki page to carry on with your work, you can create your own on the section of Season of Code Projects at the OWASP projects page – later on it can be adapted in accordance with the proposed model.
    • This situation above has also an impact on the reviewers’ question. We’ve decided to add in the referred above model the specifications to have in consideration for the work review. Hence, we are planning to focus again on finding reviewers only after the model is finished. However, it will happen very soon. Besides, for your information, we are planning to offer to every SoC’s reviewer either a free ticket to attend the OWASP NYC AppSec 2008 Conference or 12,5% of the value of the project to be reviewed.
  • APRIL 17:
    • We announce the results of the assessment of OWASP Summer of Code’s 2008 applications that can be found here.
    • As a swift overview, we would say that we have received 35 applications of which 31 were already accepted. In addition, two applications are waiting for Jury’s decision yet and two more were withdrawn by the author.
    • Consequently, except for the former two applications referred above, we declare that the working period for the OWASP Summer of Code 2008 has already begun.
  • MARCH 31:
    • We announce a two-week-delay in the assessment of OWASP Summer of Code’s 2008 applications. We are now planning to deliver our assessment on the 16th April. Hence, the whole SoC’s 2008 schedule will be postponed two weeks.
    • Having carefully analysed the set of 35 applications, we have decided to request that 18 applicants adjust their proposals. These 18 applications can be found here.
      • As you will see, for each one, we have posted a couple of recommendations. Consequently, we ask that each applicant answer just below our recommendations, whether or not they are accepted. If so, please leave a clear note of it and modify accordingly your applications in the same wiki page.
      • We also recommend that you state your positions by the 9th of April.
    • The remaining set of applications can be found on either the Majority Vote Page or Selection Criteria Page. Although the new official date to announce the SoC’s 2008 is now the 16th of April, we will post our assessment as soon as it has been reached. At this moment, the applicants can of course start working. However, we will return to you all later, once the assessment process has been totally completed, with further details.
    • We understand the inconvenience that this might cause and apologise for that. Although, as we are acting to improve the SoC’s final deliveries, we also ask for your understanding and we thank you in advance.
  • MARCH 25: Submission period is now closed. The final decision will be announced HERE on the 2nd April. Thanks to everybody who applied for this OWASP Season of Code.
  • MARCH 12 : If your application for an OWASP Summer of Code 2008 fund wasn’t already submitted just because you are stuck with doubts about a work line to follow, you can skim over the new and greatly improved Request for Proposal List to find a wide-range of options.
  • MARCH 10: As expected, the applications are coming in!
    • Please remember to send us an email when you post them on-line. We need to know who you are. :)
  • MARCH 3: OWASP SUMMER OF CODE 2008' HAS BEEN LAUNCHED!
    • Deadline for project applications: 25th March.