Projects/Reviews Management Proposal 2013

= Project Reviews: Work Flow Management Proposal 2013 =

Current State of Projects

These past couple of months have been very busy for our projects. We have put together our operational projects Infrastructure with the help of the GPC and the OWASP Staff, and we now have the majority of our projects related materials updated and accessible to all of our consumers.

Part of developing the projects infrastructure involved developing processes that were either non-existent, or were in dire need of an update. While we did develop these processes for our community, the project reviews process still requires a bit of fine tuning.

The project reviews process is the method by which projects move from one project stage to the next, and it involves the project review criteria and the reviewer pool of qualified candidates. I developed an updated version of the criteria and the review process based on information I gathered during my own internal audit of our projects data. Earlier this year, I ran a test using two projects to see how the new process worked out, and I discovered a few issues that I feel are very important to resolve. Here they are below:

1. Poor quality of reviewers.

2. Poor quality of the reviews.

3. Lack of technical overview/review criteria.

I am glad to say that the test reviews were successful. However, I feel that the issues above need to be addressed if we are to increase the quality of our projects within each OWASP Project Stage.

=Proposal=

1. I am proposing to have a working group of volunteer technical project advisors headed by a member of the board.

2. The working group should be made up of the following areas: Secure Development, Secure Lifecycle Activity, Static Analysis, Dynamic Analysis, Governance, and Knowledge.

3. Each of these areas should be a project division role filled by one individual, and each role will have a six month limit to it. (Or the individual can resign the post if he/she can no longer carry on with the role's duties)

4. These volunteers will be responsible for reviewing projects, and increasing the quality of the project review process and criteria as part of their roles.

5. This working group will be managed by the Lead Technical Project Advisor (board member) with updates and outcomes reported to the OWASP PM.

I would like to nominate Jim Manico to take on the role of Lead Technical Project Advisor, and oversee the selection of each technical project advisor role. He has shown great dedication and support to our projects overall, and I feel he is a great candidate to help shape our project review process with the help and guidance of the community, the technical advisors, and myself.

This is a difficult problem to solve mostly because of the large amount of global projects we have. Nevertheless, I think we have gotten off to a good start. The test reviews proved very informative, and now we have a much clearer vision for what needs to be done.

Thank you for your time.

Samantha Groves

OWASP Projects Manager