OWASP Project Activity

Matt Tesauro

Senior Technical Project Coordinator

Claudia Aviles Casanovas

Project Coordinator

October 11 , 2016

Project Reviews Schedule Restart

Project Review - November 1st Launched

New Project Reviews: Currently Pending Review by Matt T.

Call Out to Community to obtain feedback from Project Leaders:

  • Suggestions from Leader List on Project Reviews

Project Handbook & Health Checks

Pending Project Handbook Update - Reviewing Process

Reference Material:

Health Check Scheduled for TBD - Matt T

    • Using an assessment from the Project Leader using the Project Review platform
    • Finalizing change in criteria using a Project Review Platform
    • Budget pending for an a project health dashboard/data collection/automation for 2017

New Projects

  • Dashboard 2016 Updated
    • Completed sync up with Salesforce information, Dashboard and OWASP Inventory
    • Scoreboard - will be updated next
    • Plan Distribution to All Leaders on their Project Balance PUSHED to 11/5
    • Clean up wiki pages that are incomplete and abandoned projects by PUSHED 11/5

Incubator New Projects - OnGOING

Documentation Project:

  • PsySec (Social Engineering) - Currently reviewing criteris
  • OWASP Mobile Security Testing Guide - currently reviewing criteria
  • OWASP Mobile Application Security Verification Standard currently criteria
  • Learning Gateway Project - being reviewed and classification

Code Project:

  • New Requests not yet completed intake information and waiting for Project Leaders
  • New Project Request OWASP JoomScan Project currently reviewing criteria

Tool Projects:

GSOC Activities

Project Requests: Funding, Questions and Assistance and Outreach

  • GOOGLE BLOG POSTING AFTER GSOC SUMMIT 2016 Nov 7th
  • Recognition Announcement for Mentors Nov 7th

Project Initiatives in Planning Process

  • OWASP Initiatives in development
    • OWASP Season of Code for Leaders
    • OWASP Winter of Code for Students
    • OWASP Leader benefits
    • Budget Planning for 2017 - Pending Template
    • Project Leader Meetings /Webinars
    • Revision of communication to the leader list
      • Increase Project Webinars/Demos
      • Incorporate video feeds on topics

Project Infrastructure

  • OWASP’s Website Reboot has been passed to the staff
    • Kate Hartmann, Tiffany Long and Matt Tesauro leads
    • Breaking work into activities aka ‘sprints’
        • Smaller efforts demonstrate success over time
        • Activities can be run in parallel where possible
    • Funding level unknown
      • Budget is required prior to RFP publication
      • Budgets determine contract vs internal / implementation speed

Project Infrastructure

  • OWASP’s Wiki source updates
    • Server with latest source at update-wiki.owasp.org
    • First step in The Website Reboot
  • Production update holding
    • Waiting for answer on hiring IT contractor from Board
    • Once board reaches decision, work will proceed by either staff or contractor (if hired)

Process Improvement

  • Project Review - Conversational Reviews
    • Used SKF as a successful proof of concept
    • High-level process
      • Project lead(s) do a self-evaluation
        • Review saved in a Google Doc - leader has comment access
      • Staff sanity check self-eval and provide feedback
      • Request to community for reviewers
      • Self-eval reviewed iteratively with Leader(s) in G Doc
      • Finalize self-review and make available to community
      • Graduate project or determine gaps

Project Infrastructure

  • OWASP’s Rackspace hosting is close to our free ‘cap’
    • Working with Hugo to make static versions of AppSec US 2014 and 2015 to move off WordPress
      • October 24th - Hugo begins work
    • Moving these to an existing server removes fees for those servers freeing up potential assets

Project Infrastructure

  • Setup “OWASP-Labs” Github organization
    • Evaluating using this for projects of lower maturity or activity
    • Current OWASP Github org is ‘muddied’ by projects of varying quality
    • Flagship status for admittance into OWASP Github org
      • Considering Lab for inclusion

Process Improvement

  • Continued work on a Communications Plan
    • Joint staff effort with Kate, Tiffany and Matt as leads
      • Items have been prioritized by staff
      • Highest priority items are agenda items for Staff summit
    • Touches MANY areas of OWASP
    • Comm Plan will guide smaller projects to enhance key areas of OWASP
      • e.g. Salesforce integration, Mail list improvements, ...

Resources:

Executive SummaryNovmeber2016 _Project Coordinator - Google Slides