March 2019 Connector

OWASP Connector March 2019 Communications | Projects | Events | Community | Membership COMMUNICATIONS Letter from the Chairman: Dear OWASP Community, OWASP, recently, has been working on maturing the Foundation into a more professional organization. We know, that a delay in any process is frustrating, for example, the temporary halt on accepting (re-) starting chapters.  This was necessary in order to create a baseline of functioning chapters, removing those that have not been active, creating an opportunity for new chapters to be stood up. This chapter review process has been a huge and unthankful, but necessary task. This process is now complete so requests to (re-) start chapters are up and running again. We are happy to share that this month we have already 24 new chapters registered! Another big change is the retirement of mailman and migration to Google Groups. Retrospectively, the communication and transparency of the decision-making process could have been better, we are aware of that and would like to apologize for that. Nevertheless,  we would like to thank the community for the constructive feedback we received. This will eventually lead to the improvement of the Foundations process. In relation to community participation, I would like to again, emphasize the necessity of community engagement at a global level. For this, we have reviewed and improved the committee policies and hope for volunteers to participate. This month, several successful local events have taken place, namely, the Lascon, SnowFroc and OWASP SeaSide events, where more than 300 attendees received free training over 3 days. We would like to thank all the volunteers involved in making this happen! Last, not least, don't forget to register or submit your paper for the upcoming Global AppSec-TLV. More news and improvements are coming OWASPs way, stay tuned ;) Kind regards, Martin Knobloch Chairman of the Board OWASP FOUNDATION ANNOUNCEMENTS: Many of us in the northern hemisphere are eager for a change of seasons and I’m convinced 2019 will be a great year of positive changes for OWASP. Global AppSec Tel Aviv In May we are adding a Global Conference to the EMEA region with Global AppSec Tel Aviv. This event will be one of only three global conferences for OWASP in 2019. The local team has been hard at work on the agenda and speakers for the event. Please visit https://telaviv.appsecglobal.org/ to learn more about the conference and we’re excited to see everyone for a great event. Staff Projects As we kick off projects outlined in our 2019 Operating Plan, staff wanted a way to be fully transparent about our projects and progress. Feel free to visit https://www.owasp.org/index.php/Staff-Projects for more details. These are working documents so they are updated throughout the project lifecycle. Lastly, I do want to mention, the list provided is not the complete work product of staff; only those projects that incur significant focused time or resources to compete. OWASP.com  Email Domain. Another side, yet visible project, has been to harmonize credentials and more clearly identify staff and members of the community. Over the past few weeks, we have migrated all staff to an owasp.com email domain. The email address convention remains firstname.lastname@owasp.com and our old addresses will continue work for the time being by forwarding mail to our new accounts. Historically it has been more complicated than necessary to detangle staff and members - especially when auditing credential management and this change should make that task more thorough and less prone to errors. Thank you, Matt.  And finally, please join me in thanking Matt Tesauro for his many years of service as both a volunteer and member of the OWASP Staff. In his staff role, Matt will be leaving OWASP at the end of the month. He assures me he will continue to be involved with our mission but just not working directly at the Foundation. Thanks, Matt. Registration is open Sponsorships are available Save the Date for 2 more Global AppSec Conferences Global AppSec DC Sept 9-13, 2019 Global AppSec Amsterdam Sept 23-27, 2019  EVENTS  You may also be interested in one of our other affiliated events: REGIONAL AND LOCAL EVENTS Event Date Location Latam Tour 2019 Starting April 4, 2019 Latin America OWASP Portland Training Day September 25, 2019 Portland, OR LASCON X October 24-25,2019 Austin, TX OWASP AppSec Day 2019 Oct 30 - Nov 1, 2019 Melbourne, Australia PARTNER AND PROMOTIONAL EVENTS Event Date Location Blackhat Asia 2019 March 26-29, 2019 Singapore Cyber Security for Critical Assets USA 2019 March 26-27, 2019 Houston, TX QuBit Conference Prague April 10-11, 2019 Prague Cyber Security and Cloud Expo Global April 25-26, 2019 London IoT Tech Expo Global April 25-26, 2019 London Internet of Things World May 13-16, 2019 Santa Clara Conventional Center, CA Hack in Paris 2019 June 16-20, 2019 Paris Cyber Security and Cloud Expo Europe June 19-20, 2019 Amsterdam IoT Tech Expo Europe June 19-20, 2019 Amsterdam PROJECTS Google Summer of Code 2019: OWASP was accepted to be a mentor organization for 2019. Mentors for the projects have been sent invitations and students may start applying on March 25th. Google Season of Docs 2019: OWASP has applied to participate in the first Google Season of Docs.  If you would like to participate, please provide your project ideas on the wiki at Google Season of Docs 2019 page. Global AppSec Tel Aviv 2019 Project Showcase: We are off to a great start with 10 projects currently taking part in the showcase. Project Leader(s) Glue Tool Omer Levi Hevroni IoT Aaron Guzman Embedded AppSec Aaron Guzman Software Assurance Maturity Model (SAMM) John DiLeo API Security Erez Yalon, Inon Shkedy Mod Security Core Rule Set Christian Folini, Tin Zaw Automated Threats Tin Zaw Application Security Curriculum Project John DiLeo Defect Dojo Aaron Weaver Web Honeypot Project Adrian Winckles The showcase schedule is still being developed. If you are interested in having your project participate, please send an email to project-showcase@owasp.org with the name of your project and the names of the presenter(s). Project leaders presenting at the showcase will be provided free admission to the conference. COMMUNITY 24 New OWASP Chapter Ahmedabad, Gujarat Albuquerque, New Mexico Amman, Jordan Barranquilla, Colombia Bikaner, India Bilbao, Spain Cape Coast, Ghana Chattanooga, Tennessee Detroit, Michigan Doha, Qatar Houston, Texas Kuwait City, Kuwait Port Louis, Mauritius Pune, India San Juan, Puerto Rico Sofia, Bulgaria Space Coast, Florida Sydney, Australia Tbilisi, Georgia Tripoli, Lebanon Vellore, India Vienna, Austria Worcestershire, United Kingdom Zhytomyr, Ukraine We are now accepting new submissions for the followings regions: Canada Caribbean Latin America Student Chapters Please submit your request at OWASP Chapter Request Form MEMBERSHIP We welcome the following Contributor Corporate Members Premier Corporate Members Contributor Corporate Members Join us Donate Our mailing address is: OWASP Foundation 1200-C Agora Drive, # 232 Bel Air, MD 21014 Fax: 1-443-283-4021 Contact Us   Unsubscribe

REGISTER NOW

Check out the training program at OWASP Global AppSec Tel Aviv 2019

Happy Woman's Day 

from OWASP and WIA 

Retiring Mailman

Greetings. I am Mike McCamon the new Interim Executive Director for OWASP. For the past eight weeks I've been getting up to speed and learning about the culture and potential of OWASP and our extended community.

Last month I approved a project to move forward with the retirement of mailman. I myself have been a longtime fan of this open source mail list manager, however it is creating a good number of challenges for our community. Several notable points include:

1. mailman sends password requests in plain-text email,
2. requires additional spam filtering services to manage inbound unwanted email,
3. requires knowledgeable sysadmin expertise to manage,
4. and there are free alternatives that provide near identical user story functionality.

As I've been told, this retirement/migration has been discussed on/off since October 2016 when it was first suggested to the OWASP Board. It was a topic at the Leaders Meetings of 2018 and more recently in our blog, Connector, and emails to list owners and other members of the community. There is likely no volume of communication that will satisfy every community members' thirst for notice on these types of decisions.

While staff has been getting some negative feedback about this decision, it is also noteworthy we have also been getting a great number of praise and thanks from others - and on balance the positives outweigh the negatives. I take full responsibility for the decision and see this as a unexpected opportunity to learn about decision-making culture of the OWASP community. I am sorry if I have frustrated you. Our staff is already brainstorming ways we can make future policy/process changes more open and predictable. One first step is that we now host Staff Project Plans on the wiki. This project can be reviewed at https://www.owasp.org/index.php/Staff-Projects/Mailman-EOL

In a perfect world we would have extended this migration out over several months time ensuring better community awareness and more opportunities for feedback along the way. Unfortunately recent licensing changes with a service provider, and the impending cancellation of that service on March 22nd, we believe would have rendered our mailing lists on mailman unusable and therefore warranted swift action on a very accelerated timeline. I'm sure in your own work you have faced similar challenging decisions.

Together we are in an enviable position - our community is growing, our work is more relevant than ever, and we have thousands of passionate volunteers working for our cause. However, we cannot sit still. We must look to continuously improve and change to fit our times. It is my most sincere commitment that I, our staff, and the Board does everything in our power to enable the mission of OWASP and showcase your hard work. Thank you for your ongoing commitment toward that endeavor.