Friday, May 5, 2017

OWASP Operations Update for May 2017

Welcome to the operations update for May 2017, our ongoing series of updates on what's happening at the OWASP Foundation.  The previous post is available here.

Major efforts, status of those and important changes from last time:

OWASP IT Infrastructure hosting - Rackspace ended the donation of hosting for the OWASP Foundation, migration and updates continue.

  • 6 hosts remain at Rackspace
    • Migrations were paused to migrate AppSec EU conference hosts to the Foundation Infrastructure
    • Current efforts have concentrated on the preparation needed for migrating from Mailman to Discourse (more below)
  • POC install of the wiki infrastructure on AWS is scheduled to begin mid-May and was pushed to accommodate the AppSec EU conference, the EU server migrations and the work on Discourse.
    • Migration to AWS will including updating the wiki software to the 1.28.x branch of MediaWiki
The Website Reboot - aka TWR - A major effort to update and modernize OWASP's web presence
  • Phase 1: Updating wiki source to 1.27.x - COMPLETE
    • The wiki will continue to run 1.27.x source until after the AWS migration
    • New extensions compatible with 1.27.x have been added to streamline management of the community's wiki accounts
  • Phase 2: Wiki style updates
    • RFP for the wiki style phase will go out mid-May after being delayed by the AppSec EU server migrations
    • RFP will include a MediaWiki theme plus CSS and associated style guides for including the style in other Foundation web assets including:
      • New pages made available after the AMS migration (see below for details)
      • New Discourse installation
      • the OWASP blog
  • Phase 3: Single Sign-on - SSO will be tested and POC'ed during the AMS migration
  • Phase 4: Wiki content and organization
    • Research continued into the current 'organization' of the wiki and POC's for the category hierarchy have been conducted.
The OWASP Communication Plan
  • Migration from Mailman to Discourse
    • Sandbox / POC Discourse server setup to allow demos, functional experiments and familiarization by the OWASP staff
    • Dev instance of Discrouse setup to assist in automation coding efforts against the Discourse REST API
  • Beta program for the Foundation's Global Meetup account continues
OWASP 2017 Strategic Training Goal
  • TLDR:  Host 4 trainings worldwide of ~500 attendees geared towards developers and entry-level security professionals - further details on the wiki.
  • Locations and targeted dates
    • Israel - mid-October
    • Tokyo - late September
    • Boston - October
    • Bangalore - November
  • Call for Trainers template is complete and CFT will begin mid-May
Association Management System (AMS) upgrade
  • Migration to a new AMS continues to make progress
  • Highly complex, multi-step process will take 8 to 12 weeks
    • Accounting module and associated workflows - COMPLETE
    • Membership module - in process
      • Note: Membership module will require custom development to fit our needs.  The effort has been scoped, contracted and work has begun.
    • Event module - in process
  • Goal and Outcome
    • An updated version of the AMS used with Salesforce allowing for greater interactions with the community, OWASP leaders engagement, improved event registration, multi-currency handling and a host of other improvements rolling out in 2017.
Projects
Events
Membership
 
  • Individual membership: 2,676 individual members or 44% of the yearly goal
  • Corporate membership: 63 corporate members or 41% of the yearly goal
  • Updated membership flyer for the new membership model has been created and Hugo is sending the final copy to the Foundation
  • AppSec EU 2017 Sponshorships - €167,933
    • 2 Diamond, 1 Platinum, 11 Gold, 5 Silver, 1 Pre-Conf Reception, 1 CTF, 1 University Challenge, 1 Lanyard, 2 Sponsor Hall Banners, 2 Carpet Stickers
  • AppSec USA 2017 Sponsorships - $324,500
    • 7 Platinum, 10 Gold, 7 Silver, 1 Bag, 1 Lanyard
Community
  • New Chapters:  OWASP would like to welcome the new chapters in Kyiv, Sukkur, Senegal and Da Nang.
  • Chapter Orientation
    • Since September all new chapters were requested to have an Orientation meeting via GoToMeeting.  Since then these meetings have been refined into a  series of standing one on one appointments for any Chapter Leaders starting a new chapter, any new chapter leaders who wish to join, and any current leaders who want to take a refresher.
    • So far reactions have been good.  Many experienced chapter leaders have expressed a wish for this when they got started and follow up emails with procedural questions have dropped from an average of 5 per new chapter to 10 total in the last 8 months.  We have also seen an uptick in new chapters using funds and getting multiple leaders on board.  All of these are indicators of early chapter health.  Board members, and staff, and community can read the draft of the orientation outline.  The document will be made public in the form of the Chapter FAQ in the next few weeks.
    • We are also using this outline to better our communication with parts of the world where English is not a viable business language.  At this time we have had our first Pan LATAM meeting and are planning our first Japanese meeting after AppSec Europe.
  • OWASP Leaders Meeting @ AppSec EU
    • The OWASP Leaders Meeting @ AppSec EU will unveil the sneak peeks of our new communication platform and the new AMS.  These will streamline chapter communications and allow Chapter Leaders to gain more insights and control of chapter activities.  Join us in Room One at 18.45 on May 10th in the waterfront center. 
Serving the Community

Per the request of the OWASP board, we've included a chart of the staff's interaction with the broader OWASP community via submitted cases to the Foundation.  On April 11th, case number 10,001 was submitted - over 10,000 cases handled by the OWASP staff - impressive! 

Q1 2017 Cases

 


2017 Year to Date Cases

 


As always, the OWASP staff are here to make the OWASP community even stronger.  If you have a question, concern or need please let us know using the 'Contact Us' form.  Also, feel free to attend, suggest or otherwise engage with the OWASP Foundation further at the May 9th Board Meeting.

Your friendly neighborhood OWASP staff:
    Kate, Kelly, Alison, Laura, Claudia, Tiffany, Dawn and Matt

Editor's Note 5/12/17 1.23 BST: Previously this post identified Delhi as a target city.  The correct city is Bangalore.  

Labels: ,

posted by Unknown at 2:37 PM 3 Comments

Monday, April 10, 2017

OWASP Operations Update for April 2017

Welcome to the operations update for April 2017, part of our ongoing updates about what's happening at the OWASP Foundation. The previous post is available here.

Major efforts, status of those efforts and important changes from last time:

OWASP IT Infrastructure hosting.  Rackspace ended the donation of hosting for the OWASP Foundation, migrations and updates continue.

  • 6 hosts remain at Rackspace, 2 hosts targeted for migration week of April 10th
    • Migrations temporarily paused to migrate the AppSec EU hosts to Foundation infrastructure.
  • POC install on AWS for the wiki is scheduled to complete by end of April
    • Migration to AWS will also include an update to 1.28.x branch of the wiki source moving OWASP from LTS to the latest stable branch
The Website Reboot aka TWR - a major effort to update and modernize OWASP's web presence.

  • Completed Phase 1 - Updating the wiki source to 1.27.1
    • Wiki source was updated to 1.27.1 and a Visual Editor (WYSIWYG) added to the wiki beating the March 20 deploy deadline.  Here's my post to the leaders list with the details
    • On April 9th, the wiki was updated again to 1.27.2 to address 9 security issues - see the release notes if you're curious.
      • Updates also included an update to Parsoid - the service that powers the Visual Editor
    • Several new Wiki extensions are planned for the wiki including CAPTCHAs for account requests and several to assist staff manage the wiki more efficiently.  More on those as they are added over April and May
  • Phase 2 - wiki style updates
    • RFP creation pushed to April due to unplanned AppSec EU server migrations.  RFP is expected by end of April
    • RFP will include a MediaWiki theme, CSS and other styling guidelines to use across the OWASP Foundation's web presences including:
      • The new web pages available after the Association Management System (AMS) migration
      • The new Discourse installation
      • The OWASP Blog
  • Phase 3 (Single Sign-on) and Phase 4 (Wiki content and organization) have begun to be further researched.  
    • Single Sign-on using @owasp.org identities will be tested during the AWS POC.
    • Initial research into the current organization of the wiki found over 500 categories across the wiki - may with a single page for the entire category.  Reorganization will represent a significant effort.
The OWASP Communications Plan - a staff-created plan to professionalize how OWASP interacts with its community and the world at large.

  • Migration from Mailman to Discourse - migration paused and re-prioritized as part of the migration from Rackspace hosting since Mailman is currently hosted there.
  • Beta program for the Foundation's Global Meetup account continues.
Other Major Efforts in progress

  • OWASP Staff Summit - the in-person planning meeting for OWASP staff
    • Staff Summit was very successful and resulted in multiple internal and external system and process optimizations
    • Planning for the Foundation Board's 2017 Strategic Goal was created during the staff summit
  • Association Management System (AMS)
    • Kate has begun the migration/upgrade to a new AMS for the Foundation
    • This is a highly complex, multi-step process covering 8 to 12 weeks
      • Completed accounting module and associated workflows
      • Membership and events are next
    • Goal and outcome
      • An updated version of the AMS software used with Salesforce allowing for greater interactions with the community, OWASP leaders engagement, improved event registration, multi-currency handling and a host of other improvements rolling out during 2017.
  • Foundation Boards 2017 Strategic Goal
    • In brief:  Hosting 4 Free 500 person training events worldwide targeted at developers and entry level security professionals
    • 2017 target cities: Boston, Delhi, Tel Aviv and Tokyo
    • Looking for a good name for the training series, twitter suggestions include variations of "No Goat" and "Anti-Goat"
Projects
Events
  • AppSec USA 2017
    • CFP & CFT Open
    • 2 keynotes confirmed
    • Sponsors selling well
    • Working on advertising the conference, CFP & CFT
    • Working with the venue (discounted Disney tickets and daycare/nursery room)
  • AppSec EU 2017
    • Finalizing the brochure
    • Working on the conference signs
    • Placing orders for swag
    • Over 300 people registered
  • LATAM Tour 2017
    • 5 events so far (Manizales & Bogotá, Colombia. Montevideo, Uruguay. República Dominicana. Quito, Ecuador)
    • Over 500 attendees so far
Membership and Outreach
  • OWASP Foundation membership continues to be strong
    • 2,501 active individual members 
      • $34,075 or 31% of yearly goal
    • 68 active corporate members
      • $150,000 or 38% of yearly goal
  • Work continues on the design of the new membership flyer with Hugo which will cover the recently updated and approved model for individual memberships.
  • AppSec EU 2017
    • Sponsorships sold to date €169,233.00
      • Sold out sponsor opportunities - Diamond, Pre-conf Reception, CTF, University Challenge, Lanyards
    • Developer Summit at AppSec EU 2017
      • All 3 sessions have been filled with trainers!
    • Membership lounge at AppSec EU - planning in progress
  • AppSec USA 2017
    • Sponsorships sold to date: $312,500.00
      • 7 Platinum, 9 Gold, 1 Silver, 1 Bag, 1 Lanyard
Community
  • 25 potential new chapters
  • New Chapter Orientation Meetings
    • Well received and helpful to new and long-time leaders alike
    • Can be tricky for LATAM and Japan leaders due to language barriers
    • Presentation planned to help leaders run the meeting when there are language barriers so the leaders don't have to be translators for those meetings
Per the request of the OWASP board, we've included a chart of the staff's interaction with the broader OWASP community via submitted cases to staff:



As always, the OWASP staff are here to make the OWASP community even stronger.  If you have a question, concern or need please let us know using the 'Contact Us form.  Also, feel free to attend, suggest or otherwise engage with the OWASP Foundation further at the April 12th Board Meeting.

Your friendly neighborhood OWASP staff:
    Kate, Kelly, Alison, Laura, Claudia, Tiffany, Dawn and Matt



Labels: ,

posted by Unknown at 1:18 PM 0 Comments

Monday, March 6, 2017

OWASP Operations Update for March 2017

Welcome to the operations update for March 2017.  This is a continuation of the series of blog posts about what's happening at the OWASP Foundation.  The previous post is available here.

Major efforts, status of those efforts and important changes from last time:

OWASP IT infrastructure hosting.  Rackspace has ended the donation of hosting to the OWASP Foundation causing a rethink and reshuffle of IT resources.

  • Roughly 1/2 of the servers running at Rack have been relocated to other resources.
  • Additional workload / server migrations have been added to this effort as the hosting for the AppSec EU conferences is moving to the Foundation's infrastructure.
    • Thanks for Dirk for this many years of maintaining those hosts.
    • Migration of the AppSec EU hosting will be concluded by March 30th.
  • Still at Rackspace: Wiki web and db servers, Mailman, and a general purpose server used primarily for static content and http(s) forwards.
The Website Reboot aka TWR - a major effort to update and modernize OWASP's web presence.  Since last month, we've:
  • Continued progress on Phase 1 - updating the wiki to 1.27.x
    • Due to the unexpected end of the Rackspace donation, the Ansible deploy and update code had to be refactored to remove the Rackspace-specific portions.  That work is nearly complete.
    • The new deploy target for the OWASP wiki web and db servers is AWS which will be reflected in the Ansible deploy code
    • As soon as the Ansible refactoring work in complete and tested, the OWASP wiki and db will be updated to 1.27.x and migrated to the AWS infrastructure.  
    • Target completion date March 20th
      • Allows two weekends aka low traffic periods to conduct the migration
  • Phase 2 - Wiki style updates
    • The RFP for the creation of a new look and feel for the OWASP wiki is starting the week of March 6th.  Look for a call for participation shortly.
    • RFP will include a MediaWiki theme and CSS and other styling guidelines to use across the OWASP web presence, including
      • The new web pages available post Assoc. Mgmt System (AMS) migration - more below
      • The new Discourse installation
      • The OWASP Blog
  • Phase 3 Single Sign-on & Phase 4 Wiki content and organization RFPs are scheduled to go out in the 3rd week of March

The OWASP Communications Plan - a staff-created plan to professionalize how OWASP interacts with its community and the world at large.

  • Migration to Discourse to Mailman
    • Temporarily paused during reshuffling of the OWASP IT Infrastructure - details above
    • Migration will be timed to coordinate with the retirement of the Mailman installation at Rackspace.  Mailman migration will occur after the Wiki has new hosting.
  • Beta program for the Foundation's Global Meetup account is continuing.
Other Major Efforts in progress
  • OWASP Staff Summit 
    • In person meeting of all OWASP staff to plan operations tasks for 2017
    • February 22 to March 2 - look for outcomes in future Ops blog posts
  • Association Management System (AMS)
    • Kate begins on the first step of this multi-step migration the week of March 6th
    • Migration will be tested in a sandbox installation then applied to production
    • Expected time frame: 8 to 12 weeks
    • Goal and outcome:
      • Updated version of the AMS software used with Salesforce allowing for greater interactions with the community, OWASP leaders engagement, improved event registration, multi-currency handling and a host of other improvements rolling out during 2017.
Projects
  • Google Summer of Code
    • Google selected the participating organizations on February 27 and unfortunately OWASP  was not selected
    • Currently working with Project Leaders on alternate plans to handle the proposed GSOC activities
  • AppSec EU 2017's Project Summit
    • Gathering reviewers together to conduct a strong project review push during the AppSec EU 2017 conference
    • Reviewing the process of project graduation from Incubator to Labs and Labs to Flagship
    • Other topics covered include: Badges and gamification, project funding and more...
  • Project Handbook review and request for updates
    • The content of the Project Handbook has been converted to Markdown and moved to GitHub - check out its new repo!
    • Using GitHub allows the community to update the handbook content while the wiki is reorganized to remove the multiple templates used currently for the handbook.  
    • PRs accepted.  Fork the repo now or add an issue to the repo.
    • Once updates are complete, the version will be tagged, converted to MediaWiki markup and moved to the OWASP wiki.
    • Our own Claudia (Project Coordinator) will be conducting a session on the project handbook at the London Project Summit - more details as the plans solidify.
Events

  • AppSec EU 2017
    • Paper review finalized.  Conference program will be published this week
    • Conference dinner finalized
    • Photographer contract pending OWASP signature
    • OWASP room block accommodations need confirmation dates
  • AppSec USA 2017
    • Static web site published
    • Empty WordPress site provided to the conference team
    • Sponsorship packages are being sold

Membership and Outreach
  • Membership for 2017 is still going strong - 19% of yearly goal currently
    • Total individual members: 2,464
    • Total corporate members: 67
  • Membership video - continuing to progress
    • Met with video company, collected details necessary to start shooting the video
    • Started working with Hugo to create a new membership flyer to highlight the new membership model approved by the board during the February Board Meeting.
Community

Per the request of the OWASP board, we've included a chart of the staff's interaction with the broader OWASP community via submitted cases to staff:

Case Life Cycle Report Q1 2017


As always, the OWASP staff are here to make the OWASP community even stronger.  If you have a question, concern or need let us know using the 'Contact Us' form.  Also, feel free to attend, suggest or otherwise engage the OWASP Foundation further at the March 8th Board Meeting.

Your friendly neighborhood OWASP staff:
    Kate, Kelly, Alison, Laura, Claudia, Tiffany, Dawn and Matt

Labels: ,

posted by Unknown at 8:59 AM 0 Comments

Friday, February 3, 2017

OWASP Operations Update for February 2017

Welcome to the operations update for February 2017.  This continues the series of blog posts updating the community about the happenings at the OWASP Foundation.  The previous post is available here.

Major efforts, status of those efforts and important changes from last time:

OWASP is evaluating hosting providers.  After Rackspace discontinued their donation of hosting services, OWASP is evaluating options for hosting its IT infrastructure.  We discovered this on January 31st after speaking with our account representative at Rackspace.

  • First, thanks to Rackspace for providing up to $2,000 USD in cloud hosting on Open Stack since the fall of 2011.  The long term donation of hosting was very helpful and greatly appreciated.
  • OWASP is reviewing our current hosting needs and evaluating whether to stay or migrate to a different hosting provider.  Wherever we end up, it will be an API-driven, elastic cloud based hosting provider.  After years of being on Open Stack, we don't want to leave a dynamic infrastructure environment.
  • A plan for hosting both short and long term will be in place by February 10th, 2017
The Website Reboot aka TWR - a major effort to update and modernize OWASP's web presence.  Since last month, we've:
  • Continued to make progress on Phase 1 - updating the wiki to 1.27.x
    • Ansible to deploy the wiki servers has been written and tested
    • We are holding the deployment temporarily due to the unanticipated end of Rackspace's hosting donation
    • We're spending the week of Feb 6th to determine where to host the updated production version - either at Rackspace or a new provider.  This may require some minor changes to the Ansible deploys to replace the Rackspace specific portions.
  • Next up Phase 2
    • Blocked: waiting for the 2017 Budget to get approved by the OWASP Board
The OWASP Communications Plan - a staff-created plan to professionalize how OWASP interacts with its community and the world at large.  Here's where our efforts on this were focused in January:
  • Migration to Discourse from Mailman
    • SaaS provider setup a production instance of Discourse for OWASP in mid-January
      • Should have been an empty instance to fill with the migration data
      • Regrettably the provider moved our test data aka cruft over to production by mistake
      • The production site is getting the test data removed currently
    • Schedule for migration is up in the air due to the potential hosting changes and the demand on staff time to adjust and plan for that change.  Its on the short list, we're just not sure where at this moment.  Scheduling will be part of the hosting plan completed by February 10th, 2017.
  • Beta program for the Foundation's Global Meetup account is continuing.
Other Major Efforts in progress
  • Association Management System (AMS)
    • Kate completed a week long training on the new system - training was provided as part of the licensing of the AMS software
    • Implementation of the AMS including migration of the current system to the new system is planned for early February as soon as the membership plan (below) is finalized by the OWASP Board.
    • Migration is a complicated effort of contractors and OWASP staff and is expected to take between 8 and 12 weeks and include significant clean-up of our Salesforce data.
    • Blocked: waiting on the board decision on the proposed membership changed below
  • Updating Membership Models
Projects
  • Health Checks on all OWASP Projects were started during January and completed on the 30th
    • Beyond the normal health checks, all wiki and Salesforce data was cross-checked
      • Current releases for all projects were added to Salesforce in preparation for future project meta-data automation
    • Next steps
      • Abandoned and outdated projects in Salesforce will be cleaned up
      • Project Leaders will be contacted for any missing or out-of-date information
  • GSOC 2017 is gearing up!
    • Application for Participation will be submitted to Google on February 9th
    • 9 projects have submitted for participation
    • More information on the GSOC 2017 Blog post
  • Volunteers Needed
    • We've got several projects under review and need your help with reviews - let us know you're up for the challenge with the Contact Us form.
  • New Project: OWASP Off The Record 4 Java Project
  • Project Handbook Update
    • The content of the project handbook is being converted to Markdown and moving to Github in February for a thorough review and update 
      • PRs and issues are encouraged and will be gladly accepted - source controled, versioned Project Handbooks, oh my!
      • Look for an announcement later in February via the Leaders List and our various social networks of the Github repo for the Project Handbook
    • Once the new content is finalized, it will be converted from Markdown and posted on the wiki.
      • Future updates will happen on Github and the wiki page will be set to the current 'stable' version
Updates on events for 2017
  • 2017 started with a successful AppSec California 2017 conference on January 23rd to 25th
  • AppSec EU - Belfast, UK
    • Sponsors: 13 exhitbits + 3 a la carte
    • 4 keynotes confirmed
    • CFP closed & CFT closed with selection finalized
    • Call for Activities open
  • AppSec USA 2017 - Orlando
    • Call for Papers & Cal for Trainings in progress - available soon
    • Initial website launched
  • Many upcoming regional, local and outreach events - find out the details on the events wiki page
Membership and Outreach
  • Membership for 2017 is starting out strong - already at 10% of the yearly goal!
    • Total individual members: 2,430
    • Total corporate members: 69
  • Updated Membership information - check it out 
  • Membership video
    • Proposal to create a membership video was approved - work on it begins on February 6th
  • Membership Model Update board vote (mentioned above) is eagerly awaited so planning of the June membership drive can continue
Community
  • Chapter Leader Handbook is ready for review 
  • Other documents ready for review
  • Search and evaluation of a marketing company is pending finalizing the 2017 OWASP Foundation budget
As always, the OWASP staff are here to make the OWASP community even stronger.  If you have a question, concern or need, let us know using the 'Contact Us' form.  Also, feel free to attend, suggest or otherwise engage the OWASP Foundation further at the February 8th Board meeting.

Your friendly neighborhood OWASP staff: 
     Kate, Kelly, Alison, Laura, Claudia, Tiffany, Dawn and Matt

Labels: ,

posted by Unknown at 9:10 PM 2 Comments

Friday, January 6, 2017

OWASP Operations Update for January 2017

Welcome to the first operations update for 2017.  We started monthly blogs about what's happening at the OWASP Foundation back in December.

Here's our major efforts and status of those in process starting with updates from last time:

The Website Reboot aka TWR - a major effort to update and modernize OWASP's web presence.  Since last month, we've

  • Made progress on Phase 1 - updating the wiki to 1.27.x
    • Got the wiki source and all extensions in Git repos
    • Started coding Ansible to automate our deploys and updates
    • Production roll-out - mid-January
  • Next up Phase 2 - Updating the look and feel of the OWASP Wiki
    • Blocked: waiting for the 2017 Budget to get approved by the OWASP Board
The OWASP Communications Plan - a staff-created plan to professionalize how OWASP interacts with its community and the world at large.  There’s a ton of moving parts to this effort but here’s what we focusing on currently:

  • Migration to Discourse
    • Evaluation of Discourse showed it would fit our needs
    • Worked with/reverse engineered the Discourse API to ensure we can automate:
      • Migration from Mailman
      • Future operational tasks
    • An empty production site is expected mid-January
  • Beta program for the Foundation's Global Meetup account is continuing.
Two new major, interlinked efforts

Two major efforts are starting this month - a significant upgrade to OWASP's Association Management System (AMS) and the proposed plan for updating our membership models.
  • Association Management System
    • Runs atop the OWASP Foundation's Salesforce account
    • Handles many operational aspects: membership, conference registrations, etc
    • New AMS allows us to re-think our past membership model
    • Beginning the first week of February, we'll start the migration to the new AMS
  • Updating Membership Models
    • New plans created by staff based on past community, board and staff discussions
    • Account for diverse membership 
    • Developed to optimize accessibility and growth
    • Request to the OWASP Community: Please provide feedback prior to the Jan 11th Board Meeting when staff is asking for approval of the new membership plans.  The links above allow for public comments.
Projects
  • New projects
    • 2 Documenation projects
    • 5 Tool projects
    • 2 New Code Projects
  • Project Reviews
    • Multiple projects under review - look for requests for feedback this month!
Updates on Events for 2017
  • AppSec EU 2017
    • CFP & CFT Final Review
  • AppSec USA 2017
    • CFP and CFT planned to open by the end of January - look for announcements soon!
  • AppSec California 2017 happens January 23 - 25 in lovely Santa Monica CA
Membership and Outreach
  • Member numbers for January
    • 2048 Individual members
    • 70 Corporate members
  • Membership drive planning begins - tentative June launch
Community
  • Claudia and Tiffany have started the planning for an updated OWASP Volunteer program
    • Planned enhancements include searchable descriptions of opportunities, details including expected time commitment and volunteer profiles
  • Women in AppSec (WIA) Committee has been formed - Congrats!
  • Chapter Leader Handbook updates continue - draft version tentatively available at Feb Board Meeting
  • Pending a board vote: Request for a committee to be invite only as an exception to the Committee 2.0 rules
As always, the OWASP staff are here to help make the OWASP community even stronger.  If you have any question, concern or need, let us know by using the ‘Contact Us’ form here.

Your friendly neighborhood OWASP staff:
          Kate, Kelly, Alison, Laura, Claudia, Tiffany, Dawn and Matt


Labels: ,

posted by Unknown at 3:26 PM 2 Comments

Tuesday, December 13, 2016

OWASP Operations Update for December 2016

Welcome to the first monthly OWASP Operations update.  If you want to know what’s happening at the OWASP Foundation, this is a post you’ll want to read.

Starting in December 2016 and continuing throughout 2017, the staff are going to post monthly updates so the community can keep up with what the OWASP Foundation is doing to make OWASP just that much better.  We’re also open to starting brief weekly updates if the community wants to follow our direction more closely.

Major efforts are moving forward...

#1 The Website Reboot aka TWR - a major effort to update and modernize OWASP’s web presence

Since the Website Reboot was transitioned to OWASP staff during the board meeting in September, we’ve

  • Created a 7 phase roll-out plan, in Agile fashion, with reasonable objectives for each phase
  • Started on Phase 1 - Updating the OWASP wiki to MediaWIki 1.27.x
  • Hired a contractor to work on Phase 1 - future phases depend on this one getting done first
    • Contractor started on December 1st and is working on...
      • Moving OWASP wiki source to Github
      • Moving OWASP wiki extensions to Github
      • Creating Ansible to configure and deploy MediaWiki on a hardened server
      • Adding a WYSIWYG Editor to the wiki - make editing the wiki like Google Docs
    • Concerns: Took longer than desired to get an contractor - wanted a mid-Nov start
  • Next up is Phase 2 - Updating the look and feel of the OWASP wiki
    • Creating a new MediaWiki theme, re-styling the home page and several key landing pages
    • Estimated start early Jan 2017
    • Waiting for 2017 Budget to get approved by the Board


#2 The OWASP Communications Plan - a staff-created plan to professionalize how OWASP interacts with its community and the world at large.  There’s a ton of moving parts to this effort but here’s what we focusing on currently:

  • Migrating off Mailman to Discourse 
    • Discourse supports discussions via email, web, mobile, a mobile app, and more...
    • We’re currently evaluating a Discourse test instance to ensure it meets OWASP's needs
    • We’re also planning out the migration effort, which won’t be small
      • 876 lists on Mailman with over 55,000 unique email addresses
      • ~70% of those lists haven’t had a post in 1 year and won’t migrate
    • Assuming no fatal failures, the migration should start late December, early January 2017
  • OWASP Trial of Meetup for Chapters is going forward
    • Goal is to provide all OWASP chapters a meeting account if they want one
    • Roll-out of this will be phased during Q1 and Q2 of 2017
  • Other areas of the Communication Plan getting focus in 2017
    • Creating a back-end, single source of data including major upgrades to multiple parts of infrastructure.  Initial roll-outs will begin in Q1 2017
    • Improve touch points for external and internal communications
    • Clarify and firm up OWASP supported channels (Twitter, blog, email, etc)
    • Organize processes for message development and outreach

Projects

  • Completed project reviews
    • OWASP Security Knowledge Framework - Incubator to Lab
    • OWASP Security Shepherd - Lab to Flagship
    • OWASP Seraphimdroid - Incubator to Lab
    • OWASP Security Logging Project - Incubator to Lab
  • Look for more project updates on this blog in future


Updates on Events for 2017

  • AppSec EU 2017
    • Call for Papers, Call for Training, Call for Activities and registration are OPEN
    • Currently at 30,000 EUR in sponsorships!
  • AppSec USA 2017
    • Sponsorship documents is near completion
  • Local / Regional Events
    • AppSec Africa
      • Registration is OPEN
      • Sponsorships are still available like the Austin Chapter’s $10,000 support!

Membership and Outreach

  • Member numbers for December
    • 2,364 Individual members
    • 64 Corporate members
  • OWASP Staff are currently evaluating outreach events where OWASP will have a presence
    • Increasing OWASP’s presence at DefCon and Black Hat USA’s Arsenal

Other noteworthy items

  • Project Summit Funding Request
    • Seba Deleersnyder and Dinis Cruz are requesting $150,000 to support an OWASP Summit in Europe.  Chapters are encouraged to support this effort.
  • Budgets for 2017 are being finalized.  Look for another blog post here by Matt Tesauro on the requested 2017 budget items for OWASP projects shortly.

As always, the OWASP staff are here to help make the OWASP community even stronger.  If you have any question, concern or need, let us know by using the ‘Contact Us’ form here.

Your friendly neighborhood OWASP staff:
          Kate, Kelly, Alison, Laura, Claudia, Tiffany, Dawn and Matt

Labels: , ,

posted by Unknown at 12:12 PM 0 Comments