Tuesday, March 31, 2015

OWASP Community Manager News Flash – March 2015


Greetings OWASP Community,

Goodbye, March. Hello, April. I realized as I am finalizing this email that it may already be April for some of you when you get this newsletter. With Springtime in the Northern Hemisphere and Autumn beginning in the Southern Hemisphere, it is a time of change (for the better) and time to reflect on your participation with OWASP activities.

Read on to find out how we can support positive changes, starting with our 2015 Strategic Goals, which focus on developing training, strengthening our chapters and maturing our projects platforms. There are many ways for you to get involved and I look forward to your participation.

Happy journeys,

Noreen Whysel
Community Manager
OWASP Foundation


Announcing the 2015 Strategic Goals

The 2015 Strategic Goals have been posted to the wiki. Thanks to all who participated in our 2015 Strategic Goals Survey. You will notice that each of these goals require the participation of the entire OWASP Community. We hope you will help out where you are able and interested.

1. Build a scalable OWASP training program that spreads security training around the world (contact Andrew van der Stock at vanderaj@owasp.org to help)

2. Strengthen OWASP chapters and increase Chapter’s abilities to spread message of OWASP through locally organized and run events. (contact Matt.Konda@owasp.orgJosh.Sokol@owasp.org orNoreen.Whysel@owasp.org to help out)

3. Mature the OWASP Projects Platform: Provide the OWASP projects community a mature project platform to encourage senior developers to participate in the various and many OWASP projects. (contact Johanna.Curiel@owasp.org to help)

View metrics, board sponsors and foundation support for each goal at:



Latest News – Updating the Chapter Leader Handbook

Whats New?

I have been working on updating the Chapter Leader Handbook and invite our community to participate in discussions around what is working and what is not working, what needs changing and what should be kept as is.

If you would like to participate, please visit the Chapter Leader Handbook at:


I have started adding comments and suggested changes to the Talk pages of each chapter. To add your comments, you will need to login to the wiki, click the "Discussion" tab at the top left of the page, and it will open an edit form where you can make suggestions, challenge suggested changes or suggest clarifications and additional content. I can copy comments or concerns reported via the mailing lists to the discussion page as well. This way comments can be tracked and addressed directly in the wiki. 

It would be helpful if you sign you name to any suggestions or comments you make. The MediaWiki platform makes this very easy: simply type four tildes in a row (~~~~) and click Save. This will automatically save your name and a timestamp so we can address specific comments.

At this time do not make any edits to the Chapter Leader Handbook pages. Unauthorized edits will be reverted to the current version.

If you have any questions, please feel free to reach out to me.

Refresher on the Mandatory Chapter Rules

We recommend that everyone take a refresher view at Chapter 2: Mandatory Chapter Rules, which contains the minimum requirements for OWASP chapter leaders. One of the areas which could see improvement is in announcing upcoming chapter meetings. The rules state that you must post upcoming meetings to the wiki and to the mailing list. Not all chapters do this consistently. Some simply point to an external forum such as Facebook or Meetup. This is not sufficient since the wiki posting and mailing lists are intended to keep the broader OWASP community informed in addition to your local group.

Think of this from the perspective so someone new to your chapter. If the most recent meeting on your wiki site is from 2011, or the only way to learn about meetings is via joining an external social media site, your visitors may seek a different group. Meeting listings on the wiki and mailing list are indicators that a chapter is active and affiliated with the global OWASP Foundation. Also, we occasionally hear from security minded folks (wouldn't you know?) who do not want to join yet another social media group just to find out when a meeting will be held. OWASP's first rule is "free and open" and the best way to keep it that way is to post all announcements to the wiki.

Finally, we receive multiple requests each week from people who want to "restart" a chapter that appears to be inactive. Failing to comply with this rule risks having your chapter labeled "inactive" and possibly handed over to someone new.


OWASP On the Move - Recent Chapter Activity

We are just a week away from the launch of LATAM 2015. We now have 10 countries participating! Registration is open for the following dates and locations:

Santiago, Chile: April, 8th-9th 2015 Patagonia, Argentina: April, 10th-11th 2015
Bucaramanga, Colombia: April, 14th 2015
Montevideo, Uruguay: April, 15th-16th 2015
Lima, Peru: April, 17th-18th 2015
Santa Cruz, Bolivia: April 17th -18th 2015
San Jose, Costa Rica: April, 21st 2015
Guatemala, Guatemala: April, 21st-22nd 2015
Buenos Aires, Argentina: April, 24th 2015
Caracas, Venezuela: April, 23rd 2015


Also Mark Miller interviewed the organizing team for AppSecEU 2015 You can find the audio file here: 2015 AppSecEU Pre Conference Update [AUDIO]. AppSecEU is May 19-22, 2015 in Amsterdam.

We have a group who are working on launching an AppSec Africa event. If you are interested, you can follow the discussion on the owasp-leaders mailing list (see link below) or visit the draft event page and add your name to the Team tab.


The New York City chapter successfully held a (mini)Project Summit at HACKNYC 2015 at the Pennsylvania Hotel, with teams working onOWASP Mobile Security Project, WIASP Incident Response Project, ASVS and Open SAMM. Community Manager, Noreen Whysel, was also on hand to teach attendees about OWASP and Application Security on Wikipedia.

New Chapters

This month, we launched new chapters in Bihar State, India; Stockholm, Sweden;a and Southern New Hampshire, USA. We are also in the process of setting up a student chapter at Lovely Professional University in Phagwara India. For information or to join these communities, please visit their chapter wiki pages:


TIP: Updating Chapter Leader Information

We realize that commitments change and your chapter may need to name a new leader. Please update your wiki pages and mailing lists with any new leader contact information and submit a request for a new owasp.org email account, if required. 

Ideally, chapter leader changes should be reported by the current leader or a member of the leadership team. If we receive a request directly from someone who intends to become a new leader, we will always contact the listed leader for verification. If a chapter is inactive and a new leader would like to take over, we favor those who have demonstrated experience with OWASP and/or application security and may reach out to the existing chapter members for discussion. Since the leader has responsibility for any funding allocated to that chapter, it is in everyone's interest that all chapter members be involved in any leadership changes.

Leader turnover is not something where we have hard and fast rules. For the most part we encourage the chapters to initiate any leadership changes internally, and provide assistance in case of a dispute. Leadership is covered in the Chapter Leader Handbook in Chapter 5: Governance. Again, we would love to hear your thoughts about chapter governance on the wiki Discussion page.


Academic Supporters

Since launching our new Academic Supporter application, we have begun to receive interest from universities in becoming supporters. This month, we welcomed the Rajsthan Institute of Engineering of Technology in Jaipur, India and the University of Vienna, Austria. If you are affiliated with either of these institutions or know people in the program, feel free to reach out to say thanks and to work on developing collaborations.

Thanks to everyone who has passed along the new Academic Supporter application form. Do let your local universities know that this opportunity exists by pointing them to the program:



Resources






Academic Supporter Information and Application:
https://www.owasp.org/index.php/Academic_Supporter
http://www.tfaforms.com/338407 (application)


Contact Me

Feel free to contact me at any time if you have a question or suggestion. To create a trackable case, please use the contact us form at http://www.tfaforms.com/308703.

No comments: