Friday, June 26, 2015

June 2015 Community News Flash

Greetings OWASP Community,

It seems that Fabio Cerullo's guest article last month on creative uses for chapter money made a big impact on at least one project. Due to an outpouring of support, the ASVS project is now fully funded. We will be in touch with leaders who offered to make donations about alternative projects and initiatives that need support.

Please review last month's article to find more ideas for using your funds to support our mission to keep application security visible. There are many more projects, events, and underfunded chapters that could use support. You can use the donation form to make a direct donation to the projects or submit a request to donate some of your chapter allocation to another chapter or project.

A few deadlines: 
  • The 2015 Summer Code Sprint is accepting applications through July 3. This is a great opportunity for a student to get hands on skills as an "intern" on an OWASP project.
  • The WASPY Awards, recognizing unsung heroes of Web Application Security, is now seeking nominations through July 20.
So, read on for this month's News Flash and as always let me know if there is anything I can help with.


Noreen Whysel
Community Manager
OWASP Foundation

In This Issue:
  • FEATURE: Making Chapter Leadership Changes
  • Recent Chapter Activity
  • New Email Policy
  • Open Hours on Slack
  • AppSecUSA
  • Resources

FEATURE: Making Chapter Leadership Changes

Leadership Transitions

Chapter leaders serve as the main point of contact for the local chapter, and are responsible for ensuring that the local chapter fulfills its requirements. When it is time to make a change, we want to help ensure a smooth transition so the new leaders have all the information and resources they need to continue the mission.

When adding a new leader, this can be as simple as contacting us and telling us that you want to add a new leader. We will make sure the new leader gets an email account and is signed up for the leaders' mailing lists and that the chapter and member record indicates the new status.

Sometimes finding a new leader can be a challenge. While some chapters hold elections, others may struggle to find someone to step forward. Use your chapter mailing list or social media to announce open positions.The OWASP-Community mailing list is also a good way to reach a broader group for ideas on developing your leadership team. We are happy to help with ideas.

Social Media Accounts

Transitioning to a new leadership involves more than just opening an email account and subscribing to a mailing list. Leaders hold administrative passwords to social media accounts, events management systems, Github accounts and other resources that Foundation staff may not have access to. Remember to pass on login details to new leaders!

We have seen chapters that appear to have more than one Twitter and Facebook accounts. If a password is lost or a new leader has no access to the account, social media groups can end up abandoned or encourage spammers. Abandoned accounts can seem like ghost towns to potential new members and adding a new account is just confusing. Our options in this case are to try to reach the account holders to transfer admin rights or request that the provider shut down the account, which is a shame since we risk losing an important archive of chapter activities.

If you are aware of a legacy account on social media that you do not have access to, please let us know. We can try to reach past leaders by looking up alternate contact information in our member directory. Merging accounts may be possible on some platforms. As a last resort, we can attempt to get the provider to shut the account down. As owners of the OWASP Brand, we all have an interest in ensuring that all online OWASP presences are a vibrant and current reflection our ongoing mission.

NEW: Email Policy

The board has released an updated policy document regarding the use of email accounts, including terms of use and a suggested signature format for highlighting projects. As before, emails are a benefit of paid and honorary OWASP members. Chapter and project leaders may also request an account.

Please review the policy:


OWASP Morocco is curating a security track at DEVOXX Maroc 2015 on 16th-18th November 2015 ( Devoxx Morocco is a rendezvous for learning, networking and sharing developer experiences about java and related technologies, software craftsmanship, technology trends and more! If would like to present, the call for presentations is open. Visit for details.

Developer conferences such as DEVOXX Maroc 2015 are great ways to get the OWASP message out beyond our community. If you have information about a developer conference that OWASP members should present at or partner with, let us know!

New Chapters

Bhopal, India: Leader, Akshay Sharma,

New Academic Supporters:

Universiti Tecknologi Malaysia, Kuala Lumpur

Academic Activities: Summer Code Sprint 2015

As part of our 2015 Summer Code Sprint, which just launched, I have completed an audit of the contacts at nearly 60 academic institutions that have been or currently are serving as Academic Supporters. We are reaching out to these institutions to help promote the visibility of application security in computer science curricula worldwide. If you know of a professor or teacher who might be interested in becoming an Academic Supporter, please forward a link to our application and program details.

If you know of any academic program or students who might be interested in teh Summer Code Sprint, please let them know about it. The deadline for Summer Code Sprint proposals is July 3. All students who complete the program will receive a grant of $1,500. Apply today!

TOOLS: OWASP-Community Open Hours on Slack

As you know, we have launched a Slack as a resource to discuss project and chapter activity. We recently added an owasp-community channel that will serve as a virtual Open Hours. I have selected Tuesdays from 10am-11am Eastern time as a weekly open hours slot. You can also suggest a time. Sign up at


The full agenda for speakers and lightning training sessions is now available for AppSecUSA to he held in San Francisco from September 22-25, 2015. View a recently released Highlights Video from last year's conference. We will also have a career fair and a fabulous dinner cruise on Thursday for all registered attendees. Register soon!

Plans are being made for a panel and workshop on Women in AppSec with a goal to introduce application security as a career option for women. For details, visit and join the OWASP Women in AppSec Community Group, at


Funding Resources:

Donation Scoreboard - Current Chapter Funding Amounts:

OWASP-Community Slack Channel:


Women in AppSec:

Chapter Leader Handbook:


Feel free to contact me at any time if you have a question or suggestion. To create a trackable case (Customer service request),please use the contact us form at

No comments: