Tuesday, December 13, 2016

OWASP Operations Update for December 2016

Welcome to the first monthly OWASP Operations update.  If you want to know what’s happening at the OWASP Foundation, this is a post you’ll want to read.

Starting in December 2016 and continuing throughout 2017, the staff are going to post monthly updates so the community can keep up with what the OWASP Foundation is doing to make OWASP just that much better.  We’re also open to starting brief weekly updates if the community wants to follow our direction more closely.

Major efforts are moving forward...

#1 The Website Reboot aka TWR - a major effort to update and modernize OWASP’s web presence

Since the Website Reboot was transitioned to OWASP staff during the board meeting in September, we’ve

  • Created a 7 phase roll-out plan, in Agile fashion, with reasonable objectives for each phase
  • Started on Phase 1 - Updating the OWASP wiki to MediaWIki 1.27.x
  • Hired a contractor to work on Phase 1 - future phases depend on this one getting done first
    • Contractor started on December 1st and is working on...
      • Moving OWASP wiki source to Github
      • Moving OWASP wiki extensions to Github
      • Creating Ansible to configure and deploy MediaWiki on a hardened server
      • Adding a WYSIWYG Editor to the wiki - make editing the wiki like Google Docs
    • Concerns: Took longer than desired to get an contractor - wanted a mid-Nov start
  • Next up is Phase 2 - Updating the look and feel of the OWASP wiki
    • Creating a new MediaWiki theme, re-styling the home page and several key landing pages
    • Estimated start early Jan 2017
    • Waiting for 2017 Budget to get approved by the Board


#2 The OWASP Communications Plan - a staff-created plan to professionalize how OWASP interacts with its community and the world at large.  There’s a ton of moving parts to this effort but here’s what we focusing on currently:

  • Migrating off Mailman to Discourse 
    • Discourse supports discussions via email, web, mobile, a mobile app, and more...
    • We’re currently evaluating a Discourse test instance to ensure it meets OWASP's needs
    • We’re also planning out the migration effort, which won’t be small
      • 876 lists on Mailman with over 55,000 unique email addresses
      • ~70% of those lists haven’t had a post in 1 year and won’t migrate
    • Assuming no fatal failures, the migration should start late December, early January 2017
  • OWASP Trial of Meetup for Chapters is going forward
    • Goal is to provide all OWASP chapters a meeting account if they want one
    • Roll-out of this will be phased during Q1 and Q2 of 2017
  • Other areas of the Communication Plan getting focus in 2017
    • Creating a back-end, single source of data including major upgrades to multiple parts of infrastructure.  Initial roll-outs will begin in Q1 2017
    • Improve touch points for external and internal communications
    • Clarify and firm up OWASP supported channels (Twitter, blog, email, etc)
    • Organize processes for message development and outreach

Projects

  • Completed project reviews
    • OWASP Security Knowledge Framework - Incubator to Lab
    • OWASP Security Shepherd - Lab to Flagship
    • OWASP Seraphimdroid - Incubator to Lab
    • OWASP Security Logging Project - Incubator to Lab
  • Look for more project updates on this blog in future


Updates on Events for 2017

  • AppSec EU 2017
    • Call for Papers, Call for Training, Call for Activities and registration are OPEN
    • Currently at 30,000 EUR in sponsorships!
  • AppSec USA 2017
    • Sponsorship documents is near completion
  • Local / Regional Events
    • AppSec Africa
      • Registration is OPEN
      • Sponsorships are still available like the Austin Chapter’s $10,000 support!

Membership and Outreach

  • Member numbers for December
    • 2,364 Individual members
    • 64 Corporate members
  • OWASP Staff are currently evaluating outreach events where OWASP will have a presence
    • Increasing OWASP’s presence at DefCon and Black Hat USA’s Arsenal

Other noteworthy items

  • Project Summit Funding Request
    • Seba Deleersnyder and Dinis Cruz are requesting $150,000 to support an OWASP Summit in Europe.  Chapters are encouraged to support this effort.
  • Budgets for 2017 are being finalized.  Look for another blog post here by Matt Tesauro on the requested 2017 budget items for OWASP projects shortly.

As always, the OWASP staff are here to help make the OWASP community even stronger.  If you have any question, concern or need, let us know by using the ‘Contact Us’ form here.

Your friendly neighborhood OWASP staff:
          Kate, Kelly, Alison, Laura, Claudia, Tiffany, Dawn and Matt

No comments: