Monday, January 30, 2017

OWASP Connector January 2017

OWASP Connector | December 21, 2016
Communications

OWASP Operations Update

OWASP in the News!

projects

Project Graduation Updates

Combating the Vulnerability Chaos with OWASP DefectDojo

Google Summer of Code Program

Conference

Global AppSec Events

Local and Regional Events

Project Summits

Partner and Promotional Events

chapters

New Chapters!

Ottawa Chapter on Becoming a Community

membership

New and Renewing Corporate Members

New Membership Proposal

Social Media

OWASP Foundation Social Media


Communications
OWASP Communications

OWASP Operations Update

Operations updates are posted on the blog before each month's board meeting.  This update is from January 6, 2017
Welcome to the first operations update for 2017. We started monthly blogs about what's happening at the OWASP Foundation back in December.
Here's our major efforts and status of those in process starting with updates from last time:
The Website Reboot aka TWR - a major effort to update and modernize OWASP's web presence. Since last month, we've
  • Made progress on Phase 1 - updating the wiki to 1.27.x
    • Got the wiki source and all extensions in Git repos
    • Started coding Ansible to automate our deploys and updates
    • Production roll-out - mid-January
  • Next up Phase 2 - Updating the look and feel of the OWASP Wiki
    • Blocked: waiting for the 2017 Budget to get approved by the OWASP Board
The OWASP Communications Plan - a staff-created plan to professionalize how OWASP interacts with its community and the world at large. There’s a ton of moving parts to this effort but here’s what we focusing on currently:
  • Migration to Discourse
    • Evaluation of Discourse showed it would fit our needs
    • Worked with/reverse engineered the Discourse API to ensure we can automate:
      • Migration from Mailman
      • Future operational tasks
    • An empty production site is expected mid-January
  • Beta program for the Foundation's Global Meetup account is continuing.
Two new major, interlinked efforts
Two major efforts are starting this month - a significant upgrade to OWASP's Association Management System (AMS) and the proposed plan for updating our membership models.
  • Association Management System
    • Planned for February 2017
    • Runs atop the OWASP Foundation's Salesforce account
    • Handles many operational aspects: membership, conference registrations, etc
    • New AMS allows us to re-think our past membership model
    • Beginning the first week of February, we'll start the migration to the new AMS
    • Blocked: Board did not vote on the membership changes below during the Jan 11th Board Meeting; on hold until the February 8 board meeting.
  • Updating Membership Models
    • New plans created by staff based on past community, board and staff discussions
    • Account for diverse membership
    • Developed to optimize accessibility and growth
    • Request to the OWASP Community: Please provide feedback prior to the Jan 11th Board Meeting when staff is asking for approval of the new membership plans. The links above allow for public comments.
Projects
  • New projects
    • 2 Documentation projects
    • 5 Tool projects
    • 2 New Code Projects
    • Project Reviews
    • Multiple projects under review - look for requests for feedback this month!
Updates on Events for 2017
  • AppSec EU 2017
    • CFP & CFT Final Review
  • AppSec USA 2017
    • CFP and CFT planned to open by the end of January - look for announcements soon!
  • AppSec California 2017 happens January 23 - 25 in lovely Santa Monica CA
Membership and Outreach
  • Member numbers for December
    • 2048 Individual members
    • 70 Corporate members
  • Membership drive planning begins - tentative June launch
Community
  • Claudia and Tiffany have started the planning for an updated OWASP Volunteer program
    • Planned enhancements include searchable descriptions of opportunities, details including expected time commitment and volunteer profiles
  • Women in AppSec (WIA) Committee has been formed - Congrats!
  • Chapter Leader Handbook updates continue - draft version tentatively available at Feb Board Meeting
  • Pending a board vote: Request for a committee to be invite only as an exception to the Committee 2.0 rules
As always, the OWASP staff are here to help make the OWASP community even stronger. If you have any question, concern or need, let us know by using the ‘Contact Us’ form here.
Your friendly neighborhood OWASP staff:
Kate, Kelly, Alison, Laura, Claudia, Tiffany, Dawn and Matt


OWASP in the NEWS!

OWASP AppSec California Brings Diversity to the Beach – ITSP Magazine, January 27, 2017
Cyber security career has massive potential – Belfast Telegraph, January 3, 2017

projects
OWASP Projects

Project Graduation Updates

Graduation is the process by which Projects move between Incubator, Labs, and Flagship levels. It includes a self review, followed by a review by our Senior Project Coordinator Matt Tesauro, and finally certified by our community through peer review. You can read about our recent Project Graduates or sign up to be a peer reviewer.


Combating the Vulnerability Chaos with OWASP DefectDojo

Greg Anderson invites you streamline your entire application security process by exploring DefectDojo with a live demo of the vulnerability aggregation tool.


OWASP is Once Again Participating in the Google Summer of Code Program

It is that time of year again! OWASP will participate in the Google Summer of Code (GSoC). We love that GSoC is a great vehicle to introduce students to both open source projects and application security with real, hands on projects. Long time Project Leader Konstantinos Papapanagiotou notes “GSoC is an amazing opportunity for projects to make significant progress in terms of code and attract new, enthusiastic contributors. On a personal basis I enjoy GSoC because it gives me the opportunity to interact with numerous students around the world and participate in one of the largest open source initiatives.”
To read more about this event and sign up to participate check out our blog post.

Conference
OWASP Events

Global AppSec Events

AppSec Europe 2017  8–12 May, 2017, Belfast, UK
AppSec USA 2017   September 19–22, 2017, Orlando, Florida, USA


Local and Regional Events

AppSec Africa 2017   February 1–2, 2017, Casablanca, Morocco
SnowFROC 2017   March 16, 2017, Denver, CO, USA
Latam Tour 2017   April 3–28, 2017, South America
OWASP Middle East Cyber Security Conference 2017   May 3–4, 2017, Dubai, UAE


Project Summits

OWASP Project Summit 2017 June12–16, 2017, London, UK


Partner and Promotional Events

Cyber Resilience & InfoSec 2017  February 6-7, 2017   Abu Dhabi, U.A.E.
SC Congress London   February 23, 2017   London, UK
CyberCentral   April 4-6, 2017   Prague, Czech Republic
QuBit Conference 2017   April 4-6, 2017   Prague, Czech Republic   OWASP members save 10% by using discount code: QB17OWASP
Cyber Security North Africa Summit   April 26-27, 2017   Cairo, Egypt  
SC Congress New York   May 2, 2017   New York, NY
Techno Security & Digital Forensics Conference  June 4-7, 2017   Myrtle Beach, SC
SC Congress Toronto   June 13-14, 2017   Toranto, Canada

AppSec EU 2017

chapters
OWASP Chapters

New Chapters!

Welcome to our new chapters in January!
Trichirappalli New Jersey Central
Chattanooga Surat
Vellore Iowa City
Ankara  
In 2016 OWASP grew in 2016—especially in Asia and the Middle East.
Jakarta Haryana
Mexicali Cebu
Malta Tallahassee
Varanasi Botswana
Richmond Punjab
Jodhpur Riviera Maya
Pondicherry Gandhinagar
Tripoli Sāo José dos Campos
Durgapur Medellin
Okinawa Fukushima
Burkina Faso Visakhapatnam
Alexandria Jalandhar
Cuttack  


From uni-directional to vibrant and dynamic: Ottawa Chapter on becoming a community

There are two challenges that consume most chapters: getting speakers and growing their community. The Ottawa Chapter documented their approach to growing 450% in one year. The key to their success was diversity of activities and actively courting a diverse membership. You can read more about their experiments on the blog.


Request for Blog Content

OWASP would like to start spotlighting chapter activity on our blog. If your chapter hosted and recorded an amazing talk that just NEEDS to be shared, or perhaps you ran a great event and would like to help other chapter follow suite think about writing a blog post to be shared on the OWASP Blog. Contact our community manager, Tiffany Long for more details.

Membership
OWASP Membership
We would like to thank the following companies for supporting the OWASP Foundation. The companies listed below have contributed this month by either renewing their existing Corporate Membership or joining OWASP as a new Corporate Member. Details about Corporate Membership can be found here.
 
Contributor Corporate Members
Accenture is a leading global professional services company, providing a broad range of services and solutions in strategy, consulting, digital, technology and operations. Combining unmatched experience and specialized skills across more than 40 industries and all business functions—underpinned by the world’s largest delivery network—Accenture works at the intersection of business and technology to help clients improve their performance and create sustainable value for their stakeholders. With more than 394,000 people serving clients in more than 120 countries, Accenture drives innovation to improve the way the world works and lives. Visit us at www.accenture.com.
 
Organizations worldwide use Black Duck’s industry-leading products to automate the process of securing and managing open source software, eliminating the pain related to security vulnerabilities, compliance and operational risk. Black Duck is headquartered in Burlington, MA, and has offices in San Jose, CA, London, Frankfurt, Hong Kong, Tokyo, Seoul and Beijing. For more information, visit www.blackducksoftware.com.
 
Cybozu%2BLogo%2B2017
Cybozu is a Japanese cloud computing vendor founded in 1997. Its service supports effective team collaboration hence our services are widely used from large-scaled teams like multinational enterprises to small-scaled teams like volunteer groups, clubs even families. “kintone” is one of the Cybozu’s key products released in 2011.
It is called "no-code application platform" which makes work more productive through business applications. It is recognized as one of the leading vendors in” Gartner 2016 Enterprise application Platform as a Service (aPaaS), Worldwide Magic Quadrant”.
Cybozu has been focusing on security enhancement. It has started "bug bounty project" in 2013 to find any vulnerabilities which may exist in its product in order to provide its customers with the most secure service possible.
For more information about Cybozu, please visit https://www.cybozu.com/jp/.
 
Want your name here? Find out how by visiting our Corporate Member information page, or contact or contact our Membership & Business Liaison Kelly Santalucia today! Thank you to all of our Premier and Contributor Corporate Members for your support in 2017!


New Membership Proposal

Over the last several months there have been a number of ideas put forth for how to modernize our membership plan from simply adjusting the cost to developing an entirely new membership organization. Our current membership plan is in need of optimization. This proposal includes back end system integration upgrades and modern price tier structures.
Concurrently, OWASP is upgrading our Association Management System (AMS) this spring; some of the improvements in the AMS will allow us to think about membership in a host of new ways. To this end our Operations and Membership team have put together a Flexible Individual Membership plan and updated our Corporate Membership plan. These plans account for our diverse membership are developed to optimize accessibility and growth. We are asking for the Community to provide feedback and the Board to vote on them at the February 8 meeting so that they may be included in the February AMS migration.

Feedback can be submitted via the board list or by attending the board meeting

Social Media
OWASP Social Media

OWASP Social Media Sites

No comments: