Friday, February 3, 2017

OWASP Operations Update for February 2017

Welcome to the operations update for February 2017.  This continues the series of blog posts updating the community about the happenings at the OWASP Foundation.  The previous post is available here.

Major efforts, status of those efforts and important changes from last time:

OWASP is evaluating hosting providers.  After Rackspace discontinued their donation of hosting services, OWASP is evaluating options for hosting its IT infrastructure.  We discovered this on January 31st after speaking with our account representative at Rackspace.

  • First, thanks to Rackspace for providing up to $2,000 USD in cloud hosting on Open Stack since the fall of 2011.  The long term donation of hosting was very helpful and greatly appreciated.
  • OWASP is reviewing our current hosting needs and evaluating whether to stay or migrate to a different hosting provider.  Wherever we end up, it will be an API-driven, elastic cloud based hosting provider.  After years of being on Open Stack, we don't want to leave a dynamic infrastructure environment.
  • A plan for hosting both short and long term will be in place by February 10th, 2017
The Website Reboot aka TWR - a major effort to update and modernize OWASP's web presence.  Since last month, we've:
  • Continued to make progress on Phase 1 - updating the wiki to 1.27.x
    • Ansible to deploy the wiki servers has been written and tested
    • We are holding the deployment temporarily due to the unanticipated end of Rackspace's hosting donation
    • We're spending the week of Feb 6th to determine where to host the updated production version - either at Rackspace or a new provider.  This may require some minor changes to the Ansible deploys to replace the Rackspace specific portions.
  • Next up Phase 2
    • Blocked: waiting for the 2017 Budget to get approved by the OWASP Board
The OWASP Communications Plan - a staff-created plan to professionalize how OWASP interacts with its community and the world at large.  Here's where our efforts on this were focused in January:
  • Migration to Discourse from Mailman
    • SaaS provider setup a production instance of Discourse for OWASP in mid-January
      • Should have been an empty instance to fill with the migration data
      • Regrettably the provider moved our test data aka cruft over to production by mistake
      • The production site is getting the test data removed currently
    • Schedule for migration is up in the air due to the potential hosting changes and the demand on staff time to adjust and plan for that change.  Its on the short list, we're just not sure where at this moment.  Scheduling will be part of the hosting plan completed by February 10th, 2017.
  • Beta program for the Foundation's Global Meetup account is continuing.
Other Major Efforts in progress
  • Association Management System (AMS)
    • Kate completed a week long training on the new system - training was provided as part of the licensing of the AMS software
    • Implementation of the AMS including migration of the current system to the new system is planned for early February as soon as the membership plan (below) is finalized by the OWASP Board.
    • Migration is a complicated effort of contractors and OWASP staff and is expected to take between 8 and 12 weeks and include significant clean-up of our Salesforce data.
    • Blocked: waiting on the board decision on the proposed membership changed below
  • Updating Membership Models
  • Health Checks on all OWASP Projects were started during January and completed on the 30th
    • Beyond the normal health checks, all wiki and Salesforce data was cross-checked
      • Current releases for all projects were added to Salesforce in preparation for future project meta-data automation
    • Next steps
      • Abandoned and outdated projects in Salesforce will be cleaned up
      • Project Leaders will be contacted for any missing or out-of-date information
  • GSOC 2017 is gearing up!
    • Application for Participation will be submitted to Google on February 9th
    • 9 projects have submitted for participation
    • More information on the GSOC 2017 Blog post
  • Volunteers Needed
    • We've got several projects under review and need your help with reviews - let us know you're up for the challenge with the Contact Us form.
  • New Project: OWASP Off The Record 4 Java Project
  • Project Handbook Update
    • The content of the project handbook is being converted to Markdown and moving to Github in February for a thorough review and update 
      • PRs and issues are encouraged and will be gladly accepted - source controled, versioned Project Handbooks, oh my!
      • Look for an announcement later in February via the Leaders List and our various social networks of the Github repo for the Project Handbook
    • Once the new content is finalized, it will be converted from Markdown and posted on the wiki.
      • Future updates will happen on Github and the wiki page will be set to the current 'stable' version
Updates on events for 2017
  • 2017 started with a successful AppSec California 2017 conference on January 23rd to 25th
  • AppSec EU - Belfast, UK
    • Sponsors: 13 exhitbits + 3 a la carte
    • 4 keynotes confirmed
    • CFP closed & CFT closed with selection finalized
    • Call for Activities open
  • AppSec USA 2017 - Orlando
    • Call for Papers & Cal for Trainings in progress - available soon
    • Initial website launched
  • Many upcoming regional, local and outreach events - find out the details on the events wiki page
Membership and Outreach
  • Membership for 2017 is starting out strong - already at 10% of the yearly goal!
    • Total individual members: 2,430
    • Total corporate members: 69
  • Updated Membership information - check it out 
  • Membership video
    • Proposal to create a membership video was approved - work on it begins on February 6th
  • Membership Model Update board vote (mentioned above) is eagerly awaited so planning of the June membership drive can continue
  • Chapter Leader Handbook is ready for review 
  • Other documents ready for review
  • Search and evaluation of a marketing company is pending finalizing the 2017 OWASP Foundation budget
As always, the OWASP staff are here to make the OWASP community even stronger.  If you have a question, concern or need, let us know using the 'Contact Us' form.  Also, feel free to attend, suggest or otherwise engage the OWASP Foundation further at the February 8th Board meeting.

Your friendly neighborhood OWASP staff: 
     Kate, Kelly, Alison, Laura, Claudia, Tiffany, Dawn and Matt

Labels: ,


Blogger Unknown said...

2/8 will be the public board meeting details here,_2017

February 6, 2017 at 5:56 AM  
Blogger h4x0rdi3 said...


We can host the owasp Website inside of virtual Village for free not including hardware. Free power, pipe and ip space . Lets have a conversation on how we can get his done

February 13, 2017 at 5:16 PM  

Post a Comment

Subscribe to Post Comments [Atom]

<< Home