Monday, March 6, 2017

OWASP Operations Update for March 2017

Welcome to the operations update for March 2017.  This is a continuation of the series of blog posts about what's happening at the OWASP Foundation.  The previous post is available here.

Major efforts, status of those efforts and important changes from last time:

OWASP IT infrastructure hosting.  Rackspace has ended the donation of hosting to the OWASP Foundation causing a rethink and reshuffle of IT resources.

  • Roughly 1/2 of the servers running at Rack have been relocated to other resources.
  • Additional workload / server migrations have been added to this effort as the hosting for the AppSec EU conferences is moving to the Foundation's infrastructure.
    • Thanks for Dirk for this many years of maintaining those hosts.
    • Migration of the AppSec EU hosting will be concluded by March 30th.
  • Still at Rackspace: Wiki web and db servers, Mailman, and a general purpose server used primarily for static content and http(s) forwards.
The Website Reboot aka TWR - a major effort to update and modernize OWASP's web presence.  Since last month, we've:
  • Continued progress on Phase 1 - updating the wiki to 1.27.x
    • Due to the unexpected end of the Rackspace donation, the Ansible deploy and update code had to be refactored to remove the Rackspace-specific portions.  That work is nearly complete.
    • The new deploy target for the OWASP wiki web and db servers is AWS which will be reflected in the Ansible deploy code
    • As soon as the Ansible refactoring work in complete and tested, the OWASP wiki and db will be updated to 1.27.x and migrated to the AWS infrastructure.  
    • Target completion date March 20th
      • Allows two weekends aka low traffic periods to conduct the migration
  • Phase 2 - Wiki style updates
    • The RFP for the creation of a new look and feel for the OWASP wiki is starting the week of March 6th.  Look for a call for participation shortly.
    • RFP will include a MediaWiki theme and CSS and other styling guidelines to use across the OWASP web presence, including
      • The new web pages available post Assoc. Mgmt System (AMS) migration - more below
      • The new Discourse installation
      • The OWASP Blog
  • Phase 3 Single Sign-on & Phase 4 Wiki content and organization RFPs are scheduled to go out in the 3rd week of March

The OWASP Communications Plan - a staff-created plan to professionalize how OWASP interacts with its community and the world at large.

  • Migration to Discourse to Mailman
    • Temporarily paused during reshuffling of the OWASP IT Infrastructure - details above
    • Migration will be timed to coordinate with the retirement of the Mailman installation at Rackspace.  Mailman migration will occur after the Wiki has new hosting.
  • Beta program for the Foundation's Global Meetup account is continuing.
Other Major Efforts in progress
  • OWASP Staff Summit 
    • In person meeting of all OWASP staff to plan operations tasks for 2017
    • February 22 to March 2 - look for outcomes in future Ops blog posts
  • Association Management System (AMS)
    • Kate begins on the first step of this multi-step migration the week of March 6th
    • Migration will be tested in a sandbox installation then applied to production
    • Expected time frame: 8 to 12 weeks
    • Goal and outcome:
      • Updated version of the AMS software used with Salesforce allowing for greater interactions with the community, OWASP leaders engagement, improved event registration, multi-currency handling and a host of other improvements rolling out during 2017.
  • Google Summer of Code
    • Google selected the participating organizations on February 27 and unfortunately OWASP  was not selected
    • Currently working with Project Leaders on alternate plans to handle the proposed GSOC activities
  • AppSec EU 2017's Project Summit
    • Gathering reviewers together to conduct a strong project review push during the AppSec EU 2017 conference
    • Reviewing the process of project graduation from Incubator to Labs and Labs to Flagship
    • Other topics covered include: Badges and gamification, project funding and more...
  • Project Handbook review and request for updates
    • The content of the Project Handbook has been converted to Markdown and moved to GitHub - check out its new repo!
    • Using GitHub allows the community to update the handbook content while the wiki is reorganized to remove the multiple templates used currently for the handbook.  
    • PRs accepted.  Fork the repo now or add an issue to the repo.
    • Once updates are complete, the version will be tagged, converted to MediaWiki markup and moved to the OWASP wiki.
    • Our own Claudia (Project Coordinator) will be conducting a session on the project handbook at the London Project Summit - more details as the plans solidify.

  • AppSec EU 2017
    • Paper review finalized.  Conference program will be published this week
    • Conference dinner finalized
    • Photographer contract pending OWASP signature
    • OWASP room block accommodations need confirmation dates
  • AppSec USA 2017
    • Static web site published
    • Empty WordPress site provided to the conference team
    • Sponsorship packages are being sold

Membership and Outreach
  • Membership for 2017 is still going strong - 19% of yearly goal currently
    • Total individual members: 2,464
    • Total corporate members: 67
  • Membership video - continuing to progress
    • Met with video company, collected details necessary to start shooting the video
    • Started working with Hugo to create a new membership flyer to highlight the new membership model approved by the board during the February Board Meeting.

Per the request of the OWASP board, we've included a chart of the staff's interaction with the broader OWASP community via submitted cases to staff:

Case Life Cycle Report Q1 2017

As always, the OWASP staff are here to make the OWASP community even stronger.  If you have a question, concern or need let us know using the 'Contact Us' form.  Also, feel free to attend, suggest or otherwise engage the OWASP Foundation further at the March 8th Board Meeting.

Your friendly neighborhood OWASP staff:
    Kate, Kelly, Alison, Laura, Claudia, Tiffany, Dawn and Matt

Labels: ,


Post a Comment

Subscribe to Post Comments [Atom]

<< Home