Monday, April 10, 2017

OWASP Operations Update for April 2017

Welcome to the operations update for April 2017, part of our ongoing updates about what's happening at the OWASP Foundation. The previous post is available here.

Major efforts, status of those efforts and important changes from last time:

OWASP IT Infrastructure hosting.  Rackspace ended the donation of hosting for the OWASP Foundation, migrations and updates continue.

  • 6 hosts remain at Rackspace, 2 hosts targeted for migration week of April 10th
    • Migrations temporarily paused to migrate the AppSec EU hosts to Foundation infrastructure.
  • POC install on AWS for the wiki is scheduled to complete by end of April
    • Migration to AWS will also include an update to 1.28.x branch of the wiki source moving OWASP from LTS to the latest stable branch
The Website Reboot aka TWR - a major effort to update and modernize OWASP's web presence.

  • Completed Phase 1 - Updating the wiki source to 1.27.1
    • Wiki source was updated to 1.27.1 and a Visual Editor (WYSIWYG) added to the wiki beating the March 20 deploy deadline.  Here's my post to the leaders list with the details
    • On April 9th, the wiki was updated again to 1.27.2 to address 9 security issues - see the release notes if you're curious.
      • Updates also included an update to Parsoid - the service that powers the Visual Editor
    • Several new Wiki extensions are planned for the wiki including CAPTCHAs for account requests and several to assist staff manage the wiki more efficiently.  More on those as they are added over April and May
  • Phase 2 - wiki style updates
    • RFP creation pushed to April due to unplanned AppSec EU server migrations.  RFP is expected by end of April
    • RFP will include a MediaWiki theme, CSS and other styling guidelines to use across the OWASP Foundation's web presences including:
      • The new web pages available after the Association Management System (AMS) migration
      • The new Discourse installation
      • The OWASP Blog
  • Phase 3 (Single Sign-on) and Phase 4 (Wiki content and organization) have begun to be further researched.  
    • Single Sign-on using @owasp.org identities will be tested during the AWS POC.
    • Initial research into the current organization of the wiki found over 500 categories across the wiki - may with a single page for the entire category.  Reorganization will represent a significant effort.
The OWASP Communications Plan - a staff-created plan to professionalize how OWASP interacts with its community and the world at large.

  • Migration from Mailman to Discourse - migration paused and re-prioritized as part of the migration from Rackspace hosting since Mailman is currently hosted there.
  • Beta program for the Foundation's Global Meetup account continues.
Other Major Efforts in progress

  • OWASP Staff Summit - the in-person planning meeting for OWASP staff
    • Staff Summit was very successful and resulted in multiple internal and external system and process optimizations
    • Planning for the Foundation Board's 2017 Strategic Goal was created during the staff summit
  • Association Management System (AMS)
    • Kate has begun the migration/upgrade to a new AMS for the Foundation
    • This is a highly complex, multi-step process covering 8 to 12 weeks
      • Completed accounting module and associated workflows
      • Membership and events are next
    • Goal and outcome
      • An updated version of the AMS software used with Salesforce allowing for greater interactions with the community, OWASP leaders engagement, improved event registration, multi-currency handling and a host of other improvements rolling out during 2017.
  • Foundation Boards 2017 Strategic Goal
    • In brief:  Hosting 4 Free 500 person training events worldwide targeted at developers and entry level security professionals
    • 2017 target cities: Boston, Delhi, Tel Aviv and Tokyo
    • Looking for a good name for the training series, twitter suggestions include variations of "No Goat" and "Anti-Goat"
Projects
Events
  • AppSec USA 2017
    • CFP & CFT Open
    • 2 keynotes confirmed
    • Sponsors selling well
    • Working on advertising the conference, CFP & CFT
    • Working with the venue (discounted Disney tickets and daycare/nursery room)
  • AppSec EU 2017
    • Finalizing the brochure
    • Working on the conference signs
    • Placing orders for swag
    • Over 300 people registered
  • LATAM Tour 2017
    • 5 events so far (Manizales & Bogotá, Colombia. Montevideo, Uruguay. República Dominicana. Quito, Ecuador)
    • Over 500 attendees so far
Membership and Outreach
  • OWASP Foundation membership continues to be strong
    • 2,501 active individual members 
      • $34,075 or 31% of yearly goal
    • 68 active corporate members
      • $150,000 or 38% of yearly goal
  • Work continues on the design of the new membership flyer with Hugo which will cover the recently updated and approved model for individual memberships.
  • AppSec EU 2017
    • Sponsorships sold to date €169,233.00
      • Sold out sponsor opportunities - Diamond, Pre-conf Reception, CTF, University Challenge, Lanyards
    • Developer Summit at AppSec EU 2017
      • All 3 sessions have been filled with trainers!
    • Membership lounge at AppSec EU - planning in progress
  • AppSec USA 2017
    • Sponsorships sold to date: $312,500.00
      • 7 Platinum, 9 Gold, 1 Silver, 1 Bag, 1 Lanyard
Community
  • 25 potential new chapters
  • New Chapter Orientation Meetings
    • Well received and helpful to new and long-time leaders alike
    • Can be tricky for LATAM and Japan leaders due to language barriers
    • Presentation planned to help leaders run the meeting when there are language barriers so the leaders don't have to be translators for those meetings
Per the request of the OWASP board, we've included a chart of the staff's interaction with the broader OWASP community via submitted cases to staff:



As always, the OWASP staff are here to make the OWASP community even stronger.  If you have a question, concern or need please let us know using the 'Contact Us form.  Also, feel free to attend, suggest or otherwise engage with the OWASP Foundation further at the April 12th Board Meeting.

Your friendly neighborhood OWASP staff:
    Kate, Kelly, Alison, Laura, Claudia, Tiffany, Dawn and Matt



No comments: