Friday, May 5, 2017

OWASP Operations Update for May 2017

Welcome to the operations update for May 2017, our ongoing series of updates on what's happening at the OWASP Foundation.  The previous post is available here.

Major efforts, status of those and important changes from last time:

OWASP IT Infrastructure hosting - Rackspace ended the donation of hosting for the OWASP Foundation, migration and updates continue.

  • 6 hosts remain at Rackspace
    • Migrations were paused to migrate AppSec EU conference hosts to the Foundation Infrastructure
    • Current efforts have concentrated on the preparation needed for migrating from Mailman to Discourse (more below)
  • POC install of the wiki infrastructure on AWS is scheduled to begin mid-May and was pushed to accommodate the AppSec EU conference, the EU server migrations and the work on Discourse.
    • Migration to AWS will including updating the wiki software to the 1.28.x branch of MediaWiki
The Website Reboot - aka TWR - A major effort to update and modernize OWASP's web presence
  • Phase 1: Updating wiki source to 1.27.x - COMPLETE
    • The wiki will continue to run 1.27.x source until after the AWS migration
    • New extensions compatible with 1.27.x have been added to streamline management of the community's wiki accounts
  • Phase 2: Wiki style updates
    • RFP for the wiki style phase will go out mid-May after being delayed by the AppSec EU server migrations
    • RFP will include a MediaWiki theme plus CSS and associated style guides for including the style in other Foundation web assets including:
      • New pages made available after the AMS migration (see below for details)
      • New Discourse installation
      • the OWASP blog
  • Phase 3: Single Sign-on - SSO will be tested and POC'ed during the AMS migration
  • Phase 4: Wiki content and organization
    • Research continued into the current 'organization' of the wiki and POC's for the category hierarchy have been conducted.
The OWASP Communication Plan
  • Migration from Mailman to Discourse
    • Sandbox / POC Discourse server setup to allow demos, functional experiments and familiarization by the OWASP staff
    • Dev instance of Discrouse setup to assist in automation coding efforts against the Discourse REST API
  • Beta program for the Foundation's Global Meetup account continues
OWASP 2017 Strategic Training Goal
  • TLDR:  Host 4 trainings worldwide of ~500 attendees geared towards developers and entry-level security professionals - further details on the wiki.
  • Locations and targeted dates
    • Israel - mid-October
    • Tokyo - late September
    • Boston - October
    • Bangalore - November
  • Call for Trainers template is complete and CFT will begin mid-May
Association Management System (AMS) upgrade
  • Migration to a new AMS continues to make progress
  • Highly complex, multi-step process will take 8 to 12 weeks
    • Accounting module and associated workflows - COMPLETE
    • Membership module - in process
      • Note: Membership module will require custom development to fit our needs.  The effort has been scoped, contracted and work has begun.
    • Event module - in process
  • Goal and Outcome
    • An updated version of the AMS used with Salesforce allowing for greater interactions with the community, OWASP leaders engagement, improved event registration, multi-currency handling and a host of other improvements rolling out in 2017.
Projects
Events
Membership
 
  • Individual membership: 2,676 individual members or 44% of the yearly goal
  • Corporate membership: 63 corporate members or 41% of the yearly goal
  • Updated membership flyer for the new membership model has been created and Hugo is sending the final copy to the Foundation
  • AppSec EU 2017 Sponshorships - €167,933
    • 2 Diamond, 1 Platinum, 11 Gold, 5 Silver, 1 Pre-Conf Reception, 1 CTF, 1 University Challenge, 1 Lanyard, 2 Sponsor Hall Banners, 2 Carpet Stickers
  • AppSec USA 2017 Sponsorships - $324,500
    • 7 Platinum, 10 Gold, 7 Silver, 1 Bag, 1 Lanyard
Community
  • New Chapters:  OWASP would like to welcome the new chapters in Kyiv, Sukkur, Senegal and Da Nang.
  • Chapter Orientation
    • Since September all new chapters were requested to have an Orientation meeting via GoToMeeting.  Since then these meetings have been refined into a  series of standing one on one appointments for any Chapter Leaders starting a new chapter, any new chapter leaders who wish to join, and any current leaders who want to take a refresher.
    • So far reactions have been good.  Many experienced chapter leaders have expressed a wish for this when they got started and follow up emails with procedural questions have dropped from an average of 5 per new chapter to 10 total in the last 8 months.  We have also seen an uptick in new chapters using funds and getting multiple leaders on board.  All of these are indicators of early chapter health.  Board members, and staff, and community can read the draft of the orientation outline.  The document will be made public in the form of the Chapter FAQ in the next few weeks.
    • We are also using this outline to better our communication with parts of the world where English is not a viable business language.  At this time we have had our first Pan LATAM meeting and are planning our first Japanese meeting after AppSec Europe.
  • OWASP Leaders Meeting @ AppSec EU
    • The OWASP Leaders Meeting @ AppSec EU will unveil the sneak peeks of our new communication platform and the new AMS.  These will streamline chapter communications and allow Chapter Leaders to gain more insights and control of chapter activities.  Join us in Room One at 18.45 on May 10th in the waterfront center. 
Serving the Community

Per the request of the OWASP board, we've included a chart of the staff's interaction with the broader OWASP community via submitted cases to the Foundation.  On April 11th, case number 10,001 was submitted - over 10,000 cases handled by the OWASP staff - impressive! 

Q1 2017 Cases

 


2017 Year to Date Cases

 


As always, the OWASP staff are here to make the OWASP community even stronger.  If you have a question, concern or need please let us know using the 'Contact Us' form.  Also, feel free to attend, suggest or otherwise engage with the OWASP Foundation further at the May 9th Board Meeting.

Your friendly neighborhood OWASP staff:
    Kate, Kelly, Alison, Laura, Claudia, Tiffany, Dawn and Matt

Editor's Note 5/12/17 1.23 BST: Previously this post identified Delhi as a target city.  The correct city is Bangalore.  

3 comments:

Thorin said...

Can someone provide an update on Code Sprint 2017?

It currently says that student submissions should have started 5 days ago on the wiki:
https://www.owasp.org/index.php/OWASP_Code_Sprint_2017#ALL_STUDENTS_PLEASE_APPLY_HERE
"ALL STUDENTS PLEASE APPLY HERE

Student application submission is not open currently but will open on May 15th. "


Tiffany Long said...

Thorin, There is an update to the code sprint coming out on Thursday, and you can reach out to Claudia to get further information in the meantime.

Tiffany Long said...

Thorin, the code sprint blog post is now up! https://owasp.blogspot.com/2017/05/owasp-code-sprint-2017.html