Friday, November 10, 2017

October 2017 Connector

OWASP Connector


Wed November 8, 2017

Operations Update

The September Operations Update includes vital information about OWASP's infrastructure initiatives, project activity, and Chapters. Read it for an overview of what is happening in OWASP.

OWASP Board of Directors Election is Reopened

Dear OWASP Community,

The OWASP Global Board has become aware of an issue that affects the integrity of our ongoing Board of Directors election.

It is with respect for the integrity of our election process, due sensitivity to the impact it will cause and fairness to all our candidates and voting members, that we have decided to halt the current election and restart it with a clean slate once the issue has been corrected. We do not take this action lightly, but as a unified Board feel we have a duty to do so. We are committed to free, fair, transparent and open elections.

There are two irregularities that need to be addressed to ensure that we have fair results:

  • A candidate was left off of the ballot.
  • Some community members whose membership expired between June - October had one of two issues:
    • Their memberships did not auto-renew.
    • They did not receive proper reminders that their membership was expiring and that they need to renew.

To address this we have opened a NEW 2017 OWASP Board of Directors election. In order to ensure fair results, the previous vote tallies have been zeroed out for this totally NEW ELECTION. Whether or not you already voted, please take a few moments to cast your vote and help decide the future direction of OWASP! If you are a member in good standing with voting privileges, you should receive an invitation to vote in the election by the end of the day today, 10/19/2017. If you do not receive an email, but believe you should have, or have any other issues related to the election, please email

The process behind the scenes for the past two days has been scrambling to ensure that the election is set up properly and doing a second review of the setup before re-opening.

Even as the election opens, OWASP Staff are working tirelessly to make sure that anyone who should be able to vote can. Unfortunately, this continues to be a highly manual process. The anticipated process and timeline is outlined below.

  • 10/19 - open election
  • 10/26-10/31 send renewal emails
  • 11/7 - close renewals related to voting
  • 11/8 - add those who renewed to Simply Voting
  • 11/16 - close voting
  • 11/17 - notify candidates
  • 11/20 - share the results with the community

It is critically important that the community participate in this important election in which we will be choosing four new board members.

I apologize again for the inconvenience caused through this process. Thank you for your support and patience as we worked through these issues. As always, feel free to contact me or other leaders directly in addition to the address above if you have further questions or concerns.

Thank you,

Matt Konda

OWASP Board Chair


Let OWASP Know How You Think We Should Construct our Budget

Every year the community gets the opportunity to tell the Board of Directors where they believe we should invest by giving input into the OWASP Annual Budget. This is the time that you can ask for funds beyond the grant amount 2k per year for resources to accomplish a particular goal for your chapter or project. You can also ask the board to implement funded initiatives, additional events, or anything that you believe will make OWASP more successful in 2018.

This year requests will go through the OWASP Service Desk hosted on Jira. You can read more about the process including Deadlines and how to submit on the OWASP Wiki

OWASP Leader Workshop

The semi annual Leader Workshop covered a lot of ground this year. The first half was devoted to our ongoing plans upgrade the infrastructure at OWASP. Since the meeting we have learned of a significant problem with our Association Management System (AMS) Migration. Correcting this issue is our largest concern at the moment. The second focus we have is our transition from mailing lists to Discourse. Once on Discourse you will be able to interact with the platform solely through your email if you wish.

Your input is invaluable and we thank you for your time.

The second half of the meeting was devoted to hearing what our Leaders need from the organization. We asked you to fill out charts listing what support is needed, what concerns need to be halted, and what has been working well for you. Overall we learned that our community is worried about vendor influence in our organization, but that the community was pleased with the OWASP Project Summit, Project outputs, and the continued efforts of the staff. Importantly we heard that Leaders see a deep need for funding projects, for increased infrastructure, and for better resources such as updated templates in more formats, swifter project start times, and shared resources such as access to staff recommended technical writers and graphics.

You can watch the meeting here, and discuss your thoughts either on the OWASP blog page or on the YouTube comments section.


AppSec USA Developer Summit

An invitation to the local community and attendees of Global AppSecs to join us for FREE security training in the days before the AppSec Global Conference, the AppSec USA 2017 Developer Summit was a huge success, drawing unprecedented crowds! 180 participants learned about threat modeling, API vulnerabilities, and hacking iOS from 4 trainers in 3 sessions held over the course of 2 days.

While our training is performed by volunteers and primarily aimed at developers and new AppSec professionals, everyone is welcome and even seasoned pros might learn something new.

Look to attend or teach at our next Developer Summit in Tel Aviv, details coming soon!

2018 AppSec Europe CfP and CfT are now OPEN

We are glad to announce that the 2018 AppSec Europe Call for Papers and Call for Training are now open.

The OWASP AppSec conference is Europe's premier venue for web applications leaders, software engineers, researchers and visionaries from all over the world. AppSec Europe gathers the application security community for a 5-day event to share and discuss novel ideas, initiatives and advancements in AppSec.  The 2018 conference will take place in Tel-Aviv from June 17th to 21st 2018, with papers/talks presented on 20th and 21st June and training from the 17th and 18th.

The special theme of OWASP AppSec EU this year is: Usable Security. How is security affected by the human aspects of users, developers and administrators? How do we design, deploy and manage a security system so that it will be used consistently and properly? What lessons can we learn from past success (or not-exactly-success...) stories in which the human factor played a major role?

Topics of interest include, but are not limited to the following:
  • Novel web vulnerabilities and countermeasures
  • New technologies, paradigms, tools
  • OWASP tools or projects in practice
  • Secure development: frameworks, best practices, secure coding, methods, processes, SDLC
  • Browser security
  • Mobile security and security for the mobile web
  • Cloud security
  • REST/SOAP security
  • Security of frameworks
  • Large-scale security assessments of web applications and services
  • Privacy risks in the web and the cloud
  • Management topics in Application Security: Business Risks, Awareness Programs, Project Management, Managing SDLC
To ensure the best talks available are presented at AppSec Europe blind reading is being incorporated as part of their process. This means that names and job titles will be removed when the paper abstract is being reviewed. All speakers will be given access to speaker mentorship. 

The submission deadline is January 5, 2018. Please submit your proposal through EasyChair and encourage your favorite trainers and speakers to apply as well.

Upcoming Events

  • AppSec Europe 2018 — June 17–21, 2018; Tel Aviv, Israel
  • AppSec USA  — Fall 2018; San Jose, CA, USA

Regional and Local Events

Training Events

  • Seminario Universitario de Ciberseguridad  — November 10, 2017; Cali, Colombia

Partner and Promotional Events



Chapter Health Checks                                                                 

It is time again for us to conduct our annual Chapter health check.  It will go forward from 11/9 and take several weeks.  Normally the health check entails Tiffany, the community manager, checking the wiki page of every Chapter to make sure that they have made the minimum number of meetings (each chapter must host a minimum of 4 meetings to be considered active and all meetings must be posted on the wiki to be considered open) and following up with chapters who did not manage to make the minimum number of meetings or seem at risk.  During this time she offeres support about building chapter attendance, running a chapter, and raising activity as needed.  

However, this time will take a little longer as we will be reaching out to each Chapter in alphabetical order to ensure that the Chapter's information has made the AMS transition intact.  To streamline the process, please make sure that your wiki page is up to date with all of the meetings you hosted this year. This is a great opportunity to reach out with questions about activities, budgets, or other matters.

Welcome New Chapters!                                                               

We would like to welcome these new chapters:

Madurai                Sioux Falls                Ahmedabad



The OWASP Foundation, 1200C Agora Drive #232, Bel Air, Maryland, 21014, USA

Labels: , ,


Post a Comment

Subscribe to Post Comments [Atom]

<< Home