OWASP Project Manager Activity Reports/April 05 2013

Work accomplished since March 11, 2013

 * Project Numbers
 * Active Projects: 141
 * Inactive Projects: 67


 * New Incubator Projects
 * OWASP Dependency Check
 * OWASP Scada Security Project
 * OWASP Cornucopia
 * OWASP PHPRBAC Project
 * OWASP Secure Application Design Project
 * OWASP Hive Project


 * Project Announcements
 * OWASP Periodic Table of Vulnerabilities Project: Working Group Forming.
 * A working group is now forming under the leadership of James Landis to produce the 1.0 draft of the OWASP Periodic Table of Vulnerabilities.
 * The goal of this project is to identify the ideal solution target for known web application vulnerability classes as a first step toward eliminating many classes of vulnerabilities altogether.
 * OWASP iGoat Project V.2.0 Released!.


 * Projects Under Review
 * OWASP Cheat Sheets Project: Test Reviewed.
 * OWASP Java HTML Sanitizer Project: Test Reviewed.
 * OWASP Codes of Conduct: Completed.
 * Xenotix XSS Exploit Framework: New Review Submission.

Project Manager Q2 2013 Objectives

 * 1) Continue grant funding research: Target $150,000 in 2013. ($5000 left to raise to reach target for 2013)
 * 2) Finalize and Implement New Project Infrastructure processes. (Ongoing)
 * 3) Coordinate OSS and OWASP Track documentation, guidelines, and processes as they apply to Global AppSec Conferences. (Ongoing for 2013)
 * 4) Increase Sales Force use for project management. (Ongoing)
 * 5) Complete and Launch Projects page. (Completed)
 * 6) Finalize the Project Leader Handbook. (Completed)

Currently Working On

 * Grant Opportunities Recap & Updates
 * Guidebooks Proposal: We are still waiting for the first payment. DHS is currently reviewing their budgets for the year so their funds are frozen until then.
 * Amount: $25,000
 * ESAPI Proposal: This proposal is still under review.
 * Amount: $25,000
 * Google Grants: We have been awarded this grant. Working on developing strategies to implement/use these funds.
 * Amount: $120,000 a year in Google Adwords Money
 * ModSecurity Proposal: This proposal is still under review.
 * Amount: $30,000
 * OWASP Static Analysis Tools Funding Opportunity: DHS
 * There is a possibility of funding some of our Static Analysis tools.
 * Kevin Greene is responsible for a different program than the DHS program that has already funded us.
 * Kevin and I plan to discuss the possibility of moving forward with a project once their budgets are released for the year.


 * Total Grant Funds Awarded: $145,000 for 2013 so far.
 * Project Reviews Process: Workflow Adjustment
 * Testing of original Reviews Process developed in early 2013 produced quality concerns.
 * I developed a new management work flow with Jim Manico's assistance.
 * It will involve a working group of technical project advisors headed by a member of the board.
 * I feel this person should be, Jim Manico, as he has shown great dedication and support to our projects overall. (Lead Technical Project Advisor).
 * The working group should be made up of the following areas: Secure Development, Secure Lifecycle Activity, Static Analysis, Dynamic Analysis, Governance, and Knowledge.
 * Each of these areas should be a project division role filled by one individual.
 * Each role will have a six month limit, or the individual can resign the post if he/she can no longer fulfill the role's duties.
 * These roles will be responsible for reviewing projects, and increasing the quality of the project review process and criteria.
 * This working group will be managed by the Lead Technical Project Advisor with updates and outcomes reported to the OWASP PM.
 * Projects Review Process Proposal


 * AppSec USA: OPT &OSS
 * We are developing two different event modules for AppSec USA.
 * OPT: This event module will be omitted for AppSec USA.
 * OSS: This event module will be altered to include a full day of 30 minute, presentation like demos.
 * Mini Project Working Groups: This event module will be developed for this conference. The idea is to coordinate working groups for a hand full of projects at the conference.
 * Project Leader Workshop: I will put together and run the Project Leader Workshop at AppSec USA.


 * AppSec EU Research: OPT &OSS
 * I started creating documents for the AppSec EU Research Open Source Showcase and OWASP Projects Track.
 * AppSec EU Research OPT Form.
 * AppSec EU Research OSS Form.
 * AppSec EU Research Projects Document.
 * I am waiting to hear from the local conference organizers on how they wish to proceed with this event module.


 * Black Hat EU
 * I am scheduled to attend Black Hat EU this week.
 * I am helping manage our OWASP Booth for two days.
 * Goal: Familiarize myself with Black Hat event management, branding, activities.
 * Martin Knobloch and Ferdinand Vroom are scheduled to volunteer as well.
 * I will be attending the Netherlands Chapter Meeting during the conference as well.


 * OWASP Marketing
 * I am taking a more active role in OWASP's Global Marketing Initiatives.
 * The next initiatives meeting will involve the Marketing Company we are currently working with.
 * They will present their Phase 1 research findings to the entire community.
 * Goal: To develop a marketing and brand strategy for the organization.
 * I will coordinate Phase 3 & 4 of our Marketing Initiatives.

Important Projects Division Outcomes and Discussion Points

 * 1) GPC Meeting: February 15 2013 Project Manager Report
 * 2) GPC Meeting: February 22 2013 Project Manager Report
 * 3) Project Manager Report: March 01 2013
 * 4) Project Manager Report: March 08 2013
 * 5) I will have a projects meeting each month that will be open to all the OWASP community starting in April.
 * 6) I continue to developing a template, visual branding, and review criteria to meet our project identification needs as I feel this is a very important distinction to make between our projects.