August 8, 2011/Project Manager Report

New Projects Set Up

 * OWASP GoatDroid Project, led by Jack Mannino


 * OWASP WhatTheFuzz Project, led by Joe Basirico


 * OWASP ESAPI C++ Project, Project leader not yet defined


 * OWASP ESAPI C Project, led by David Anderson
 * OWASP Security Tools for Developers Project, led by Mark Curphey


 * OWASP Data Exchange Format Project, led by Psiinon and Dinis Cruz


 * OWASP Cheat Sheets Project, led by Sherif Koussa and Jim Mannico

Assessed Releases
OWASP Zed Attack Proxy Project – Release ZAP 1.3.0, led by Psiinon

New Releases Set Up
OWASP Mantra - Security Framework – Release Mantra Security Toolkit – 0.61 Abhi M BalaKrishnan

OWASP ESAPI Objective - C Project – Release Alpha, Deepak Subramanian http://code.google.com/p/owasp-esapi-objective-c/downloads/detail?name=ESAPI_ObjC_Framework_v0.0.1_Alpha.tar.gz

OWASP X5s Project – Release - x5s v1.0.1, ChrisWeber https://www.owasp.org/index.php/Projects/OWASP_X5s_Project/Releases/x5s_v1.0.1

OWASP ModSecurity Core Rule Set Project - Release - ModSecurity 2.2.0, Ryan Barnett https://www.owasp.org/index.php/Projects/OWASP_ModSecurity_Core_Rule_Set_Project/Releases/Current

OWASP Esapi- Ruby, Release 0.30.0, Paolo Perego https://rubygems.org/gems/owasp-esapi-ruby/versions/0.30.0

Work accomplished/roundly 6 months of activity

 * My daily routine always includes answering a relatively wide range of questions regularly posed by OWASP members and mainly by OWASP Projects leaders. The variety of matters that I currently deal with can be checked in my email tool and the tree of folders built to store, follow up and organize them as follows 1,2,3,4,5,6,7,8,9. I would like to note that to perform this task, and all the others projects' related ones, I have always had relevant support and guidance from the OWASP Global Projects Committee.
 * As Project Manager, a substantial part of my work always involves setting up new projects and releases. Please check here the work done on Projects.
 * I've built the OWASP Projects Dashboard 2.0 and kept all of its databases up-to-date as follows:
 * OWASP Reviews Dashboard,
 * OWASP Project Reviewers Database,
 * Projects 2.0/By Set Up Date Order,
 * Projects 2.0/By Alphabetic Order,
 * OWASP Training.
 * I've contributed to the Summit 2011 setting up. All the organization process was mainly a teamwork but my contribution can be divided in 4 distinct parts. The first concerned the initial task of choosing venue and partners and obtaining an initial cost estimation. The second regarded the final push up to make sure all the Summit participants had their task of setting up partial working sessions timely concluded. The third, has involved designing a flexible schedule concept to deal with both a very large amount of contents to be treated and the need of deciding on a daily basis what would be scheduled. This part of my participation also includes the integration of the team that kept the scheduled updated throughout the entire event. The fourth, concerned the work previously done to assure that the presence in the event of a Portuguese Government representative and that the right conditions to produce a protocol for mutual engagement in education activities were created.
 * I've translated from Portuguese to English the draft made available by Luís Magalhães, the Portuguese Government representative that was present in the Summit, for us to work on and build up a Protocol of Cooperation between UMIC - The Knowledge Society Agency and OWASP Foundation Inc.
 * I've promoted and had a few meetings with Dinis Cruz and Carlos Serrão (Portuguese Chapter Leader, acting in representation of ISCTE, a Portuguese university) to try and come up with a concept of OWASP Training Academy that can support the protocol with UMIC. We are thinking of a concept in which the training is OWASP materials based, the courses are organized by Universities and the trainers are provided by private companies. Currently, we are waiting for ISCTE's clarification in terms of its role in all this process.
 * Together with Konstantinos Papapanagiotou, I've set the OWASP projects and resources you can use TODAY/Greece Chapter Training Course.
 * Sandra Paiva has been contracted, in October 2010 (3 months length contract) to the position of OWASP Training Manager, to be responsible for managing the OWASP ‘Chapter-lead’ Training activities and operationalizing the concept of 'OWASP Academies'. Throughout this process, she was managed by Dinis Cruz and reported directly to the OWASP Board. I have worked daily and directly with her providing training and guidance on all aspects related with OWASP organization and culture and trained her on the wiki usage, manipulation and coding (creation and update of pages, creation of tables and databases).

Proposal of future activity

 * To continue answering all received projects' related questions.
 * To continue setting up new projects and new releases as requested.
 * To continue spreading the GPC templates through all OWASP projects.
 * To implement all GPC requests and concretely to support its plans to:
 * Carry out the Project Hosting initiative as a tool to provide a centralized repository for OWASP;
 * Build a new OWASP Projects Portal;
 * Design the second leg of the assessment criteria 2.0, i.e., its Project Health component.
 * As soon as the above referred assessment's second leg is designed and approved, to begin a process to evaluate as much Projects as possible.
 * To set up the OWASP free training component of the OWASP LatAm Tour, if the activity is ultimately approved.
 * To set up all the OWASP free training courses that may be requested by OWASP Chapters.
 * To continue working with Dinis Cruz, Carlos Serrão and Konstantinos Papapanagiotou to produce an initial/draft proposal of an OWASP Training Academy.