Difference between revisions of "GPC/Meetings/2013-22-03"

From OWASP
Jump to: navigation, search
(Created page with "__TOC__ = Project Division Updates = *'''[https://docs.google.com/a/owasp.org/spreadsheet/ccc?key=0AllOCxlYdf1AdFdaYXJ6SDFXNXBaemNwbnNHN3N5RVE#gid=16 Project Numbers]''' **Ac...")
 
 
(3 intermediate revisions by one user not shown)
Line 17: Line 17:
 
==Currently Working On==     
 
==Currently Working On==     
  
*'''Black Hat EU 2013'''
+
*'''OWASP Asia Leadership Outreach Project'''
**I attended the Black Hat EU conference this week.  
+
**This Asia Leadership Outreach Project came about during the discussion Dhillon and I had about OWASP at the Kuala Lumpur, Hack in the Box event.  
**I helped set up and manage our OWASP Booth for two days.
+
**He mentioned that he has offered OWASP a booth at the Kuala Lumpur, Hack in the Box event for a few years, but local chapters have not represented OWASP very well.
**I was also able to attend the Netherlands Chapter meeting.  
+
**We suggested developing an OWASP Malaysia and Singapore outreach project that would involve a workshop, and the co-running of the Hack in the Box booth by members of both chapters.
**Martin Knobloch, Dennis Groves, and Anil Pazvant volunteered at the event as well.
+
**I have put together a proposal where I outline a 3 day outreach initiative that aims to bring more experienced chapter leaders to the region for a workshop.
**For more details, please read my [https://docs.google.com/document/d/1ghKPMKla3Ol1hhoCZWOhAgdnInRNmZr_7D1A6CULKyc/edit?usp=sharing Black Hat EU 2013 Post Conference Report.]  
+
**Read the [https://www.owasp.org/index.php/Projects/Asia_Leadership_Outreach_Proposal_2013 full proposal] for more information. 
  
*'''OWASP University Challenge & CTF at Global AppSecs'''
+
*'''Development of Technical Project Advisor Requirements'''
**Martin Knobloch and I were able to meet and talk about how to bring University Challenge and the Capture the Flag event modules to AppSec EU Research, USA, and Latam.
+
**This item involves the new management work flow for project reviews that was proposed for 2013. 
**There were some concerns over space availability for these event modules.  
+
**[https://www.owasp.org/index.php/Projects/Reviews_Management_Proposal_2013 Projects Review Process Proposal]
**We proposed having the OSS, CTF, and University Challenge event modules share a room.  
+
**It will involve a working group of technical project advisors headed by a member of the board.
**We are waiting to hear back from Dirk regarding logistics.  
+
**The working group will be made up of the following areas: Secure Development, Secure Lifecycle Activity, Static Analysis, Dynamic Analysis, Governance, and Education.  
 +
**These roles will be responsible for reviewing projects, and increasing the quality of the project review process and criteria.  
 +
**I have put together experience requirements for each technical advisor volunteer role.
 +
**To read the full descriptions, please visit the [https://docs.google.com/document/d/1zqDf9CJeCj-uE5kFA_DwkDbHWTQDI9NNPdxOpU-KTl4/edit?usp=sharing advisory role descriptions document].  
  
*'''OWASP at Hack in the Box: Kuala Lumpur, Malaysia'''
+
*'''Categorization of OWASP Projects'''
**I had the fantastic opportunity to meet with the CEO of Hack in the Box, Mr. Dhillon Kannabhiran.  
+
**I have begun categorizing our OWASP projects into the Builder, Breaker, and Defender categories.
**We spoke about a possible partnership between OWASP and Hack in the Box.
+
**Currently, our categorization is limited so I have begun to increase the search criteria for our projects.
**We currently have a booth for the Amsterdam event, and I negotiated a booth for us at the Kuala Lumpar, Malaysia event as well.  
+
**Additionally, I have begun to label our projects based on OWASP Open SAMM criteria.  
**Logistics are currently being developed and planned.  
+
**The labels are as follows: Governance, Construction, Verification, Deployment.
 +
**The plan is to allow users to find projects based on these labels on our projects wiki page.  
  
*'''OWASP Asia Leadership Outreach Project'''
+
*'''Project Leader Responsibilities & Expectations'''
**This Asia Leadership Outreach Project came about during the discussion Dhillon and I had about OWASP at the Kuala Lumpar, Hack in the Box event.  
+
**I am currently working on putting together documentation that outlines a project leader's responsibilities, and our organizational expectations of them.
**He mentioned that he has offered OWASP a booth at the Kuala Lumpar, Hack in the Box event for a few years.  
+
**I am also developing a "How to run a successful OWASP project" document.
**However, the local OWASP chapter volunteers have not been able to represent OWASP very well at his conference.
+
**Jim and I are developing brand usage guidelines for our project leaders.
**We suggested developing an OWASP Malaysia and Singapore outreach project that would involve a workshop, and the co-running of the Hack in the Box booth by members of both chapters.
+
**An OWASP project lifecycle info graphic is being developed as well.  
**Dhillon agreed that developing a workshop with more experienced leaders giving primary direction, will help the Malaysian and Singaporean chapters understand their responsibilities at similar outreach events. 
+
**I hope that these "How To" documents and graphics will help project leaders understand their responsibilities, and how to leverage the OWASP project infrastructure for success.  
**I am currently putting together a proposal for this project.  
+
  
 
*'''Daily Project based queries and requests'''
 
*'''Daily Project based queries and requests'''
Line 58: Line 61:
 
*'''Guidebooks Grant'''
 
*'''Guidebooks Grant'''
 
#Amount: $25,000
 
#Amount: $25,000
#Status: We are still waiting for payment from DHS.  
+
#Status: We are still waiting for payment from DHS. I have reached out to our DHS and Georgia Tech representatives once again to ask for payment.  
  
 
*'''ESAPI Proposal'''
 
*'''ESAPI Proposal'''

Latest revision as of 15:22, 21 March 2013

Contents

Project Division Updates

Currently Working On

  • OWASP Asia Leadership Outreach Project
    • This Asia Leadership Outreach Project came about during the discussion Dhillon and I had about OWASP at the Kuala Lumpur, Hack in the Box event.
    • He mentioned that he has offered OWASP a booth at the Kuala Lumpur, Hack in the Box event for a few years, but local chapters have not represented OWASP very well.
    • We suggested developing an OWASP Malaysia and Singapore outreach project that would involve a workshop, and the co-running of the Hack in the Box booth by members of both chapters.
    • I have put together a proposal where I outline a 3 day outreach initiative that aims to bring more experienced chapter leaders to the region for a workshop.
    • Read the full proposal for more information.
  • Development of Technical Project Advisor Requirements
    • This item involves the new management work flow for project reviews that was proposed for 2013.
    • Projects Review Process Proposal
    • It will involve a working group of technical project advisors headed by a member of the board.
    • The working group will be made up of the following areas: Secure Development, Secure Lifecycle Activity, Static Analysis, Dynamic Analysis, Governance, and Education.
    • These roles will be responsible for reviewing projects, and increasing the quality of the project review process and criteria.
    • I have put together experience requirements for each technical advisor volunteer role.
    • To read the full descriptions, please visit the advisory role descriptions document.
  • Categorization of OWASP Projects
    • I have begun categorizing our OWASP projects into the Builder, Breaker, and Defender categories.
    • Currently, our categorization is limited so I have begun to increase the search criteria for our projects.
    • Additionally, I have begun to label our projects based on OWASP Open SAMM criteria.
    • The labels are as follows: Governance, Construction, Verification, Deployment.
    • The plan is to allow users to find projects based on these labels on our projects wiki page.
  • Project Leader Responsibilities & Expectations
    • I am currently working on putting together documentation that outlines a project leader's responsibilities, and our organizational expectations of them.
    • I am also developing a "How to run a successful OWASP project" document.
    • Jim and I are developing brand usage guidelines for our project leaders.
    • An OWASP project lifecycle info graphic is being developed as well.
    • I hope that these "How To" documents and graphics will help project leaders understand their responsibilities, and how to leverage the OWASP project infrastructure for success.
  • Daily Project based queries and requests
    • This has not changed much since I began the post: questions are very similar in nature.
    • Global AppSec questions.
    • Funding queries.
    • Travel availability.
    • Project based administrative help.
    • Project status information.
    • Several project donations questions.
    • OWASP LinkedIn Updates.
    • What's happening with projects, questions.

Grants Updates

  • Guidebooks Grant
  1. Amount: $25,000
  2. Status: We are still waiting for payment from DHS. I have reached out to our DHS and Georgia Tech representatives once again to ask for payment.
  • ESAPI Proposal
  1. Amount: $25,000
  2. Status: The ESAPI proposal is still being reviewed.
  • ModSecurity Grant Writing
  1. Amount: $30,000
  2. Status: The ModSecurity proposal is still being reviewed.
  • Google Grants Proposal
  1. Amount: $120,00 in Adwords Funds
  2. Status: I have begun managing the Adwords account regularly. I am waiting until we reach the implementation phase with our marketing company.
  • Total Grant Funds Awarded: $145,000 for 2013.