Difference between revisions of "GPC/Meetings/2013-29-03"

From OWASP
Jump to: navigation, search
Line 18: Line 18:
  
 
*'''OWASP Projects at Global AppSec Events'''
 
*'''OWASP Projects at Global AppSec Events'''
**This Asia Leadership Outreach Project came about during the discussion Dhillon and I had about OWASP at the Kuala Lumpur, Hack in the Box event.  
+
**I have developed a first draft of the event modules that I plan to coordinate at AppSec EU and USA.
**He mentioned that he has offered OWASP a booth at the Kuala Lumpur, Hack in the Box event for a few years, but local chapters have not represented OWASP very well.
+
**AppSec EU: Open Source Showcase & OWASP Projects Track.
**We suggested developing an OWASP Malaysia and Singapore outreach project that would involve a workshop, and the co-running of the Hack in the Box booth by members of both chapters.
+
**AppSec USA: Project Leader Workshop, Open Source Showcase (modified: 30 minute, presentation style demos), Project Summit.  
**I have put together a proposal where I outline a 3 day outreach initiative that aims to bring more experienced chapter leaders to the region for a workshop.
+
**The proposals have now been sent to the local event planning teams.
**Read the [https://www.owasp.org/index.php/Projects/Asia_Leadership_Outreach_Proposal_2013 full proposal] for more information.
+
**I am waiting to hear back from them now.  
  
 
*'''OWASP Project Leaders: Brand Usage Guidelines'''
 
*'''OWASP Project Leaders: Brand Usage Guidelines'''
**I have begun categorizing our OWASP projects into the Builder, Breaker, and Defender categories.
+
**I have begun developing brand usage guidelines for our project leaders with Jim Manico's help.  
**Currently, our categorization is limited so I have begun to increase the search criteria for our projects.
+
**We have decided to use the Apache Software Foundation's documentation on the subject as a guide for our own.  
**Additionally, I have begun to label our projects based on OWASP Open SAMM criteria.  
+
**We feel they develop excellent material, and we plan to use their guidelines as a starting point.
**The labels are as follows: Governance, Construction, Verification, Deployment.
+
**I have spent this week researching their materials, and outlining our usage requirements.  
**The plan is to allow users to find projects based on these labels on our projects wiki page.  
+
  
 
*'''OWASP Grants'''
 
*'''OWASP Grants'''
**I have begun categorizing our OWASP projects into the Builder, Breaker, and Defender categories.
+
**We have decided to take a different approach to our grant research, writing, and management.  
**Currently, our categorization is limited so I have begun to increase the search criteria for our projects.
+
**This is primarily due to the limited number of resources and staff bandwidth.
**Additionally, I have begun to label our projects based on OWASP Open SAMM criteria.  
+
**The plan is to source a handfull of grants for the foundation.
**The labels are as follows: Governance, Construction, Verification, Deployment.  
+
**Then focus on grant writing and management of these proposed grants for the year.  
**The plan is to allow users to find projects based on these labels on our projects wiki page.
+
**Q2 will start the research stage of this plan.  
  
 
*'''Development of Technical Project Advisor Requirements'''
 
*'''Development of Technical Project Advisor Requirements'''
**This item involves the new management work flow for project reviews that was proposed for 2013.  
+
**This item involves the new management work flow for project reviews that was proposed for 2013.
 +
**The volunteer job descriptions are still under development.
 +
**I hope to have these up by next week on our Initiatives page. 
 
**[https://www.owasp.org/index.php/Projects/Reviews_Management_Proposal_2013 Projects Review Process Proposal]
 
**[https://www.owasp.org/index.php/Projects/Reviews_Management_Proposal_2013 Projects Review Process Proposal]
**It will involve a working group of technical project advisors headed by a member of the board.
 
**The working group will be made up of the following areas: Secure Development, Secure Lifecycle Activity, Static Analysis, Dynamic Analysis, Governance, and Education.
 
**These roles will be responsible for reviewing projects, and increasing the quality of the project review process and criteria.
 
**I have put together experience requirements for each technical advisor volunteer role.
 
 
**To read the full descriptions, please visit the [https://docs.google.com/document/d/1zqDf9CJeCj-uE5kFA_DwkDbHWTQDI9NNPdxOpU-KTl4/edit?usp=sharing advisory role descriptions document].  
 
**To read the full descriptions, please visit the [https://docs.google.com/document/d/1zqDf9CJeCj-uE5kFA_DwkDbHWTQDI9NNPdxOpU-KTl4/edit?usp=sharing advisory role descriptions document].  
  
 
*'''Project Leader Responsibilities & Expectations'''
 
*'''Project Leader Responsibilities & Expectations'''
**I am currently working on putting together documentation that outlines a project leader's responsibilities, and our organizational expectations of them.
+
**I am currently working on putting together documentation that outlines a project leader's responsibilities, and our foundation's expectations of them.
 
**I am also developing a "How to run a successful OWASP project" document.
 
**I am also developing a "How to run a successful OWASP project" document.
**Jim and I are developing brand usage guidelines for our project leaders.
 
 
**An OWASP project lifecycle info graphic is being developed as well.  
 
**An OWASP project lifecycle info graphic is being developed as well.  
 
**I hope that these "How To" documents and graphics will help project leaders understand their responsibilities, and how to leverage the OWASP project infrastructure for success.  
 
**I hope that these "How To" documents and graphics will help project leaders understand their responsibilities, and how to leverage the OWASP project infrastructure for success.  
 +
**This is an ongoing operations project.
 +
**I will have a first draft of these completed by the end of next week.
  
 
*'''Daily Project based queries and requests'''
 
*'''Daily Project based queries and requests'''

Revision as of 08:18, 29 March 2013

Contents

OWASP Global Projects Report

Currently Working On

  • OWASP Projects at Global AppSec Events
    • I have developed a first draft of the event modules that I plan to coordinate at AppSec EU and USA.
    • AppSec EU: Open Source Showcase & OWASP Projects Track.
    • AppSec USA: Project Leader Workshop, Open Source Showcase (modified: 30 minute, presentation style demos), Project Summit.
    • The proposals have now been sent to the local event planning teams.
    • I am waiting to hear back from them now.
  • OWASP Project Leaders: Brand Usage Guidelines
    • I have begun developing brand usage guidelines for our project leaders with Jim Manico's help.
    • We have decided to use the Apache Software Foundation's documentation on the subject as a guide for our own.
    • We feel they develop excellent material, and we plan to use their guidelines as a starting point.
    • I have spent this week researching their materials, and outlining our usage requirements.
  • OWASP Grants
    • We have decided to take a different approach to our grant research, writing, and management.
    • This is primarily due to the limited number of resources and staff bandwidth.
    • The plan is to source a handfull of grants for the foundation.
    • Then focus on grant writing and management of these proposed grants for the year.
    • Q2 will start the research stage of this plan.
  • Development of Technical Project Advisor Requirements
    • This item involves the new management work flow for project reviews that was proposed for 2013.
    • The volunteer job descriptions are still under development.
    • I hope to have these up by next week on our Initiatives page.
    • Projects Review Process Proposal
    • To read the full descriptions, please visit the advisory role descriptions document.
  • Project Leader Responsibilities & Expectations
    • I am currently working on putting together documentation that outlines a project leader's responsibilities, and our foundation's expectations of them.
    • I am also developing a "How to run a successful OWASP project" document.
    • An OWASP project lifecycle info graphic is being developed as well.
    • I hope that these "How To" documents and graphics will help project leaders understand their responsibilities, and how to leverage the OWASP project infrastructure for success.
    • This is an ongoing operations project.
    • I will have a first draft of these completed by the end of next week.
  • Daily Project based queries and requests
    • This has not changed much since I began the post: questions are very similar in nature.
    • Global AppSec questions.
    • Funding queries.
    • Travel availability.
    • Project based administrative help.
    • Project status information.
    • Several project donations questions.
    • OWASP LinkedIn Updates.
    • What's happening with projects, questions.

Grants Updates

  • Guidebooks Grant
  1. Amount: $25,000
  2. Status: I have sent in our first project report to the DHS outlining the set backs we have had due to insufficient funds. This has prompted payment. We are due to receive our first check next week.
  • ESAPI Proposal
  1. Amount: $25,000
  2. Status: The ESAPI proposal is still being reviewed.
  • ModSecurity Grant Writing
  1. Amount: $30,000
  2. Status: The ModSecurity proposal is still being reviewed.
  • Google Grants Proposal
  1. Amount: $120,00 in Adwords Funds
  2. Status: We are now testing different keyword and campaign strategies for our global AppSec conferences.
  • Total Grant Funds Awarded: $145,000 for 2013.