OWASP Project Manager Activity Reports/March 11 2013
Revision as of 10:21, 11 March 2013 by Samantha Groves
OWASP Project Manager Report
Work accomplished since February 11, 2013
- Project Numbers
- Active Projects: 136
- Inactive Projects: 67
- New Incubator Projects
- Project Announcements
- OWASP Periodic Table of Vulnerabilities Project: Working Group Forming.
- A working group is now forming under the leadership of James Landis to produce the 1.0 draft of the OWASP Periodic Table of Vulnerabilities.
- The goal of this project is to identify the ideal solution target for known web application vulnerability classes as a first step toward eliminating many classes of vulnerabilities altogether.
- OWASP iGoat Project V.2.0 Released!.
- Projects Under Review
Project Manager Q1 2013 Objectives
- Continue grant funding research: Target $150,000 in 2013. ($5000 left to raise to reach target for 2013)
- Finalize and Implement New Project Infrastructure processes. (Ongoing)
- Coordinate OSS and OWASP Track documentation, guidelines, and processes as they apply to Global AppSec Conferences. (Ongoing for 2013)
- Increase Sales Force use for project management. (Ongoing)
- Complete and Launch Projects page. (Completed)
- Finalize the Project Leader Handbook. (Completed)
Currently Working On
- Grant Opportunities Recap & Updates
- Guidebooks Proposal: We are still waiting for the first payment. DHS is currently reviewing their budgets for the year so their funds are frozen until then.
- Amount: $25,000
- ESAPI Proposal: This proposal is still under review.
- Amount: $25,000
- Google Grants: We have been awarded this grant. Working on developing strategies to implement/use these funds.
- Amount: $120,000 a year in Google Adwords Money
- ModSecurity Proposal: This proposal is still under review.
- Amount: $30,000
- OWASP Static Analysis Tools Funding Opportunity: DHS
- There is a possibility of funding some of our Static Analysis tools.
- Kevin Greene is responsible for a different program than the DHS program that has already funded us.
- Kevin and I plan to discuss the possibility of moving forward with a project once their budgets are released for the year.
- Total Grant Funds Awarded: $145,000 for 2013 so far.
- Project Reviews Process: Workflow Adjustment
- Testing of original Reviews Process developed in early 2013 produced quality concerns.
- I developed a new management work flow with Jim Manico's assistance.
- It will involve a working group of technical project advisors headed by a member of the board.
- I feel this person should be, Jim Manico, as he has shown great dedication and support to our projects overall. (Lead Technical Project Advisor).
- The working group should be made up of the following areas: Secure Development, Secure Lifecycle Activity, Static Analysis, Dynamic Analysis, Governance, and Knowledge.
- Each of these areas should be a project division role filled by one individual.
- Each role will have a six month limit, or the individual can resign the post if he/she can no longer fulfill the role's duties.
- These roles will be responsible for reviewing projects, and increasing the quality of the project review process and criteria.
- This working group will be managed by the Lead Technical Project Advisor with updates and outcomes reported to the OWASP PM.
- Projects Review Process Proposal
- AppSec USA: OPT &OSS
- We are developing two different event modules for AppSec USA.
- OPT: This event module will be omitted for AppSec USA.
- OSS: This event module will be altered to include a full day of 30 minute, presentation like demos.
- Mini Project Working Groups: This event module will be developed for this conference. The idea is to coordinate working groups for a hand full of projects at the conference.
- Project Leader Workshop: I will put together and run the Project Leader Workshop at AppSec USA.
- AppSec EU Research: OPT &OSS
- I started creating documents for the AppSec EU Research Open Source Showcase and OWASP Projects Track.
- AppSec EU Research OPT Form.
- AppSec EU Research OSS Form.
- AppSec EU Research Projects Document.
- I am waiting to hear from the local conference organizers on how they wish to proceed with this event module.
- Black Hat EU
- I am scheduled to attend Black Hat EU this week.
- I am helping manage our OWASP Booth for two days.
- Goal: Familiarize myself with Black Hat event management, branding, activities.
- Martin Knobloch and Ferdinand Vroom are scheduled to volunteer as well.
- I will be attending the Netherlands Chapter Meeting during the conference as well.
- OWASP Marketing
- I am taking a more active role in OWASP's Global Marketing Initiatives.
- The next initiatives meeting will involve the Marketing Company we are currently working with.
- They will present their Phase 1 research findings to the entire community.
- Goal: To develop a marketing and brand strategy for the organization.
- I will coordinate Phase 3 & 4 of our Marketing Initiatives.
Important Projects Division Outcomes and Discussion Points
- GPC Meeting: February 15 2013 Project Manager Report
- GPC Meeting: February 22 2013 Project Manager Report
- Project Manager Report: March 01 2013
- Project Manager Report: March 08 2013
- I will have a projects meeting each month that will be open to all the OWASP community starting in April.
- I continue to developing a template, visual branding, and review criteria to meet our project identification needs as I feel this is a very important distinction to make between our projects.