OWASP Project Manager Activity Reports/March 11 2013

OWASP Project Manager Report

Work accomplished since February 11, 2013

• Project Numbers
  • Active Projects: 136
  • Inactive Projects: 67

• New Incubator Projects
  • OWASP Dependency Check
  • OWASP Scada Security Project
  • OWASP Cornucopia
  • OWASP PHPRBAC Project
  • OWASP Secure Application Design Project
  • OWASP Hive Project

• Project Announcements
  • OWASP Periodic Table of Vulnerabilities Project: Working Group Forming.
  • A working group is now forming under the leadership of James Landis to produce the 1.0 draft of the OWASP Periodic Table of Vulnerabilities.
  • The goal of this project is to identify the ideal solution target for known web application vulnerability classes as a first step toward eliminating many classes of vulnerabilities altogether.
  • OWASP iGoat Project V.2.0 Released!.

• Projects Under Review
  • OWASP Cheat Sheets Project: Test Reviewed.
  • OWASP Java HTML Sanitizer Project: Test Reviewed.
  • OWASP Codes of Conduct: Reviewing Under Legacy Process.
  • Xenotix XSS Exploit Framework: New Review Submission.

Project Manager Q1 2013 Objectives

1. Continue grant funding research: Target $150,000 in 2013. ($5000 left to raise to reach target for 2013)
2. Finalize and Implement New Project Infrastructure processes. (Ongoing)
3. Coordinate OSS and OWASP Track documentation, guidelines, and processes as they apply to Global AppSec Conferences. (Ongoing for 2013)
4. Increase Sales Force use for project management. (Ongoing)
5. Complete and Launch Projects page. (Completed)
6. Finalize the Project Leader Handbook. (Completed)

Currently Working On

• Grant Opportunities Recap & Updates
  • Guidebooks Proposal: We are still waiting for the first payment. DHS is currently reviewing their budgets for the year so their funds are frozen until then.
  • Amount: $25,000
  • ESAPI Proposal: This proposal is still under review.
  • Amount: $25,000
  • Google Grants: We have been awarded this grant. Working on developing strategies to implement/use these funds.
  • Amount: $120,000 a year in Google Adwords Money
  • ModSecurity Proposal: This proposal is still under review.
  • Amount: $30,000
  • OWASP Static Analysis Tools Funding Opportunity: DHS
  • There is a possibility of funding some of our Static Analysis tools.
  • Kevin Greene is responsible for a different program than the DHS program that has already funded us.
  • Kevin and I plan to discuss the possibility of moving forward with a project once their budgets are released for the year.

• Total Grant Funds Awarded: $145,000 for 2013 so far.

• Project Reviews Process: Workflow Adjustment
  • Testing of original Reviews Process developed in early 2013 produced quality concerns.
  • I developed a new management work flow with Jim Manico's assistance.
  • It will involve a working group of technical project advisors headed by a member of the board.
  • I feel this person should be, Jim Manico, as he has shown great dedication and support to our projects overall. (Lead Technical Project Advisor).
  • The working group should be made up of the following areas: Secure Development, Secure Lifecycle Activity, Static Analysis, Dynamic Analysis, Governance, and Knowledge.
  • Each of these areas should be a project division role filled by one individual.
  • Each role will have a six month limit, or the individual can resign the post if he/she can no longer fulfill the role's duties.
  • These roles will be responsible for reviewing projects, and increasing the quality of the project review process and criteria.
  • This working group will be managed by the Lead Technical Project Advisor with updates and outcomes reported to the OWASP PM.
  • Projects Review Process Proposal

• AppSec USA: OPT &OSS
  • We are developing two different event modules for AppSec USA.
  • OPT: This event module will be omitted for AppSec USA.
  • OSS: This event module will be altered to include a full day of 30 minute, presentation like demos.
  • Mini Project Working Groups: This event module will be developed for this conference. The idea is to coordinate working groups for a hand full of projects at the conference.
  • Project Leader Workshop: I will put together and run the Project Leader Workshop at AppSec USA.

• AppSec EU Research: OPT &OSS
  • I started creating documents for the AppSec EU Research Open Source Showcase and OWASP Projects Track.
  • AppSec EU Research OPT Form.
  • AppSec EU Research OSS Form.
  • AppSec EU Research Projects Document.
  • I am waiting to hear from the local conference organizers on how they wish to proceed with this event module.

• Black Hat EU
  • I am scheduled to attend Black Hat EU this week.
  • I am helping manage our OWASP Booth for two days.
  • Goal: Familiarize myself with Black Hat event management, branding, activities.
  • Martin Knobloch and Ferdinand Vroom are scheduled to volunteer as well.
  • I will be attending the Netherlands Chapter Meeting during the conference as well.

• OWASP Marketing
  • I am taking a more active role in OWASP's Global Marketing Initiatives.
  • The next initiatives meeting will involve the Marketing Company we are currently working with.
  • They will present their Phase 1 research findings to the entire community.
  • Goal: To develop a marketing and brand strategy for the organization.
  • I will coordinate Phase 3 & 4 of our Marketing Initiatives.

Important Projects Division Outcomes and Discussion Points

1. GPC Meeting: February 15 2013 Project Manager Report
2. GPC Meeting: February 22 2013 Project Manager Report
3. Project Manager Report: March 01 2013
4. Project Manager Report: March 08 2013
5. I will have a projects meeting each month that will be open to all the OWASP community starting in April.
6. I continue to developing a template, visual branding, and review criteria to meet our project identification needs as I feel this is a very important distinction to make between our projects.