This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit https://owasp.org
Difference between revisions of "GPC/Meetings/2011-03-07"
From OWASP
m (Clarifying) |
|||
(23 intermediate revisions by 2 users not shown) | |||
Line 1: | Line 1: | ||
+ | __TOC__ | ||
= Meeting Details = | = Meeting Details = | ||
'''Dial-In:''' 1-866-534-4754 (code: 192341) | '''Dial-In:''' 1-866-534-4754 (code: 192341) | ||
Line 4: | Line 5: | ||
'''When:''' Monday, March 7th @ 21:00 GMT (based on [http://doodle.com/c2wvbb45eq2b82sx member availability]) | '''When:''' Monday, March 7th @ 21:00 GMT (based on [http://doodle.com/c2wvbb45eq2b82sx member availability]) | ||
= Agenda = | = Agenda = | ||
− | * | + | * Confirmation of new committee members (all) |
* Board update (Jason) | * Board update (Jason) | ||
− | * Proposed 2011 Budget (Jason) | + | * [https://docs.google.com/a/owasp.org/document/d/11HjbUeJxyRbQ4Jg6Wg7LceMZox0wz3Fz-LUwjfam5eg/edit?hl=en Proposed 2011 Budget] (Jason) |
* Project Hosting Update (Chris) | * Project Hosting Update (Chris) | ||
* Project Lifecycle Process Update (Justin/Brad) | * Project Lifecycle Process Update (Justin/Brad) | ||
* Current Project Status Overview (Paulo) | * Current Project Status Overview (Paulo) | ||
− | ** | + | ** '''Number of new projects since [http://globalprojectscommittee.wordpress.com/2010/11/18/owasp-projects-overview-last-4-months/ previous announcement]''' |
***[[Projects/OWASP Application Security Skills Assessment|OWASP Application Security Skills Assessment]] | ***[[Projects/OWASP Application Security Skills Assessment|OWASP Application Security Skills Assessment]] | ||
− | ***[[Projects/OWASP Common Vulnerability List|OWASP Common Vulnerability List]] | + | ***[[Projects/OWASP Common Vulnerability List|OWASP Common Vulnerability List]] (replaced by Common Numbering Project) |
***[[Projects/OWASP Common Numbering Project|Common Numbering Project]] | ***[[Projects/OWASP Common Numbering Project|Common Numbering Project]] | ||
***[[Projects/OWASP HTTP Post Tool|OWASP HTTP Post Tool]] | ***[[Projects/OWASP HTTP Post Tool|OWASP HTTP Post Tool]] | ||
Line 29: | Line 30: | ||
***[[Projects/OWASP Myth Breakers Project|OWASP Myth Breakers Project]] | ***[[Projects/OWASP Myth Breakers Project|OWASP Myth Breakers Project]] | ||
***[[Projects/OWASP Software Security Assurance Process|Software Security Assurance Process]] | ***[[Projects/OWASP Software Security Assurance Process|Software Security Assurance Process]] | ||
− | ** Number of ''' | + | ***[[Projects/OWASP Web Service Attack Community Project|OWASP Web Service Attack Community Project]] |
+ | ** '''Number of new releases set up since [http://globalprojectscommittee.wordpress.com/2010/11/18/owasp-projects-overview-last-4-months/ previous announcement]''' | ||
+ | ***[[Projects/OWASP ModSecurity Core Rule Set Project/Releases/ModSecurity 2.0.10|ModSecurity 2.0.10]] | ||
+ | ***[[Projects/OWASP Zed Attack Proxy Project/Releases/ZAP 1.2.0|Zed Attack Proxy Project - ZAP 1.2.0]] | ||
+ | **'''Number of adopted projects since [http://globalprojectscommittee.wordpress.com/2010/11/18/owasp-projects-overview-last-4-months/ previous announcement]''' | ||
***[[Projects/OWASP LAPSE Project|OWASP LAPSE Project]] | ***[[Projects/OWASP LAPSE Project|OWASP LAPSE Project]] | ||
***[[Projects/OWASP Java Project|OWASP Java Project]] | ***[[Projects/OWASP Java Project|OWASP Java Project]] | ||
− | ** | + | **'''Number of reviewed releases since [http://globalprojectscommittee.wordpress.com/2010/11/18/owasp-projects-overview-last-4-months/ previous announcement]''' |
***[[Projects/OWASP Zed Attack Proxy Project/Releases/ZAP 1.1.0|OWASP Zed Attack Proxy Project - Release ZAP 1.1.0]] | ***[[Projects/OWASP Zed Attack Proxy Project/Releases/ZAP 1.1.0|OWASP Zed Attack Proxy Project - Release ZAP 1.1.0]] | ||
− | ** Projects '''requiring review''' | + | **'''Projects ready to be set up''' |
− | *** | + | ***Enhancing Security Options Framework (ESOP Framework) - Amber Marfatia |
+ | ***Mantra -Security Framework to OWASP, Yashartha Chaturvedi | ||
+ | ***German Language Project, German Chapter | ||
+ | ***Java HTML Sanitization, Jim Manico | ||
+ | ***Java Encoder Project, Jim Manico | ||
+ | ** '''Projects' Releases requiring review''' | ||
+ | ***http://www.owasp.org/index.php/OWASP_Secure_Web_Application_Framework_Manifesto, | ||
+ | ***http://www.owasp.org/index.php/GPC_Project_Assessment/OWASP_Vicnum, | ||
+ | ***http://www.owasp.org/index.php/GPC_Project_Assessment/OWASP_Content_Validation_using_Java_Annotations | ||
+ | ***http://www.owasp.org/index.php/Category:OWASP_AppSensor_Project, | ||
+ | ***http://www.owasp.org/index.php/OWASP_O2_Platform, | ||
+ | ***http://www.owasp.org/index.php/Category:OWASP_Webslayer_Project, | ||
+ | ***http://www.owasp.org/index.php/Category:OWASP_EnDe#tab=Project_Details, | ||
+ | ***http://www.owasp.org/index.php/Projects/OWASP_Fiddler_Addons_for_Security_Testing_Project, | ||
+ | ***http://www.owasp.org/index.php/OWASP_HTTP_Post_Tool, | ||
+ | ***http://www.owasp.org/index.php/Category:Software_Assurance_Maturity_Model | ||
+ | ***http://www.owasp.org/index.php/Projects/OWASP_Zed_Attack_Proxy_Project/Releases/ZAP_1.2.0, | ||
+ | ***[[OWASP Reviews Dashboard|'''OWASP Reviews Dashboard''']] | ||
+ | **'''Projects with new leader/need to be re-set up''' | ||
+ | ***OWASP .NET Project - Daniel Brzozowski | ||
+ | ***WebScarab-NG - Daniel Brzozowski | ||
+ | ***College Chapter Program Project - Martin Knobloch | ||
+ | ***OWASP AJAX Security Project - Abraham Kang | ||
+ | **'''Project in need of reorganization''' | ||
+ | ***ESAPI | ||
+ | ***CSRF ecosystem, Sheridan | ||
+ | **'''Projects in adoption process''' | ||
+ | ***OWASP Application Security Assessment Standards Project | Volunteers: Bithika & Matteo Michelini (waiting for data) | ||
+ | **'''Other tasks to do''' | ||
+ | ***Top 10/Upload redesigned content and new covers (Lulu) | ||
+ | **'''Other issues''' | ||
+ | ***How shoud we label projects like [[:Category:OWASP Live CD 2007 Project|OWASP Live CD 2007 Project]]? Deprecated? Inactive? or else? | ||
+ | ***What should we do with ESAPI PHP? Let's put in on for adoption? | ||
+ | ** '''Outstanding requests from project leaders''' | ||
+ | ***None except the above | ||
+ | =Minutes= | ||
+ | * Meeting started: 21:00 GMT | ||
+ | * Meeting adjourned: 23:00 GMT | ||
+ | * [https://docs.google.com/present/view?id=0AWvv_7Gz8Z7TZGdmOGZybWhfN2Z2YnB0NWMy&hl=en_US Update for April Board Meeting] | ||
− | ** | + | ==Attendees== |
− | *** | + | * Jason Li (Chair) |
+ | * Brad Causey (Committee Member) | ||
+ | * Chris Schmidt (Committee Member) | ||
+ | * Justin Searle (Committee Member) | ||
+ | * Larry Casey (Committee Member) | ||
+ | * Keith Turpin (Committee Member) | ||
+ | * Paulo Coimbra (Projects Manager) | ||
+ | * Kate Hartmann (Director of Operations) | ||
+ | * Sarah Baso (observer) | ||
+ | ==Notes== | ||
+ | # Budget will be presented to Board by Jason | ||
+ | # PayPal Donation button should be incorporated into project homepage template | ||
+ | # Need to flesh out project migration strategy for projects to OWASP hosting | ||
+ | # Need to streamline or remove the release review process while still preserving the value of the process | ||
+ | # If Mainstream is the "top", project leaders will want a path to it - so we can't make "Mainstream" unattainable. Projects don't all ''need'' to be "enterprise ready" (currently the intention of "Mainstream"), but they don't necessarily want to be associated with "Labs". There's a difference between a stable project and a project that's willing to be "enterprise ready". Enterprise-ready projects need support staff and productization. New separate stage ("OWASP Enterprise") | ||
+ | # Do we want security reviews of projects? | ||
+ | #* Already part of requirements for stable releases, but has been a huge time sink in the past | ||
+ | #* Need to beware of time delay | ||
+ | #* Is there added value? | ||
+ | # Need a coverage map of OWASP projects to identify areas where OWASP is weak | ||
+ | #* Might lead to an OWASP "Suite" of projects? | ||
+ | |||
+ | ==Decisions== | ||
+ | # Chris, Justin and Larry have been formally seated as GPC members; Keith is awaiting additional nominations and has been named a provisional member | ||
+ | # LiveCD 2007 project page should be archived and marked inactive with reference pointer to current LiveCD (WTE) project | ||
+ | # Any approval step in the Incubator/Labs processes of the OWASP Projects Lifecycle will have an rolling approval window (i.e. if GPC does not take action within X time, it is automatically approved). This compromise prevents the GPC from becoming a bottleneck. Note this policy places extra burden on the GPC to get things right. | ||
+ | |||
+ | ==Action Items== | ||
+ | # Chris will reach out to ESAPI PHP project about project leadership | ||
+ | # Jason will work with Paulo to identify aspects of his workflow that can be automated | ||
+ | # Justin will research licensing issues for Projects and what would be involved in a license change (Sarah has volunteered to be a resource) | ||
+ | # Justin/Chris will sketch out an addition to the lifecycle process ("OWASP Enterprise") | ||
+ | # Jason will identify tools to help improve committee calls (e.g. Google Moderator, "talking stick") | ||
+ | # Jason will send Doodle for April meeting | ||
[[Category:GPC_Meetings]] | [[Category:GPC_Meetings]] | ||
+ | [[Category:GPC_Meetings/2011]] |
Latest revision as of 14:03, 6 July 2011
Meeting Details
Dial-In: 1-866-534-4754 (code: 192341)
When: Monday, March 7th @ 21:00 GMT (based on member availability)
Agenda
- Confirmation of new committee members (all)
- Board update (Jason)
- Proposed 2011 Budget (Jason)
- Project Hosting Update (Chris)
- Project Lifecycle Process Update (Justin/Brad)
- Current Project Status Overview (Paulo)
- Number of new projects since previous announcement
- OWASP Application Security Skills Assessment
- OWASP Common Vulnerability List (replaced by Common Numbering Project)
- Common Numbering Project
- OWASP HTTP Post Tool
- OWASP Forward Exploit Tool Project
- OWASP Java XML Templates Project
- OWASP ASIDE Project
- OWASP Secure Password Project
- OWASP Secure the Flag Competition Project
- OWASP Security Baseline Project
- OWASP ESAPI Objective - C Project
- OWASP Academy Portal Project
- OWASP Exams Project
- OWASP Portuguese Language Project
- OWASP Browser Security ACID Tests Project
- OWASP Web Browser Testing System Project
- OWASP Myth Breakers Project
- Software Security Assurance Process
- OWASP Web Service Attack Community Project
- Number of new releases set up since previous announcement
- Number of adopted projects since previous announcement
- Number of reviewed releases since previous announcement
- Projects ready to be set up
- Enhancing Security Options Framework (ESOP Framework) - Amber Marfatia
- Mantra -Security Framework to OWASP, Yashartha Chaturvedi
- German Language Project, German Chapter
- Java HTML Sanitization, Jim Manico
- Java Encoder Project, Jim Manico
- Projects' Releases requiring review
- http://www.owasp.org/index.php/OWASP_Secure_Web_Application_Framework_Manifesto,
- http://www.owasp.org/index.php/GPC_Project_Assessment/OWASP_Vicnum,
- http://www.owasp.org/index.php/GPC_Project_Assessment/OWASP_Content_Validation_using_Java_Annotations
- http://www.owasp.org/index.php/Category:OWASP_AppSensor_Project,
- http://www.owasp.org/index.php/OWASP_O2_Platform,
- http://www.owasp.org/index.php/Category:OWASP_Webslayer_Project,
- http://www.owasp.org/index.php/Category:OWASP_EnDe#tab=Project_Details,
- http://www.owasp.org/index.php/Projects/OWASP_Fiddler_Addons_for_Security_Testing_Project,
- http://www.owasp.org/index.php/OWASP_HTTP_Post_Tool,
- http://www.owasp.org/index.php/Category:Software_Assurance_Maturity_Model
- http://www.owasp.org/index.php/Projects/OWASP_Zed_Attack_Proxy_Project/Releases/ZAP_1.2.0,
- OWASP Reviews Dashboard
- Projects with new leader/need to be re-set up
- OWASP .NET Project - Daniel Brzozowski
- WebScarab-NG - Daniel Brzozowski
- College Chapter Program Project - Martin Knobloch
- OWASP AJAX Security Project - Abraham Kang
- Project in need of reorganization
- ESAPI
- CSRF ecosystem, Sheridan
- Projects in adoption process
- OWASP Application Security Assessment Standards Project | Volunteers: Bithika & Matteo Michelini (waiting for data)
- Other tasks to do
- Top 10/Upload redesigned content and new covers (Lulu)
- Other issues
- How shoud we label projects like OWASP Live CD 2007 Project? Deprecated? Inactive? or else?
- What should we do with ESAPI PHP? Let's put in on for adoption?
- Outstanding requests from project leaders
- None except the above
- Number of new projects since previous announcement
Minutes
- Meeting started: 21:00 GMT
- Meeting adjourned: 23:00 GMT
- Update for April Board Meeting
Attendees
- Jason Li (Chair)
- Brad Causey (Committee Member)
- Chris Schmidt (Committee Member)
- Justin Searle (Committee Member)
- Larry Casey (Committee Member)
- Keith Turpin (Committee Member)
- Paulo Coimbra (Projects Manager)
- Kate Hartmann (Director of Operations)
- Sarah Baso (observer)
Notes
- Budget will be presented to Board by Jason
- PayPal Donation button should be incorporated into project homepage template
- Need to flesh out project migration strategy for projects to OWASP hosting
- Need to streamline or remove the release review process while still preserving the value of the process
- If Mainstream is the "top", project leaders will want a path to it - so we can't make "Mainstream" unattainable. Projects don't all need to be "enterprise ready" (currently the intention of "Mainstream"), but they don't necessarily want to be associated with "Labs". There's a difference between a stable project and a project that's willing to be "enterprise ready". Enterprise-ready projects need support staff and productization. New separate stage ("OWASP Enterprise")
- Do we want security reviews of projects?
- Already part of requirements for stable releases, but has been a huge time sink in the past
- Need to beware of time delay
- Is there added value?
- Need a coverage map of OWASP projects to identify areas where OWASP is weak
- Might lead to an OWASP "Suite" of projects?
Decisions
- Chris, Justin and Larry have been formally seated as GPC members; Keith is awaiting additional nominations and has been named a provisional member
- LiveCD 2007 project page should be archived and marked inactive with reference pointer to current LiveCD (WTE) project
- Any approval step in the Incubator/Labs processes of the OWASP Projects Lifecycle will have an rolling approval window (i.e. if GPC does not take action within X time, it is automatically approved). This compromise prevents the GPC from becoming a bottleneck. Note this policy places extra burden on the GPC to get things right.
Action Items
- Chris will reach out to ESAPI PHP project about project leadership
- Jason will work with Paulo to identify aspects of his workflow that can be automated
- Justin will research licensing issues for Projects and what would be involved in a license change (Sarah has volunteered to be a resource)
- Justin/Chris will sketch out an addition to the lifecycle process ("OWASP Enterprise")
- Jason will identify tools to help improve committee calls (e.g. Google Moderator, "talking stick")
- Jason will send Doodle for April meeting