This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit https://owasp.org

Difference between revisions of "OWASP Project Manager Activity Reports/April 05 2013"

From OWASP
Jump to: navigation, search
(Created page with "== OWASP Project Manager Report == ==== Work accomplished since March 11, 2013 ==== *'''Project Numbers''' **Active Projects: 141 **Inactive Projects: 67 *'''New Incubator ...")
 
 
(2 intermediate revisions by the same user not shown)
Line 7: Line 7:
  
 
*'''New Incubator Projects'''
 
*'''New Incubator Projects'''
**[https://www.owasp.org/index.php/OWASP_Dependency_Check OWASP Dependency Check]
+
**[https://www.owasp.org/index.php/OWASP_Droid_Fusion OWASP Droid Fusion]
**[https://www.owasp.org/index.php/OWASP_Scada_Security_Project OWASP Scada Security Project]
+
**[https://www.owasp.org/index.php/OWASP_iSABEL_Proxy_Server OWASP iSABEL Proxy Server]
**[https://www.owasp.org/index.php/OWASP_Cornucopia OWASP Cornucopia]
+
**[https://www.owasp.org/index.php/OWASP_Top_10_Fuer_Entwickler_Project OWASP Top 10 Fuer Entwickler]
**[https://www.owasp.org/index.php/OWASP_PHPRBAC_Project OWASP PHPRBAC Project]
+
**[https://www.owasp.org/index.php/OWASP_Rails_Goat_Project OWASP Rails Goat Project]
**[https://www.owasp.org/index.php/OWASP_Secure_Application_Design_Project OWASP Secure Application Design Project]
 
**[https://www.owasp.org/index.php/OWASP_Hive_Project OWASP Hive Project]
 
  
 
*'''Project Announcements'''
 
*'''Project Announcements'''
**[https://www.owasp.org/index.php/OWASP_Periodic_Table_of_Vulnerabilities OWASP Periodic Table of Vulnerabilities Project:  Working Group Forming].
+
**[https://www.owasp.org/index.php/OWASP_Codes_of_Conduct OWASP Codes of Conduct Project:  New Stable Release].
**A working group is now forming under the leadership of James Landis to produce the 1.0 draft of the OWASP Periodic Table of Vulnerabilities.
+
**The [https://www.owasp.org/index.php/Category:OWASP_Code_Review_Project OWASP Code Review Guide] is looking for authors.
**The goal of this project is to identify the ideal solution target for known web application vulnerability classes as a first step toward eliminating many classes of vulnerabilities altogether.
+
** The [https://www.owasp.org/index.php/OWASP_Testing_Project OWASP Testing Guide] is looking for authors.  
**[https://code.google.com/p/owasp-igoat/ OWASP iGoat Project V.2.0 Released!].
 
  
 
*'''Projects Under Review'''
 
*'''Projects Under Review'''
Line 27: Line 24:
  
 
==Project Manager Q2 2013 Objectives==
 
==Project Manager Q2 2013 Objectives==
#Continue grant funding research: Target $150,000 in 2013. ($5000 left to raise to reach target for 2013)
+
#Identify and target 5-7 specific grants to pursue for 2013.
#Finalize and Implement New Project Infrastructure processes. (Ongoing)
+
#Develop Brand Usage Guidelines for Projects.
#Coordinate OSS and OWASP Track documentation, guidelines, and processes as they apply to Global AppSec Conferences. (Ongoing for 2013)
+
#Need for consistent documentation of guidelines (similar to How To Host a Conference) that can apply to various events and venues.
#Increase Sales Force use for project management. (Ongoing)
+
#Volunteer Management - identification of skills and supervision required to engage volunteers productively.
#Complete and Launch Projects page. (Completed)
+
 
#Finalize the Project Leader Handbook. (Completed)
+
*'''Ongoing Objectives for 2013'''
 +
**Work with Project leaders to reach grant required milestones - ONGOING
 +
**Develop a project charter outlining appropriate grant revenue spending and grant required milestones. - DUE IN SEPTEMBER - ONGOING
 +
**Oversight of Marketing and Graphic Design deliverables (Phase 2/Phase 3) provided by 3rd party contractor
  
 
==Currently Working On==
 
==Currently Working On==
 
*'''Grant Opportunities Recap & Updates'''
 
*'''Grant Opportunities Recap & Updates'''
**Guidebooks Proposal: We are still waiting for the first payment. DHS is currently reviewing their budgets for the year so their funds are frozen until then.  
+
**Guidebooks Proposal: DHS and Georgia Tech have now sent payment. They have sent our first payment of $7,000.  
 
**Amount: $25,000
 
**Amount: $25,000
 
**ESAPI Proposal: This proposal is still under review.   
 
**ESAPI Proposal: This proposal is still under review.   
 
**Amount: $25,000
 
**Amount: $25,000
**Google Grants: We have been awarded this grant. Working on developing strategies to implement/use these funds.  
+
**Google Grants: We continue to test different keywords and strategies to try and find the best way to leverage this grant award. We are currently testing a strategy for the AppSec USA conference this year. I am seeking assistance from an AdWords expert next week.
 
**Amount: $120,000 a year in Google Adwords Money
 
**Amount: $120,000 a year in Google Adwords Money
 
**ModSecurity Proposal: This proposal is still under review.   
 
**ModSecurity Proposal: This proposal is still under review.   
 
**Amount: $30,000  
 
**Amount: $30,000  
**'''OWASP Static Analysis Tools Funding Opportunity: DHS'''
 
**There is a possibility of funding some of our Static Analysis tools.
 
**Kevin Greene is responsible for a different program than the DHS program that has already funded us.
 
**Kevin and I plan to discuss the possibility of moving forward with a project once their budgets are released for the year. 
 
  
 
*'''Total Grant Funds Awarded: $145,000 for 2013 so far.'''     
 
*'''Total Grant Funds Awarded: $145,000 for 2013 so far.'''     
 
   
 
   
 
*'''Project Reviews Process: Workflow Adjustment'''
 
*'''Project Reviews Process: Workflow Adjustment'''
**Testing of original Reviews Process developed in early 2013 produced quality concerns.
+
**Initiative jobs have been posted to our Volunteer jobs page.
**I developed a new management work flow with Jim Manico's assistance.
+
**Jim and I will hold interviews within a month's time to select each volunteer for the role.  
**It will involve a working group of technical project advisors headed by a member of the board.  
+
**You can find the job listings [http://owasp.force.com/volunteers/GW_Volunteers__VolunteersJobListing?campaignid=701U0000000AUtE here].  
**I feel this person should be, Jim Manico, as he has shown great dedication and support to our projects overall. (Lead Technical Project Advisor).
+
 
**The working group should be made up of the following areas: Secure Development, Secure Lifecycle Activity, Static Analysis, Dynamic Analysis, Governance, and Knowledge.
+
*'''Categorization of OWASP Projects'''
**Each of these areas should be a project division role filled by one individual.  
+
**I have begun categorizing our OWASP projects into the Builder, Breaker, and Defender categories.
**Each role will have a six month limit, or the individual can resign the post if he/she can no longer fulfill the role's duties.  
+
**Currently, our categorization is limited so I have begun to increase the search criteria for our projects.
**These roles will be responsible for reviewing projects, and increasing the quality of the project review process and criteria.  
+
**Additionally, I have begun to label our projects based on OWASP Open SAMM criteria.  
**This working group will be managed by the Lead Technical Project Advisor with updates and outcomes reported to the OWASP PM.
+
**The labels are as follows: Governance, Construction, Verification, Deployment.  
**[https://www.owasp.org/index.php/Projects/Reviews_Management_Proposal_2013 Projects Review Process Proposal]
+
**The plan is to allow users to find projects based on these labels on our projects wiki page.  
 +
 
 +
*'''OWASP Project Leaders: Brand Usage Guidelines'''
 +
**I have begun developing brand usage guidelines for our project leaders with Jim Manico's help.  
 +
**We have decided to use the Apache Software Foundation's documentation on the subject as a guide for our own.  
 +
**We feel they developed excellent material, and we plan to use their guidelines as a starting point.
 +
**I spent this week putting together our OWASP Project Leader Brand Usage Guidelines.
  
*'''AppSec USA: OPT &OSS'''
+
*'''Project Leader Responsibilities & Expectations'''
**We are developing two different event modules for AppSec USA.
+
**I have finished putting together documentation that outlines a project leader's responsibilities, and our foundation's expectations of them.
**OPT: This event module will be omitted for AppSec USA.
+
**This document was written to help project leaders understand their responsibilities as managers of their project(s).  
**OSS: This event module will be altered to include a full day of 30 minute, presentation like demos.
 
**Mini Project Working Groups: This event module will be developed for this conference. The idea is to coordinate working groups for a hand full of projects at the conference.
 
**Project Leader Workshop: I will put together and run the Project Leader Workshop at AppSec USA.
 
  
*'''AppSec EU Research: OPT &OSS'''
+
*'''Project Wiki Templates'''
**I started creating documents for the AppSec EU Research Open Source Showcase and OWASP Projects Track.  
+
**I am working towards developing new wiki templates for our OWASP Projects.
**[https://docs.google.com/a/owasp.org/spreadsheet/viewform?formkey=dDMwck9VZC1ieWluekdsbUVFZGhGMnc6MA#gid=0 AppSec EU Research OPT Form.]
+
**Leaders have expressed frustrations with our current templates as they are not very user friendly.
**[https://docs.google.com/a/owasp.org/spreadsheet/viewform?formkey=dGhkUUhkeDBWOVZPcVdzcWloYWhla3c6MA#gid=0 AppSec EU Research OSS Form.]
+
**Our PLs also need to let our consumers know at which stage a project is in within our OWASP Projects Infrastructure.  
**[https://docs.google.com/a/owasp.org/document/d/1dOrUYtwlBXwfhPyZa9JYqV1MeUUjSxvjm5mwgMqJXhE/edit AppSec EU Research Projects Document.]
+
**Development is ongoing.
**I am waiting to hear from the local conference organizers on how they wish to proceed with this event module.  
 
  
*'''Black Hat EU'''
+
*'''Project Leader Cheat Sheet'''
**I am scheduled to attend Black Hat EU this week.
+
**I am currently developing a "How to run a successful OWASP Project" document.
**I am helping manage our OWASP Booth for two days.
+
**I hope this document will help project leaders understand how to best leverage the OWASP Project Infrastructure for success.  
**Goal: Familiarize myself with Black Hat event management, branding, activities.  
+
**This is an ongoing project.
**Martin Knobloch and Ferdinand Vroom are scheduled to volunteer as well.
+
**I will have a first draft of this completed by the end of next week.  
**I will be attending the Netherlands Chapter Meeting during the conference as well.  
 
  
 
*'''OWASP Marketing'''
 
*'''OWASP Marketing'''
**I am taking a more active role in OWASP's Global Marketing Initiatives.
+
**Sarah and I are working on transitioning the workflow for the 3rd phase of our marketing plan.
**The next initiatives meeting will involve the Marketing Company we are currently working with.
+
**We are currently finalizing our visual branding guide with our third party designer.  
**They will present their Phase 1 research findings to the entire community.
+
**The Operations Staff all plan on discussing our marketing plans in detail at our Staff Summit in New York.  
**Goal: To develop a marketing and brand strategy for the organization.
 
**I will coordinate Phase 3 & 4 of our Marketing Initiatives.  
 
  
==Important Projects Division Outcomes and Discussion Points==
+
==Important OWASP Projects Outcomes and Discussion Points==
#[https://www.owasp.org/index.php/GPC/Meetings/2013-15-02 GPC Meeting: February 15 2013 Project Manager Report]
+
#[https://www.owasp.org/index.php/GPC/Meetings/2013-15-03  Project Manager Report: March 15 2013]
#[https://www.owasp.org/index.php/GPC/Meetings/2013-22-02 GPC Meeting: February 22 2013 Project Manager Report]
+
#[https://www.owasp.org/index.php/GPC/Meetings/2013-22-03  Project Manager Report: March 22 2013]
#[https://www.owasp.org/index.php/GPC/Meetings/2013-01-03  Project Manager Report: March 01 2013]
+
#[https://www.owasp.org/index.php/GPC/Meetings/2013-29-03  Project Manager Report: March 29 2013]
#[https://www.owasp.org/index.php/GPC/Meetings/2013-08-03 Project Manager Report: March 08 2013]
+
#[https://www.owasp.org/index.php/GPC/Meetings/2013-05-04 Project Manager Report: April 05 2013]
#I will have a projects meeting each month that will be open to all the OWASP community starting in April.  
+
#Project Leader brand usage guidelines are under development.  
#I continue to developing a template, visual branding, and review criteria to meet our project identification needs as I feel this is a very important distinction to make between our projects.
+
#Project Leader responsibilities and expectations document is under development.
 +
#DHS has sent our first $7,000 payment to OWASP.

Latest revision as of 16:02, 5 April 2013

OWASP Project Manager Report

Work accomplished since March 11, 2013

  • Project Numbers
    • Active Projects: 141
    • Inactive Projects: 67

Project Manager Q2 2013 Objectives

  1. Identify and target 5-7 specific grants to pursue for 2013.
  2. Develop Brand Usage Guidelines for Projects.
  3. Need for consistent documentation of guidelines (similar to How To Host a Conference) that can apply to various events and venues.
  4. Volunteer Management - identification of skills and supervision required to engage volunteers productively.
  • Ongoing Objectives for 2013
    • Work with Project leaders to reach grant required milestones - ONGOING
    • Develop a project charter outlining appropriate grant revenue spending and grant required milestones. - DUE IN SEPTEMBER - ONGOING
    • Oversight of Marketing and Graphic Design deliverables (Phase 2/Phase 3) provided by 3rd party contractor

Currently Working On

  • Grant Opportunities Recap & Updates
    • Guidebooks Proposal: DHS and Georgia Tech have now sent payment. They have sent our first payment of $7,000.
    • Amount: $25,000
    • ESAPI Proposal: This proposal is still under review.
    • Amount: $25,000
    • Google Grants: We continue to test different keywords and strategies to try and find the best way to leverage this grant award. We are currently testing a strategy for the AppSec USA conference this year. I am seeking assistance from an AdWords expert next week.
    • Amount: $120,000 a year in Google Adwords Money
    • ModSecurity Proposal: This proposal is still under review.
    • Amount: $30,000
  • Total Grant Funds Awarded: $145,000 for 2013 so far.
  • Project Reviews Process: Workflow Adjustment
    • Initiative jobs have been posted to our Volunteer jobs page.
    • Jim and I will hold interviews within a month's time to select each volunteer for the role.
    • You can find the job listings here.
  • Categorization of OWASP Projects
    • I have begun categorizing our OWASP projects into the Builder, Breaker, and Defender categories.
    • Currently, our categorization is limited so I have begun to increase the search criteria for our projects.
    • Additionally, I have begun to label our projects based on OWASP Open SAMM criteria.
    • The labels are as follows: Governance, Construction, Verification, Deployment.
    • The plan is to allow users to find projects based on these labels on our projects wiki page.
  • OWASP Project Leaders: Brand Usage Guidelines
    • I have begun developing brand usage guidelines for our project leaders with Jim Manico's help.
    • We have decided to use the Apache Software Foundation's documentation on the subject as a guide for our own.
    • We feel they developed excellent material, and we plan to use their guidelines as a starting point.
    • I spent this week putting together our OWASP Project Leader Brand Usage Guidelines.
  • Project Leader Responsibilities & Expectations
    • I have finished putting together documentation that outlines a project leader's responsibilities, and our foundation's expectations of them.
    • This document was written to help project leaders understand their responsibilities as managers of their project(s).
  • Project Wiki Templates
    • I am working towards developing new wiki templates for our OWASP Projects.
    • Leaders have expressed frustrations with our current templates as they are not very user friendly.
    • Our PLs also need to let our consumers know at which stage a project is in within our OWASP Projects Infrastructure.
    • Development is ongoing.
  • Project Leader Cheat Sheet
    • I am currently developing a "How to run a successful OWASP Project" document.
    • I hope this document will help project leaders understand how to best leverage the OWASP Project Infrastructure for success.
    • This is an ongoing project.
    • I will have a first draft of this completed by the end of next week.
  • OWASP Marketing
    • Sarah and I are working on transitioning the workflow for the 3rd phase of our marketing plan.
    • We are currently finalizing our visual branding guide with our third party designer.
    • The Operations Staff all plan on discussing our marketing plans in detail at our Staff Summit in New York.

Important OWASP Projects Outcomes and Discussion Points

  1. Project Manager Report: March 15 2013
  2. Project Manager Report: March 22 2013
  3. Project Manager Report: March 29 2013
  4. Project Manager Report: April 05 2013
  5. Project Leader brand usage guidelines are under development.
  6. Project Leader responsibilities and expectations document is under development.
  7. DHS has sent our first $7,000 payment to OWASP.
Retrieved from "https://wiki.owasp.org/index.php?title=OWASP_Project_Manager_Activity_Reports/April_05_2013&oldid=149259"