This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit https://owasp.org
Difference between revisions of "Help Secure Owasp assests"
Gabrielgumbs (talk | contribs) |
|||
(8 intermediate revisions by 3 users not shown) | |||
Line 1: | Line 1: | ||
+ | {{taggedDocument | ||
+ | | type=inactiveDraft | ||
+ | | lastRevision=2016-06-20 | ||
+ | | comment=The second half of this page should be reviewed and finalized. | ||
+ | }} | ||
=Draft= | =Draft= | ||
This is a draft proposal, Noithing should be concluded until this is discussed by OWASP management and the Board | This is a draft proposal, Noithing should be concluded until this is discussed by OWASP management and the Board | ||
Line 25: | Line 30: | ||
===Sponsorship Barter deals Bug Bounty Management Services === | ===Sponsorship Barter deals Bug Bounty Management Services === | ||
− | Kelly SantaLucia, Josh Sokol and Claudia are leading this effort, Johanna as adviser (Bug Bounty for projects) | + | Kelly SantaLucia, Josh Sokol and Claudia are leading this effort, Johanna as adviser (Bug Bounty for projects), Frank Catucci as adviser (hiring, if barter deal is reached) |
Goal: to find a Bug Bounty Management Services willing to sponsorship OWASP in barter deal contract | Goal: to find a Bug Bounty Management Services willing to sponsorship OWASP in barter deal contract | ||
Line 43: | Line 48: | ||
* Bug validation - [[user:Frank.catucci|Frank Catucci]] | * Bug validation - [[user:Frank.catucci|Frank Catucci]] | ||
* Bug/Researcher Disclosure and Coordination - [[user:Frank.catucci|Frank Catucci]] , [[user:Gabrielgumbs|Gabriel Gumbs]] , | * Bug/Researcher Disclosure and Coordination - [[user:Frank.catucci|Frank Catucci]] , [[user:Gabrielgumbs|Gabriel Gumbs]] , | ||
− | * Pen testing - [[user:cchamberland|CJ Chamberland]] and [[user:Frank.catucci|Frank Catucci]] | + | * Pen testing - [[user:cchamberland|CJ Chamberland]] and [[user:Frank.catucci|Frank Catucci]], [[user:Makash|Akash Mahajan]] and [https://www.owasp.org/index.php/Bangalore#tab=Chapter_Leaders| Riyaz Walikar], Kishor Sonawane [kishor[at]varutra.com|] |
* UAT | * UAT | ||
* Patching wiki | * Patching wiki | ||
* Patching mailman - [[user:achim|Achim]] | * Patching mailman - [[user:achim|Achim]] | ||
+ | * SOC to handle SIEM - Andrew Hamilton [andrew.hamilton[at]owasp.org] | ||
+ | * Scheduled vulnerability testing - Andrew Hamilton | ||
+ | * General Security Assessment to build an IR plan - Andrew Hamilton | ||
==Proposals== | ==Proposals== | ||
This will be discussed during the Board meeting on February 17th 2016 | This will be discussed during the Board meeting on February 17th 2016 |
Latest revision as of 02:55, 21 June 2016
Last revision (yyyy-mm-dd): 2016-06-20
Comment: The second half of this page should be reviewed and finalized.
Draft
This is a draft proposal, Noithing should be concluded until this is discussed by OWASP management and the Board
Vendor Neutrality
About the OWASP Foundation: The Open Web Application Security Project (OWASP) is a 501(c)(3) worldwide not-for-profit charitable organization focused on improving the security of software. Our mission is to make software security visible, so that individuals and organizations worldwide can make informed decisions about true software security risks. Everyone is free to participate in OWASP and all of our materials are available under a free and open software license. You'll find everything about OWASP linked from our wiki and current information on our OWASP Blog.
OWASP does not endorse or recommend any product or service This allowing our community to remain vendor neutral with the collective wisdom of the best minds in software security worldwide.
https://www.owasp.org/index.php/Project_Sponsorship_Operational_Guidelines
Goals
Find volunteers/companies willing to help with a proactive security plan for protecting OWASP applications such as
- Wiki
- Mailman
- Any other OWASP publicly accessible assets
Contributions
This can be in the form of:
- Security assessment of OWASP web applications
- Pen testing
- Remediation and patching
- Coordinating and Assisting in Bug Bounty Program for OWASP (TBD)
Sponsorship Barter deals Bug Bounty Management Services
Kelly SantaLucia, Josh Sokol and Claudia are leading this effort, Johanna as adviser (Bug Bounty for projects), Frank Catucci as adviser (hiring, if barter deal is reached)
Goal: to find a Bug Bounty Management Services willing to sponsorship OWASP in barter deal contract
Details are still being discussed
Status:
* BugCrowd proposal==> In progress, Proposal received * HackerOne ==> made contact , no proposal received yet
Volunteers/Companies
Please add your name here or contact Johanna Curiel or Claudia Aviles- Casanovas to add your name in case you have no access to the wiki
Set please the following info:
- Company/name volunteer
- Kind of contribution:
- Bug validation - Frank Catucci
- Bug/Researcher Disclosure and Coordination - Frank Catucci , Gabriel Gumbs ,
- Pen testing - CJ Chamberland and Frank Catucci, Akash Mahajan and Riyaz Walikar, Kishor Sonawane [kishor[at]varutra.com|]
- UAT
- Patching wiki
- Patching mailman - Achim
- SOC to handle SIEM - Andrew Hamilton [andrew.hamilton[at]owasp.org]
- Scheduled vulnerability testing - Andrew Hamilton
- General Security Assessment to build an IR plan - Andrew Hamilton
Proposals
This will be discussed during the Board meeting on February 17th 2016