This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit https://owasp.org

Difference between revisions of "OWASP Project Manager Activity Reports/April 18 2014"

From OWASP
Jump to: navigation, search
Line 110: Line 110:
 
=CURRENTLY WORKING ON=       
 
=CURRENTLY WORKING ON=       
  
*'''Project Handbook and Summit Report'''
+
*'''OSS in Cambridge'''
**I have finished writing and putting together the OWASP Project Handbook and Summit Report.
+
**We are having some issues getting projects to submit an application to participate in Open Source Showcase at AppSec EU 2014.
**Completion took quite a bit of time as both documents are quite lengthy, and full of content that had to be collected over time.
+
**I have asked the community for support and advice on how to engage volunteers to participate in this event module.  
**Below you can download each document.  
+
**We put together this blog post to announce the opportunity: [http://owasp.blogspot.com/2014/04/open-source-showcase-demo-your-project.html OSS at AppSec EU]
**[https://www.owasp.org/images/d/d8/PROJECT_LEADER-HANDBOOK_2014.pdf 2014 OWASP Project Handbook]
+
**Adrian is helping us by spreading the word, and so are the rest of the team.
**[https://www.owasp.org/images/c/c3/OWASP_2013_PROJECT_SUMMIT_REPORT.pdf 2013 OWASP Project Summit Report]
+
**We hope to get some more submissions in the coming weeks.  
 +
**We are also looking into event engagement activities with other Leaders, and we are currently pricing the add-ons.  
  
*'''2014 Goals for OWASP Projects'''
+
*'''Project Summit 2014'''
**The 2014 Goals and Milestones are what I feel is important for us to accomplish for OWASP Projects in 2014.  
+
**I have been working with the AppSec EU team to organize the 2014 Project Summit.
**I have finalized the goals thanks to the feedback I received from our OWASP Project Leaders.  
+
**We currently have 3 summit session proposals, but I need more.
**The blog post can be found here: [http://owasp.blogspot.com/2014/01/2014-operational-goals-for-owasp.html OWASP Projects 2014 Goals]
+
**We are also seeking 10K USD sponsorship for the summit.  
**The aim was to share these goals with our OWASP community members and Leaders and gather feedback.
+
**I am working with Kelly to get this going, and we will be announcing the opportunity soon.  
  
*'''Project Guidelines and Policies'''
+
*'''Project Reviews'''
**We received approval for the project guideline and policy documents from the Board of Directors earlier this year.
+
**There will likely be some changes to the review process based on community and Board feedback.
**The links below will take you to each document.  
+
**I am currently working with several Leaders to design a system and project model that will better meet our needs.
**[https://www.owasp.org/index.php/Grant_Spending_Policy Grant Spending Policy]
+
**Johanna is currently working on a pilot program for one part of this system.
**[https://www.owasp.org/index.php/Project_Spending_Policy Project Spending Policy]
+
**I am working on consolidating community feedback to put together an end to end system design for us.  
**[https://www.owasp.org/index.php/Project_Sponsorship_Operational_Guidelines Project Sponsorship Operational Guidelines]
 
  
*'''Apple Developer Program'''
+
*'''Project Task Force'''
**I have enrolled OWASP into the Apple iOS Developer Program.
+
**This week we started our OWASP Project task force group.
**I applied for our D-U-N-S number, and I received all of the information necessary to use it.
+
**This group will focus on getting stuff done for our OWASP Projects.  
**There was a 14 day waiting period before the number would be processed.
+
**There are quite a few tasks that we need to get sorted so please join in if you are interested in helping out.  
**After those 14 days passed, I was able to enroll OWASP into the program.
+
**[https://www.owasp.org/index.php/Category:OWASP_Project#tab=Project_Task_Force Project Task Force Page]  
 
+
**[https://groups.google.com/forum/#!forum/owasp-projects-task-force Google Group Page]
*'''[https://www.ohloh.net/orgs/OWASP Ohloh Repository Additions]'''
 
**Kait has done an excellent job of reaching out to our project leaders, asking them to add their project repositories to Ohloh.
 
**Ohloh is a free, public directory of free and open source software projects and contributors.  
 
**The aim is to have a single consolidated location where our OWASP Project repositories can be found. 
 
**Some of the benefits include: Leaders can track their project activity and progress with other projects; leaders can track other project's progress in one location; projects can be rated by users. 
 
**The Ohloh Repo Additions will, more than likely, take the full year to complete as we need to reach out to leaders one-by-one, and help those that need assistance with Ohloh.
 
  
 
*'''OWASP Project Template Migration'''
 
*'''OWASP Project Template Migration'''
Line 147: Line 141:
 
**The aim is to switch over every project's wiki content to the new design.
 
**The aim is to switch over every project's wiki content to the new design.
 
**The new template design lets project leaders organize their project information in a more organized way.
 
**The new template design lets project leaders organize their project information in a more organized way.
**The new design also allows project leaders to more easily label their project stage, project type, and current status.  
+
**Kait, our Projects Intern, is diligently working towards this goal.
**I suspect this migration will last the full year as there is quite a bit of work involved in setting them up, and trouble shooting any template bugs that may occur.
+
**She is helping leaders with template related questions, and she is helping them set up the template in case they need assistance.
**Nevertheless, I am happy with the current progress, and I am equally thrilled that so many leaders are happy with the design.
 
  
*'''[https://docs.google.com/document/d/1mnrVErNsOknMoLB_SYcjZXu-MAiwEmaypBBn_8Q3n2M/edit?usp=sharing Blackstone Grant Proposal] '''
+
*'''AppSec APAC 2014'''
**The Blackstone proposal has now been completed and submitted to the Blackstone Charitable Foundation.  
+
**I attended AppSec APAC 2014 in Tokyo, Japan some weeks ago where I helped Laura with the OWASP AppSec APAC 2014 global conference.
**Kait put together the initial proposal, and Kate and I worked on refining the final draft.
+
**Laura and I were the only two staff members that attended the event.
**We hope to hear back from the foundation by March.  
+
**The OWASP Japan chapter put on an amazing conference this year.
** Here is the final version of the [https://www.owasp.org/images/2/28/OWASP_Foundation_Blackstone_Grant_Proposal_2014.pdf Blackstone grant proposal]
+
**It was excellent to see the team work so efficiently to put on the event.
 +
**There were a few lessons learned, but overall it was an excellent experience.  
 +
**I primarily helped run the merchandize store at the event, and I participated in the Women in AppSec panel.  
  
*'''Project Tool Summit 2014'''
+
*'''Women in AppSec: AppSec APAC 2014'''
**I am still working on organizing logistics and proposals for the tool based Summit for 2014.
+
**The Women in AppSec program at AppSec APAC 2014 was absolutely excellent.
**The majority of the proposals have been submitted now.
+
**I have to thank the OWASP Japan team and especially Rio, Robert, and team for making the panel session such a success.
**There is only one more left to submit, which I will do as soon as I receive it from the project leaders.
+
**I am taking lessons learned from this session, and I am going to apply it to other conferences if they choose to run the program.
 +
**Our winner was Hiromi Tsuchiya, and our runner-up was Ikue Yamanishi.
  
*'''ESAPI Hackathon'''
+
*'''Graphic Design Update'''
**The ESAPI Hackathon is now over, but we still have quite a bit to coordinate.
+
**The Ops team have recently hired a part-time graphic design contractor to help our community with its design needs.
**We have announced the winners, informed them of their prizes, and we are in the process of coordinating the prize allocation.
+
**I will be responsible for Hugo's workload and reviews.  
**We have now decided on what design to use on the ESAPI T-shirts, and they are in the process of being created.
+
**We have put together our design menu of services, as well.
**Once they are done, we can begin to award the prizes.
+
**You can find the [https://www.owasp.org/index.php/Graphic_Design Design Menu] here.  
 +
**Here is the announcement: [http://owasp.blogspot.com/2014/04/graphic-design-menu.html Graphic Design Services for OWASP]
  
 
*'''Daily Project based queries and requests'''
 
*'''Daily Project based queries and requests'''

Revision as of 23:09, 18 April 2014

OWASP Project Header.jpg

Metrics

DATE August 2013 September 2013 October 2013 November 2013 December 2013 January 2014 February 2014 (thus far) April 2014 (thus far)
TOTAL 168 Active Projects 134 Active Projects 142 Active Projects 144 Active Projects 149 Active Projects 160 Active Projects 169 Active Projects 183 Active Projects


  • Project Numbers
  • Active Projects: 183
  • Inactive Projects: 99
  • Incubator Projects: 151
  • Lab Projects: 17
  • Flagship Projects: 15

New OWASP Projects

Project Manager: 2014 Objectives

OWASP PROJECTS

Primary Goal: Continue to evolve the OWASP Projects Infrastructure by developing operational systems that facilitate Leader participation and innovation.

Subgoal 1: Continue to work on the operational projects platform with the aim of developing it to be more self sufficient for Leaders.

  • Recruit a Projects Support Intern.
  • Bring all of the project repositories into Ohloh.
  • Continue to develop the Project Portal for Leaders.
  • Monitor and update the Project Page with relevant information on a weekly basis.
  • Continue to produce weekly and quarterly information reports.
  • Organize a monthly webinar about an OWASP Project.
  • Produce more substantial software security/projects articles for our quarterly Connector.
  • Migrate all of the Project wiki pages to the new template
  • Facilitate project page compliance with new Sponsorship Guidelines.
  • Facilitate project product compliance with new Sponsorship Guidelines
  • Develop marketing and communications pieces that promote: Benefits of Having an OWASP Project; How to start a project; Project Lifecycle; and Review Process.
  • Have one Project Leader meeting a month.
  • Facilitate OWASP contributions to the Apple Developer Program.
  • Identify & promote cross-project collaboration to move clusters of projects forward, with e.g. work groups that work on a certain domain.
  • Start a task force of people with spare cycles that can help projects that need extra man-power of are falling behind in delivery of new releases (especially the flag ship projects)
  • Ask project leaders to create & give project related training or contribute to the OWASP trainings.
  • Push for establishment of completion dates for key tasks for select projects.

Subgoal 2: Bring more Project Leaders together in 2014.

  • Work towards getting at least 2 projects represented at every Global AppSec Conference in 2014.
  • Plan a Project Summit Event in 2014
  • Work on developing Project Leader Workshop module that can be given when I am not present.

Subgoal 3: Solidify the Projects Review Process.

  • Develop a pragmatic method of doing project reviews.
  • Test the review process developed at the 2013 Summit
  • Finish reviewing the projects that have specifically asked for review.
  • Review the Flagship Projects.
  • Review the Lab Projects.
  • Review the Incubator Projects.
  • Report on the findings and outcomes.
  • Document the system so it can be reproduced. (This will probably be a long document/set of instructions and lessons learned).

Subgoal 4: Design a more sustainable revenue stream using the Project’s IP. (We will probably have to drop this subgoal due to the potential change in our project model this year.)

  • In depth market research to determine niche opportunities.
  • Come up with at least 4 different potential opportunities based on research.
  • Develop an implementation plan.

OWASP Project Manager Weekly Reports


  • OSS in Cambridge
    • We are having some issues getting projects to submit an application to participate in Open Source Showcase at AppSec EU 2014.
    • I have asked the community for support and advice on how to engage volunteers to participate in this event module.
    • We put together this blog post to announce the opportunity: OSS at AppSec EU
    • Adrian is helping us by spreading the word, and so are the rest of the team.
    • We hope to get some more submissions in the coming weeks.
    • We are also looking into event engagement activities with other Leaders, and we are currently pricing the add-ons.
  • Project Summit 2014
    • I have been working with the AppSec EU team to organize the 2014 Project Summit.
    • We currently have 3 summit session proposals, but I need more.
    • We are also seeking 10K USD sponsorship for the summit.
    • I am working with Kelly to get this going, and we will be announcing the opportunity soon.
  • Project Reviews
    • There will likely be some changes to the review process based on community and Board feedback.
    • I am currently working with several Leaders to design a system and project model that will better meet our needs.
    • Johanna is currently working on a pilot program for one part of this system.
    • I am working on consolidating community feedback to put together an end to end system design for us.
  • Project Task Force
    • This week we started our OWASP Project task force group.
    • This group will focus on getting stuff done for our OWASP Projects.
    • There are quite a few tasks that we need to get sorted so please join in if you are interested in helping out.
    • Project Task Force Page
    • Google Group Page
  • OWASP Project Template Migration
    • The template migration is still in progress.
    • The aim is to switch over every project's wiki content to the new design.
    • The new template design lets project leaders organize their project information in a more organized way.
    • Kait, our Projects Intern, is diligently working towards this goal.
    • She is helping leaders with template related questions, and she is helping them set up the template in case they need assistance.
  • AppSec APAC 2014
    • I attended AppSec APAC 2014 in Tokyo, Japan some weeks ago where I helped Laura with the OWASP AppSec APAC 2014 global conference.
    • Laura and I were the only two staff members that attended the event.
    • The OWASP Japan chapter put on an amazing conference this year.
    • It was excellent to see the team work so efficiently to put on the event.
    • There were a few lessons learned, but overall it was an excellent experience.
    • I primarily helped run the merchandize store at the event, and I participated in the Women in AppSec panel.
  • Women in AppSec: AppSec APAC 2014
    • The Women in AppSec program at AppSec APAC 2014 was absolutely excellent.
    • I have to thank the OWASP Japan team and especially Rio, Robert, and team for making the panel session such a success.
    • I am taking lessons learned from this session, and I am going to apply it to other conferences if they choose to run the program.
    • Our winner was Hiromi Tsuchiya, and our runner-up was Ikue Yamanishi.
  • Graphic Design Update
    • The Ops team have recently hired a part-time graphic design contractor to help our community with its design needs.
    • I will be responsible for Hugo's workload and reviews.
    • We have put together our design menu of services, as well.
    • You can find the Design Menu here.
    • Here is the announcement: Graphic Design Services for OWASP
  • Daily Project based queries and requests
    • This has not changed much since I began the post: questions are very similar in nature.
    • Global AppSec questions.
    • Funding queries.
    • Travel availability.
    • Project based administrative help.
    • Project status information.
    • Several project donation questions.
    • Marketing questions.
    • Grant funding questions.
    • OWASP social media updates.
    • What's happening with projects, questions.
    • Managing Salesforce cases.

General Awards

  • OWASP OWTF Project: Brucon 5x5 Award
  1. Amount: €5,000.00 (Approx. $6,670.00)
  2. Status: Awarded. Congratulations, Abraham Aranguren and all involved in the project, for your award.

Proposals Awarded

  1. Amount: $25,000 USD
  2. Status: Awarded. The first payment has been allocated to our project budgets. The second invoice has now been sent to Georgia Tech and payment has been received.
  3. OWASP Development Guide Plan
  4. OWASP Testing Guide Plan
  5. OWASP Code Review Guide Plan
  • Google Grants Proposal
  1. Amount: $120,000 USD in Adwords Funds
  2. Status: Awarded.
  3. Note: There is no link to show the proposal for this grant. There was a form that was submitted to Google, and we did not receive a record of this form.
  4. Google Grants Usage Report
  • Google Summer of Code
  1. Amount: $5,500
  2. Status: Awarded
  • Projects breakdown:
    • 4 ZAP Projects: $2,000
    • 4 OWTF Projects: $2,000
    • 1 PHP Security Project: $500
    • 1 Hackademics Project: $500
    • 1 Modsecurity Project: $500
    • Travel Expenses: $1,896.38 (Reimbursement)
    • Note: Big thank you to Fabio Cerullo for coordinating and managing this award.
  1. Amount: $15,000 USD
  2. Status: Awarded.
  • Total Funds Awarded: $172,170 USD for 2013.

Proposals Denied

  • European Commission Grant Proposal
  1. Amount: €250,000
  2. Status: Denied.
  1. Amount: $112,000 USD
  2. Status: Denied
  1. Amount: $25,000 USD
  2. Status: Denied
  1. Amount: $30,000 USD
  2. Status: Denied
  1. Amount: $55,800 USD
  2. Status: Denied

Current Project Funds


CISO Guide Survey Report 2013 V1.0 Released

OWASP CISO Survey Report 2013 Version 1.0

Among application security stakeholders, Chief Information Security Officers (CISOs), are responsible for application security from governance, compliance and risk perspectives. The OWASP CISO Survey provides tactical intelligence about security risks and best practices to help CISOs manage application security programs according to their own roles, responsibilities, perspectives and needs. It also complements nicely with its sister project, the Application Security Guide For CISOs.

Please share and spread the word!

OWASP Research Book Project

The OWASP Research Book Project is a new Incubator project that aims to collect and consolidate a collection of research papers that have been donated to OWASP. Ahmed Neil is currently looking for contributors and authors to help him work on his idea. He hopes to be able to move this project forward as soon as he is able to gather some interest in the project. If you are interested, please contact Ahmed Neil ([email protected]).

Webinar Opportunity for OWASP Project Leaders

We are still in need for Project Leaders to showcase their projects via our Webinar series. The webinars will be held every third (3) Wednesday of every month at 10am EST. Below are the dates when each webinar will be held, and you can indicate the month if you are interested:

  • February 19
  • March 19
  • April 16: Cam Morris
  • May 21
  • June 18
  • July 16
  • August 20
  • September 17
  • October 15
  • November 19
  • December 17

Please reach out to Samantha Groves ([email protected]) if you are interested in giving a 45 minute webinar on your OWASP Project.

Project Review Assistance Required

Hello Leaders,

We are still in need of more survey results. We would like to ask that you take a bit of time to fill in a short survey that we will use to assess the Usability and Value of each project to its users and the community.

You can find the assessment survey here: Project Usability and Value Assessment

Below are the projects we are currently focusing on assessing:

Please note that this is only one part of the full assessment for each project. The more responses we can get for each project, the better. Please only complete the assessment if you are familiar with the project, or if you have time to familiarize yourself with the project. Thank you to those of you who have submitted your responses. Your assistance is very much appreciated.

Please reach out to me if you have any questions.

Thank you for your assistance, Leaders.

Samantha Groves, OWASP Projects Manager


Retrieved from "https://wiki.owasp.org/index.php?title=OWASP_Project_Manager_Activity_Reports/April_18_2014&oldid=173034"