Latest revision as of 14:03, 6 July 2011

1 Meeting Details
2 Agenda
3 Minutes

Meeting Details

Dial-In: 1-866-534-4754 (code: 192341)

When: Monday, March 7th @ 21:00 GMT (based on member availability)

Agenda

Confirmation of new committee members (all)
Board update (Jason)
Proposed 2011 Budget (Jason)
Project Hosting Update (Chris)
Project Lifecycle Process Update (Justin/Brad)
Current Project Status Overview (Paulo)
- Number of new projects since previous announcement
- Number of new releases set up since previous announcement
  - ModSecurity 2.0.10
  - Zed Attack Proxy Project - ZAP 1.2.0
- Number of adopted projects since previous announcement
  - OWASP LAPSE Project
  - OWASP Java Project
- Number of reviewed releases since previous announcement
  - OWASP Zed Attack Proxy Project - Release ZAP 1.1.0
- Projects ready to be set up
  - Enhancing Security Options Framework (ESOP Framework) - Amber Marfatia
  - Mantra -Security Framework to OWASP, Yashartha Chaturvedi
  - German Language Project, German Chapter
  - Java HTML Sanitization, Jim Manico
  - Java Encoder Project, Jim Manico
- Projects' Releases requiring review
- Projects with new leader/need to be re-set up
  - OWASP .NET Project - Daniel Brzozowski
  - WebScarab-NG - Daniel Brzozowski
  - College Chapter Program Project - Martin Knobloch
  - OWASP AJAX Security Project - Abraham Kang
- Project in need of reorganization
  - ESAPI
  - CSRF ecosystem, Sheridan
- Projects in adoption process
  - OWASP Application Security Assessment Standards Project | Volunteers: Bithika & Matteo Michelini (waiting for data)
- Other tasks to do
  - Top 10/Upload redesigned content and new covers (Lulu)
- Other issues
  - How shoud we label projects like OWASP Live CD 2007 Project? Deprecated? Inactive? or else?
  - What should we do with ESAPI PHP? Let's put in on for adoption?
- Outstanding requests from project leaders
  - None except the above

Minutes

Meeting started: 21:00 GMT
Meeting adjourned: 23:00 GMT
Update for April Board Meeting

Attendees

Jason Li (Chair)
Brad Causey (Committee Member)
Chris Schmidt (Committee Member)
Justin Searle (Committee Member)
Larry Casey (Committee Member)
Keith Turpin (Committee Member)
Paulo Coimbra (Projects Manager)
Kate Hartmann (Director of Operations)
Sarah Baso (observer)

Notes

Budget will be presented to Board by Jason
PayPal Donation button should be incorporated into project homepage template
Need to flesh out project migration strategy for projects to OWASP hosting
Need to streamline or remove the release review process while still preserving the value of the process
If Mainstream is the "top", project leaders will want a path to it - so we can't make "Mainstream" unattainable. Projects don't all need to be "enterprise ready" (currently the intention of "Mainstream"), but they don't necessarily want to be associated with "Labs". There's a difference between a stable project and a project that's willing to be "enterprise ready". Enterprise-ready projects need support staff and productization. New separate stage ("OWASP Enterprise")
Do we want security reviews of projects?
- Already part of requirements for stable releases, but has been a huge time sink in the past
- Need to beware of time delay
- Is there added value?
Need a coverage map of OWASP projects to identify areas where OWASP is weak
- Might lead to an OWASP "Suite" of projects?

Decisions

Chris, Justin and Larry have been formally seated as GPC members; Keith is awaiting additional nominations and has been named a provisional member
LiveCD 2007 project page should be archived and marked inactive with reference pointer to current LiveCD (WTE) project
Any approval step in the Incubator/Labs processes of the OWASP Projects Lifecycle will have an rolling approval window (i.e. if GPC does not take action within X time, it is automatically approved). This compromise prevents the GPC from becoming a bottleneck. Note this policy places extra burden on the GPC to get things right.

Action Items

Chris will reach out to ESAPI PHP project about project leadership
Jason will work with Paulo to identify aspects of his workflow that can be automated
Justin will research licensing issues for Projects and what would be involved in a license change (Sarah has volunteered to be a resource)
Justin/Chris will sketch out an addition to the lifecycle process ("OWASP Enterprise")
Jason will identify tools to help improve committee calls (e.g. Google Moderator, "talking stick")
Jason will send Doodle for April meeting

@@ Line 1: / Line 1: @@
+__TOC__
 = Meeting Details =
 '''Dial-In:'''  1-866-534-4754 (code: 192341)
@@ Line 61: / Line 62: @@
 ***WebScarab-NG - Daniel Brzozowski
 ***College Chapter Program Project - Martin Knobloch
+***OWASP AJAX Security Project - Abraham Kang
 **'''Project in need of reorganization'''
 ***ESAPI
@@ Line 73: / Line 75: @@
 ** '''Outstanding requests from project leaders'''
 ***None except the above
+=Minutes=
+* Meeting started: 21:00 GMT
+* Meeting adjourned: 23:00 GMT
+* [https://docs.google.com/present/view?id=0AWvv_7Gz8Z7TZGdmOGZybWhfN2Z2YnB0NWMy&hl=en_US Update for April Board Meeting]
+==Attendees==
+* Jason Li (Chair)
+* Brad Causey (Committee Member)
+* Chris Schmidt (Committee Member)
+* Justin Searle (Committee Member)
+* Larry Casey (Committee Member)
+* Keith Turpin (Committee Member)
+* Paulo Coimbra (Projects Manager)
+* Kate Hartmann (Director of Operations)
+* Sarah Baso (observer)
+==Notes==
+# Budget will be presented to Board by Jason
+# PayPal Donation button should be incorporated into project homepage template
+# Need to flesh out project migration strategy for projects to OWASP hosting
+# Need to streamline or remove the release review process while still preserving the value of the process
+# If Mainstream is the "top", project leaders will want a path to it - so we can't make "Mainstream" unattainable. Projects don't all ''need'' to be "enterprise ready" (currently the intention of "Mainstream"), but they don't necessarily want to be associated with "Labs". There's a difference between a stable project and a project that's willing to be "enterprise ready". Enterprise-ready projects need support staff and productization. New separate stage ("OWASP Enterprise")
+# Do we want security reviews of projects?
+#* Already part of requirements for stable releases, but has been a huge time sink in the past
+#* Need to beware of time delay
+#* Is there added value?
+# Need a coverage map of OWASP projects to identify areas where OWASP is weak
+#* Might lead to an OWASP "Suite" of projects?
+==Decisions==
+# Chris, Justin and Larry have been formally seated as GPC members; Keith is awaiting additional nominations and has been named a provisional member
+# LiveCD 2007 project page should be archived and marked inactive with reference pointer to current LiveCD (WTE) project
+# Any approval step in the Incubator/Labs processes of the OWASP Projects Lifecycle will have an rolling approval window (i.e. if GPC does not take action within X time, it is automatically approved). This compromise prevents the GPC from becoming a bottleneck. Note this policy places extra burden on the GPC to get things right.
+==Action Items==
+# Chris will reach out to ESAPI PHP project about project leadership
+# Jason will work with Paulo to identify aspects of his workflow that can be automated
+# Justin will research licensing issues for Projects and what would be involved in a license change (Sarah has volunteered to be a resource)
+# Justin/Chris will sketch out an addition to the lifecycle process ("OWASP Enterprise")
+# Jason will identify tools to help improve committee calls (e.g. Google Moderator, "talking stick")
+# Jason will send Doodle for April meeting
 [[Category:GPC_Meetings]]
+[[Category:GPC_Meetings/2011]]

Difference between revisions of "GPC/Meetings/2011-03-07"

Latest revision as of 14:03, 6 July 2011

Meeting Details

Agenda

Minutes

Attendees

Notes

Decisions

Action Items

Navigation menu

Personal tools

Namespaces

Variants

Views

More

Search

Navigation

Reference

Tools