This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit

Difference between revisions of "GPC/Meetings/2011-03-07"

Jump to: navigation, search
m (Adding slides presented to Board)
m (Clarifying)
Line 79: Line 79:
* Meeting started: 21:00 GMT
* Meeting started: 21:00 GMT
* Meeting adjourned: 23:00 GMT
* Meeting adjourned: 23:00 GMT
* [ Update to Board]
* [ Update for April Board Meeting]

Latest revision as of 14:03, 6 July 2011

Meeting Details

Dial-In: 1-866-534-4754 (code: 192341)

When: Monday, March 7th @ 21:00 GMT (based on member availability)




  • Jason Li (Chair)
  • Brad Causey (Committee Member)
  • Chris Schmidt (Committee Member)
  • Justin Searle (Committee Member)
  • Larry Casey (Committee Member)
  • Keith Turpin (Committee Member)
  • Paulo Coimbra (Projects Manager)
  • Kate Hartmann (Director of Operations)
  • Sarah Baso (observer)


  1. Budget will be presented to Board by Jason
  2. PayPal Donation button should be incorporated into project homepage template
  3. Need to flesh out project migration strategy for projects to OWASP hosting
  4. Need to streamline or remove the release review process while still preserving the value of the process
  5. If Mainstream is the "top", project leaders will want a path to it - so we can't make "Mainstream" unattainable. Projects don't all need to be "enterprise ready" (currently the intention of "Mainstream"), but they don't necessarily want to be associated with "Labs". There's a difference between a stable project and a project that's willing to be "enterprise ready". Enterprise-ready projects need support staff and productization. New separate stage ("OWASP Enterprise")
  6. Do we want security reviews of projects?
    • Already part of requirements for stable releases, but has been a huge time sink in the past
    • Need to beware of time delay
    • Is there added value?
  7. Need a coverage map of OWASP projects to identify areas where OWASP is weak
    • Might lead to an OWASP "Suite" of projects?


  1. Chris, Justin and Larry have been formally seated as GPC members; Keith is awaiting additional nominations and has been named a provisional member
  2. LiveCD 2007 project page should be archived and marked inactive with reference pointer to current LiveCD (WTE) project
  3. Any approval step in the Incubator/Labs processes of the OWASP Projects Lifecycle will have an rolling approval window (i.e. if GPC does not take action within X time, it is automatically approved). This compromise prevents the GPC from becoming a bottleneck. Note this policy places extra burden on the GPC to get things right.

Action Items

  1. Chris will reach out to ESAPI PHP project about project leadership
  2. Jason will work with Paulo to identify aspects of his workflow that can be automated
  3. Justin will research licensing issues for Projects and what would be involved in a license change (Sarah has volunteered to be a resource)
  4. Justin/Chris will sketch out an addition to the lifecycle process ("OWASP Enterprise")
  5. Jason will identify tools to help improve committee calls (e.g. Google Moderator, "talking stick")
  6. Jason will send Doodle for April meeting