[Governance] VPS Windows 2012 Server

Matt Tesauro matt.tesauro at owasp.org
Mon Mar 2 13:35:31 UTC 2015

Why don't we point projects to DHS's SWAMP for security scanning?

They have already managed the relationship with vendors, its free to use
and doesn't require any infrastructure for the Foundation to maintain.

<Matt's 2 cents />

-- Matt Tesauro
OWASP WTE Project Lead
http://AppSecLive.org - Community and Download site
OWASP OpenStack Security Project Lead
On Mar 2, 2015 5:26 AM, "johanna curiel curiel" <johanna.curiel at owasp.org>

> Hi Jason
> I think we need to communicate this clear to the leaders in order for them
> to use this. I also think, Jason, you need to communicate the whole story
> in order for people to understand about this project.
> I think it was a very good initiative from you, however, as you can see it
> requires a lot of work to make it feasible.
> Last year I setup around 10 projects but I remembered we had issues with
> SVN repositories.  I saw some emails last month regarding access and
> renewing the VPS contract that you exchange with Kate and Paul.
> Like I mentioned, I do not have access right now and since last year. I
> sent you an email, to Paul and Kate  some week ago, asking if you had
> access to this server. You did not answer my email and Paul requested me
>  to fill a contact form to check the access with Kate. The access worked
> for me through Sarah's account, and when this changed I do not have access
> Do you have access to the server?
> I have not use the server since November last year. I also sent you an
> email to check if you had access but I did not get a response from you.And
> now suddenly you sent this to a mailing list, so I'm kind of surprise from
> your reaction.
> We also need to promote this properly if we want leaders to use this. The
> project never got at this point because
> -Getting a sponsor for vulnerability scanning was an issue for some board
> members
> -I do not have access to the server after the renewal contract and the
> account was changed from Sarah's email to Paul or Kate
> - I did not hear  from you regarding access to the server
> At this point as you can see, it involves a lot of work pulling these kind
> of projects.
> Could you clarify and let me know if you have access to this server? You
> were the admin of the system.
> Regards
> Johanna
> regards
> Johanna
> On Sun, Mar 1, 2015 at 8:25 PM, Jason Johnson <jason.johnson at owasp.org>
> wrote:
>> Currently we have a VPS that hosts a build server for OWASP and I was
>> curious if anyone was using this or if we think it could be used in some
>> other manner. Another option is to get rid of it all together and save
>> around 75$ a month.
>> The idea behind it was to allow every project to have a space to build
>> there apps or have them scanned for vulnerabilities. Im not sure how people
>> feel about it at this point but i'm all for ideas or even decommissioning
>> it if we think its not bringing value to our cause?
>> I know Johanna was working on this at some point and it is a huge task to
>> take on so let me know if we want to reappropriate this sever for something
>> or simple remove it from owasps assets.
> _______________________________________________
> Governance mailing list
> Governance at lists.owasp.org
> https://lists.owasp.org/mailman/listinfo/governance
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/governance/attachments/20150302/e7daa6d0/attachment.html>

More information about the Governance mailing list