[Governance] VPS Windows 2012 Server

johanna curiel curiel johanna.curiel at owasp.org
Mon Mar 2 16:22:22 UTC 2015


Why don't we point projects to DHS's SWAMP for security scanning?\

I'm using the SWAMP for my testing but it does not work for everything nor
for all types of OS and programming languages.
In some cases I built a project  using an IDE

On Mon, Mar 2, 2015 at 10:15 AM, Jim Manico <jim.manico at owasp.org> wrote:

> It's just "scanners in the cloud" and not easy to use last I checked.
> SWAMP has a lot of maturing to do, not to mention the privacy issues of a
> cloud service vs. open source tools.
>
> --
> Jim Manico
> @Manicode
> (808) 652-3805
>
> On Mar 2, 2015, at 2:35 PM, Matt Tesauro <matt.tesauro at owasp.org> wrote:
>
> Why don't we point projects to DHS's SWAMP for security scanning?
>
> They have already managed the relationship with vendors, its free to use
> and doesn't require any infrastructure for the Foundation to maintain.
>
> <Matt's 2 cents />
>
> --
> -- Matt Tesauro
> OWASP WTE Project Lead
> http://www.owasp.org/index.php/Category:OWASP_Live_CD_Project
> http://AppSecLive.org - Community and Download site
> OWASP OpenStack Security Project Lead
> https://www.owasp.org/index.php/OWASP_OpenStack_Security_Project
> On Mar 2, 2015 5:26 AM, "johanna curiel curiel" <johanna.curiel at owasp.org>
> wrote:
>
>> Hi Jason
>>
>> I think we need to communicate this clear to the leaders in order for
>> them to use this. I also think, Jason, you need to communicate the whole
>> story in order for people to understand about this project.
>>
>> I think it was a very good initiative from you, however, as you can see
>> it requires a lot of work to make it feasible.
>> Last year I setup around 10 projects but I remembered we had issues with
>> SVN repositories.  I saw some emails last month regarding access and
>> renewing the VPS contract that you exchange with Kate and Paul.
>>
>> Like I mentioned, I do not have access right now and since last year. I
>> sent you an email, to Paul and Kate  some week ago, asking if you had
>> access to this server. You did not answer my email and Paul requested me
>>  to fill a contact form to check the access with Kate. The access worked
>> for me through Sarah's account, and when this changed I do not have access
>>
>> Do you have access to the server?
>> I have not use the server since November last year. I also sent you an
>> email to check if you had access but I did not get a response from you.And
>> now suddenly you sent this to a mailing list, so I'm kind of surprise from
>> your reaction.
>>
>> We also need to promote this properly if we want leaders to use this. The
>> project never got at this point because
>> -Getting a sponsor for vulnerability scanning was an issue for some board
>> members
>> -I do not have access to the server after the renewal contract and the
>> account was changed from Sarah's email to Paul or Kate
>> - I did not hear  from you regarding access to the server
>>
>> At this point as you can see, it involves a lot of work pulling these
>> kind of projects.
>>
>> Could you clarify and let me know if you have access to this server? You
>> were the admin of the system.
>>
>> Regards
>>
>> Johanna
>>
>> regards
>>
>> Johanna
>>
>> On Sun, Mar 1, 2015 at 8:25 PM, Jason Johnson <jason.johnson at owasp.org>
>> wrote:
>>
>>> Currently we have a VPS that hosts a build server for OWASP and I was
>>> curious if anyone was using this or if we think it could be used in some
>>> other manner. Another option is to get rid of it all together and save
>>> around 75$ a month.
>>>
>>> The idea behind it was to allow every project to have a space to build
>>> there apps or have them scanned for vulnerabilities. Im not sure how people
>>> feel about it at this point but i'm all for ideas or even decommissioning
>>> it if we think its not bringing value to our cause?
>>>
>>>
>>> I know Johanna was working on this at some point and it is a huge task
>>> to take on so let me know if we want to reappropriate this sever for
>>> something or simple remove it from owasps assets.
>>>
>>
>>
>> _______________________________________________
>> Governance mailing list
>> Governance at lists.owasp.org
>> https://lists.owasp.org/mailman/listinfo/governance
>>
>>  --
> You received this message because you are subscribed to the Google Groups
> "OWASP Projects Task Force" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to projects-task-force+unsubscribe at owasp.org.
> To post to this group, send email to projects-task-force at owasp.org.
> To view this discussion on the web visit
> https://groups.google.com/a/owasp.org/d/msgid/projects-task-force/CALKUk%2BM4LWay4w-FtcnH2HLTq818Uu18zpvtLd5V8L-LJyJFcg%40mail.gmail.com
> <https://groups.google.com/a/owasp.org/d/msgid/projects-task-force/CALKUk%2BM4LWay4w-FtcnH2HLTq818Uu18zpvtLd5V8L-LJyJFcg%40mail.gmail.com?utm_medium=email&utm_source=footer>
> .
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/governance/attachments/20150302/ce0a945b/attachment-0001.html>


More information about the Governance mailing list