[Governance] VPS Windows 2012 Server

Jason Johnson jason.johnson at owasp.org
Mon Mar 2 18:06:04 UTC 2015


So are we all good with shutting the server down and saving some money?
On Mar 2, 2015 11:15 AM, "Matt Tesauro" <matt.tesauro at owasp.org> wrote:

> Jim,
>
>  I do mostly agree with your points.  I guess I'm looking at this from
> another direction.
>
> Running that server has opportunity costs for Johanna and Jason which
> isn't providing much ROI to the community or Foundation.
>
> Keeping infrastructure up and running, available and providing value to
> the community is a non-trivial ask.  It appears to me that usage is minimal
> so the community is probably "spending more" then the value its getting
> back.
>
> While the SWAMP may have warts, its functional and, for those that want to
> have their code checked, it can work.  If they have concerns about handing
> over their open source project's source code to DHS, well, DHS can just
> download it it if they really want it so I don't that's much of a real
> issue.
>
> So, since we have had little uptake and its non-free for Johanna and Jason
> to run this thing (in terms of _their_ volunteer time), then pointing
> projects to the SWAMP seems like a good thing to me.  It will free Johanna
> and Jason up to get wins in other areas at OWASP.
>
> HTH clarifies what I was meaning earlier.  Hard to be precise on your
> phone in the dentist's office waiting room. ; )
>
> Cheers!
>
> --
> -- Matt Tesauro
> OWASP WTE Project Lead
> http://www.owasp.org/index.php/Category:OWASP_Live_CD_Project
> http://AppSecLive.org - Community and Download site
> OWASP OpenStack Security Project Lead
> https://www.owasp.org/index.php/OWASP_OpenStack_Security_Project
>
> On Mon, Mar 2, 2015 at 8:15 AM, Jim Manico <jim.manico at owasp.org> wrote:
>
>> It's just "scanners in the cloud" and not easy to use last I checked.
>> SWAMP has a lot of maturing to do, not to mention the privacy issues of a
>> cloud service vs. open source tools.
>>
>> --
>> Jim Manico
>> @Manicode
>> (808) 652-3805
>>
>> On Mar 2, 2015, at 2:35 PM, Matt Tesauro <matt.tesauro at owasp.org> wrote:
>>
>> Why don't we point projects to DHS's SWAMP for security scanning?
>>
>> They have already managed the relationship with vendors, its free to use
>> and doesn't require any infrastructure for the Foundation to maintain.
>>
>> <Matt's 2 cents />
>>
>> --
>> -- Matt Tesauro
>> OWASP WTE Project Lead
>> http://www.owasp.org/index.php/Category:OWASP_Live_CD_Project
>> http://AppSecLive.org - Community and Download site
>> OWASP OpenStack Security Project Lead
>> https://www.owasp.org/index.php/OWASP_OpenStack_Security_Project
>> On Mar 2, 2015 5:26 AM, "johanna curiel curiel" <johanna.curiel at owasp.org>
>> wrote:
>>
>>> Hi Jason
>>>
>>> I think we need to communicate this clear to the leaders in order for
>>> them to use this. I also think, Jason, you need to communicate the whole
>>> story in order for people to understand about this project.
>>>
>>> I think it was a very good initiative from you, however, as you can see
>>> it requires a lot of work to make it feasible.
>>> Last year I setup around 10 projects but I remembered we had issues with
>>> SVN repositories.  I saw some emails last month regarding access and
>>> renewing the VPS contract that you exchange with Kate and Paul.
>>>
>>> Like I mentioned, I do not have access right now and since last year. I
>>> sent you an email, to Paul and Kate  some week ago, asking if you had
>>> access to this server. You did not answer my email and Paul requested me
>>>  to fill a contact form to check the access with Kate. The access worked
>>> for me through Sarah's account, and when this changed I do not have access
>>>
>>> Do you have access to the server?
>>> I have not use the server since November last year. I also sent you an
>>> email to check if you had access but I did not get a response from you.And
>>> now suddenly you sent this to a mailing list, so I'm kind of surprise from
>>> your reaction.
>>>
>>> We also need to promote this properly if we want leaders to use this.
>>> The project never got at this point because
>>> -Getting a sponsor for vulnerability scanning was an issue for some
>>> board members
>>> -I do not have access to the server after the renewal contract and the
>>> account was changed from Sarah's email to Paul or Kate
>>> - I did not hear  from you regarding access to the server
>>>
>>> At this point as you can see, it involves a lot of work pulling these
>>> kind of projects.
>>>
>>> Could you clarify and let me know if you have access to this server? You
>>> were the admin of the system.
>>>
>>> Regards
>>>
>>> Johanna
>>>
>>> regards
>>>
>>> Johanna
>>>
>>> On Sun, Mar 1, 2015 at 8:25 PM, Jason Johnson <jason.johnson at owasp.org>
>>> wrote:
>>>
>>>> Currently we have a VPS that hosts a build server for OWASP and I was
>>>> curious if anyone was using this or if we think it could be used in some
>>>> other manner. Another option is to get rid of it all together and save
>>>> around 75$ a month.
>>>>
>>>> The idea behind it was to allow every project to have a space to build
>>>> there apps or have them scanned for vulnerabilities. Im not sure how people
>>>> feel about it at this point but i'm all for ideas or even decommissioning
>>>> it if we think its not bringing value to our cause?
>>>>
>>>>
>>>> I know Johanna was working on this at some point and it is a huge task
>>>> to take on so let me know if we want to reappropriate this sever for
>>>> something or simple remove it from owasps assets.
>>>>
>>>
>>>
>>> _______________________________________________
>>> Governance mailing list
>>> Governance at lists.owasp.org
>>> https://lists.owasp.org/mailman/listinfo/governance
>>>
>>>  --
>> You received this message because you are subscribed to the Google Groups
>> "OWASP Projects Task Force" group.
>> To unsubscribe from this group and stop receiving emails from it, send an
>> email to projects-task-force+unsubscribe at owasp.org.
>> To post to this group, send email to projects-task-force at owasp.org.
>> To view this discussion on the web visit
>> https://groups.google.com/a/owasp.org/d/msgid/projects-task-force/CALKUk%2BM4LWay4w-FtcnH2HLTq818Uu18zpvtLd5V8L-LJyJFcg%40mail.gmail.com
>> <https://groups.google.com/a/owasp.org/d/msgid/projects-task-force/CALKUk%2BM4LWay4w-FtcnH2HLTq818Uu18zpvtLd5V8L-LJyJFcg%40mail.gmail.com?utm_medium=email&utm_source=footer>
>> .
>>
>>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/governance/attachments/20150302/d4b8b59b/attachment-0001.html>


More information about the Governance mailing list