[Governance] VPS Windows 2012 Server

johanna curiel curiel johanna.curiel at owasp.org
Mon Mar 2 18:09:38 UTC 2015

I'm ok with that

I also agree with Matt that the ROI is quite low at this point.



On Mon, Mar 2, 2015 at 2:06 PM, Jason Johnson <jason.johnson at owasp.org>

> So are we all good with shutting the server down and saving some money?
> On Mar 2, 2015 11:15 AM, "Matt Tesauro" <matt.tesauro at owasp.org> wrote:
>> Jim,
>>  I do mostly agree with your points.  I guess I'm looking at this from
>> another direction.
>> Running that server has opportunity costs for Johanna and Jason which
>> isn't providing much ROI to the community or Foundation.
>> Keeping infrastructure up and running, available and providing value to
>> the community is a non-trivial ask.  It appears to me that usage is minimal
>> so the community is probably "spending more" then the value its getting
>> back.
>> While the SWAMP may have warts, its functional and, for those that want
>> to have their code checked, it can work.  If they have concerns about
>> handing over their open source project's source code to DHS, well, DHS can
>> just download it it if they really want it so I don't that's much of a real
>> issue.
>> So, since we have had little uptake and its non-free for Johanna and
>> Jason to run this thing (in terms of _their_ volunteer time), then pointing
>> projects to the SWAMP seems like a good thing to me.  It will free Johanna
>> and Jason up to get wins in other areas at OWASP.
>> HTH clarifies what I was meaning earlier.  Hard to be precise on your
>> phone in the dentist's office waiting room. ; )
>> Cheers!
>> --
>> -- Matt Tesauro
>> OWASP WTE Project Lead
>> http://www.owasp.org/index.php/Category:OWASP_Live_CD_Project
>> http://AppSecLive.org - Community and Download site
>> OWASP OpenStack Security Project Lead
>> https://www.owasp.org/index.php/OWASP_OpenStack_Security_Project
>> On Mon, Mar 2, 2015 at 8:15 AM, Jim Manico <jim.manico at owasp.org> wrote:
>>> It's just "scanners in the cloud" and not easy to use last I checked.
>>> SWAMP has a lot of maturing to do, not to mention the privacy issues of a
>>> cloud service vs. open source tools.
>>> --
>>> Jim Manico
>>> @Manicode
>>> (808) 652-3805
>>> On Mar 2, 2015, at 2:35 PM, Matt Tesauro <matt.tesauro at owasp.org> wrote:
>>> Why don't we point projects to DHS's SWAMP for security scanning?
>>> They have already managed the relationship with vendors, its free to use
>>> and doesn't require any infrastructure for the Foundation to maintain.
>>> <Matt's 2 cents />
>>> --
>>> -- Matt Tesauro
>>> OWASP WTE Project Lead
>>> http://www.owasp.org/index.php/Category:OWASP_Live_CD_Project
>>> http://AppSecLive.org - Community and Download site
>>> OWASP OpenStack Security Project Lead
>>> https://www.owasp.org/index.php/OWASP_OpenStack_Security_Project
>>> On Mar 2, 2015 5:26 AM, "johanna curiel curiel" <
>>> johanna.curiel at owasp.org> wrote:
>>>> Hi Jason
>>>> I think we need to communicate this clear to the leaders in order for
>>>> them to use this. I also think, Jason, you need to communicate the whole
>>>> story in order for people to understand about this project.
>>>> I think it was a very good initiative from you, however, as you can see
>>>> it requires a lot of work to make it feasible.
>>>> Last year I setup around 10 projects but I remembered we had issues
>>>> with SVN repositories.  I saw some emails last month regarding access and
>>>> renewing the VPS contract that you exchange with Kate and Paul.
>>>> Like I mentioned, I do not have access right now and since last year. I
>>>> sent you an email, to Paul and Kate  some week ago, asking if you had
>>>> access to this server. You did not answer my email and Paul requested me
>>>>  to fill a contact form to check the access with Kate. The access worked
>>>> for me through Sarah's account, and when this changed I do not have access
>>>> Do you have access to the server?
>>>> I have not use the server since November last year. I also sent you an
>>>> email to check if you had access but I did not get a response from you.And
>>>> now suddenly you sent this to a mailing list, so I'm kind of surprise from
>>>> your reaction.
>>>> We also need to promote this properly if we want leaders to use this.
>>>> The project never got at this point because
>>>> -Getting a sponsor for vulnerability scanning was an issue for some
>>>> board members
>>>> -I do not have access to the server after the renewal contract and the
>>>> account was changed from Sarah's email to Paul or Kate
>>>> - I did not hear  from you regarding access to the server
>>>> At this point as you can see, it involves a lot of work pulling these
>>>> kind of projects.
>>>> Could you clarify and let me know if you have access to this server?
>>>> You were the admin of the system.
>>>> Regards
>>>> Johanna
>>>> regards
>>>> Johanna
>>>> On Sun, Mar 1, 2015 at 8:25 PM, Jason Johnson <jason.johnson at owasp.org>
>>>> wrote:
>>>>> Currently we have a VPS that hosts a build server for OWASP and I was
>>>>> curious if anyone was using this or if we think it could be used in some
>>>>> other manner. Another option is to get rid of it all together and save
>>>>> around 75$ a month.
>>>>> The idea behind it was to allow every project to have a space to build
>>>>> there apps or have them scanned for vulnerabilities. Im not sure how people
>>>>> feel about it at this point but i'm all for ideas or even decommissioning
>>>>> it if we think its not bringing value to our cause?
>>>>> I know Johanna was working on this at some point and it is a huge task
>>>>> to take on so let me know if we want to reappropriate this sever for
>>>>> something or simple remove it from owasps assets.
>>>> _______________________________________________
>>>> Governance mailing list
>>>> Governance at lists.owasp.org
>>>> https://lists.owasp.org/mailman/listinfo/governance
>>>>  --
>>> You received this message because you are subscribed to the Google
>>> Groups "OWASP Projects Task Force" group.
>>> To unsubscribe from this group and stop receiving emails from it, send
>>> an email to projects-task-force+unsubscribe at owasp.org.
>>> To post to this group, send email to projects-task-force at owasp.org.
>>> To view this discussion on the web visit
>>> https://groups.google.com/a/owasp.org/d/msgid/projects-task-force/CALKUk%2BM4LWay4w-FtcnH2HLTq818Uu18zpvtLd5V8L-LJyJFcg%40mail.gmail.com
>>> <https://groups.google.com/a/owasp.org/d/msgid/projects-task-force/CALKUk%2BM4LWay4w-FtcnH2HLTq818Uu18zpvtLd5V8L-LJyJFcg%40mail.gmail.com?utm_medium=email&utm_source=footer>
>>> .
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/governance/attachments/20150302/b38ec9ce/attachment.html>

More information about the Governance mailing list