[Owasp-board] We need to begin to direct appropriately

Jeff Williams jeff.williams at owasp.org
Thu Jan 20 21:34:58 UTC 2011


Sure.  I apologize for sending this too early by accident.  I'll finish tonight and send the complete version

--Jeff

Jeff Williams
Aspect Security
work: 410-707-1487
main: 301-604-4882



On Jan 20, 2011, at 4:27 PM, dinis cruz <dinis.cruz at owasp.org> wrote:

> Should we add a deliverables column?
> 
> Dinis Cruz
> 
> On 20 Jan 2011, at 20:29, Jeff Williams <jeff.williams at owasp.org> wrote:
> 
>> All,
>> 
>> Here is some input on each of the working group objectives.  Hopefully this is in a format you can use.  My comments are prefaced by the word “DELIVERABLE”
>> 
>> I’ve tried hard to imagine a deliverable from each session that we can share with the world and build ecosystems around.   Hopefully this will help the working groups focus and really accomplish something great.
>> 
>> P.S. Any working group that has the objective of “discuss something” or “work on something” needs to get focused right away.
>> 
>>  
>> 
>> <image002.jpg>
>> Category: Summit 2011 Metrics Track
>> 
>> Name of Working Session
>> 
>> Objective(s)
>> 
>> Owner/Leader 
>> 
>> Members/Attendees 
>> 
>> view 
>> edit
>> 
>> Risk Metrics
>> 
>> Chris Wysopal 
>> Chris Eng
>> 
>> Colin Watson
>> 
>> Justin Clarke
>> 
>> view 
>> edit
>> 
>> Tools Interoperability (Data Instrumentation)
>> 
>> DELIVERABLE: A standard schema for describing application security risks of all types, with a place for all relevant information – whether derived statically, dynamically, manually, or architecturally.
>> 
>> Dinis Cruz
>> 
>> view 
>> edit
>> 
>> Metrics and Labelling
>> 
>> DELIVERABLE: White paper sketching out a standard for a software security label and a plan to finalize the standard.
>> 
>> Chris Wysopal 
>> Chris Eng
>> 
>> Colin Watson
>> 
>> view 
>> edit
>> 
>> Counting and scoring application security defects
>> 
>> DELIVERABLE: White paper sketching out a standard for rating risks that accomodates individual minor defects all the way through architectural flaws (that may represent many individual defects)
>> 
>> Chris Wysopal 
>> Chris Eng
>> 
>> Jason Taylor
>> 
>> Justin Clarke
>> 
>> view 
>> edit
>> 
>> Measuring SDLC process performance 
>> 
>> Chris Wysopal 
>> Chris Eng
>> 
>> Justin Clarke
>> 
>> Nishi Kumar
>> 
>> Colin Watson
>> 
>> Jason Taylor
>> 
>> Matthew Chalmers
>> 
>> Justin Clarke
>> 
>> view 
>> edit
>> 
>> view 
>> edit
>> 
>> view 
>> edit
>> 
>>  
>> 
>> <image004.jpg>
>> Category: Summit 2011 Browser Security Track
>> 
>> Name of Working Session
>> 
>> Objective(s)
>> 
>> Owner/Leader 
>> 
>> Members/Attendees 
>> 
>> view 
>> edit
>> 
>> Browser Security Working Group
>> 
>> Work on and discuss how to enhance enduser security in web applications,
>> Work on and discuss browser-based countermeasures against XSS, CSRF, man-in-the-middle, man-in-the-browser and full remote access exploits
>> DELIVERABLE: White paper describing specific recommendations for browser vendors.
>> 
>> John Wilander
>> 
>> Email John Wilander if you are unable to edit the Wiki and would like to sign up! 
>> 
>> Michael Coates
>> 
>> Colin Watson
>> 
>> view 
>> edit
>> 
>> Sandboxing
>> 
>> view 
>> edit
>> 
>> Securing Plugins
>> 
>> DELIVERABLE: A whitepaper with concrete recommendations for:
>> 
>> -         Developers to build secure plugins
>> 
>> -         Users to select, install, and use plugins securely
>> 
>> -         Browser makers to defend against malicious plugins
>> 
>> -         Recommendations for shared security controls that plugins can share
>> 
>> view 
>> edit
>> 
>> Enduser Warnings
>> 
>> DELIVERABLE: Recommendations to browser makers about making effective warnings.
>> 
>>  
>> 
>> DELIVERABLE: Awareness materials to help raise awareness about the meaning and consequences of the different enduser warnings
>> 
>> view 
>> edit
>> 
>> Blacklisting
>> 
>> view 
>> edit
>> 
>> OS Integration
>> 
>> view 
>> edit
>> 
>> JavaScript
>> 
>> view 
>> edit
>> 
>> New HTTP Headers
>> 
>> DELIVERABLE White paper describing (for each new header): what the problem is, why a new header will help, and recommendations for implementation of the new header on both browser and server-side.
>> 
>> view 
>> edit
>> 
>> view 
>> edit
>> 
>>  
>> 
>> <image006.jpg>
>> Category: Summit 2011 XSS Eradication Track
>> 
>> Name of Working Session
>> 
>> Objective(s)
>> 
>> Owner/Leader 
>> 
>> Members/Attendees 
>> 
>> view 
>> edit 
>> 
>> XSS and the Frameworks
>> 
>> Work on how OWASP can engage with the major web frameworks to move towards a "secure by default" stance
>> Work on OWASP resources to provide patches/design approaches in conjunction with the frameworks
>> DELIVERABLE: White paper or standard for what we want the web frameworks to provide.
>> 
>> Justin Clarke
>> 
>> view 
>> edit 
>> 
>> XSS - Awareness, Resources, and Partnerships
>> 
>> Work on what partners we can reach, and what resources they can provide us access to
>> Work on who we can work with to reach a maximum amount of developers writing web applications
>> Plan engagement with identified organizations
>> Plan a call to action for OWASP chapters for identified XSS resources
>> Justin Clarke
>> 
>> view 
>> edit 
>> 
>> WAF Mitigations for XSS
>> 
>> Improve XSS Attack Payload Detection Techniques
>> Identifying Improper Output Handling Flaws in Web Apps
>> Feasibility of Profile Page Scripts/Iframes
>> Testing Injection of JS Sandbox Code in Responses
>> Ryan Barnett
>> 
>> Lucas C. Ferreira
>> 
>> Achim Hoffmann
>> 
>> Justin Clarke
>> 
>> view 
>> edit 
>> 
>> view 
>> edit 
>> 
>> view 
>> edit 
>> 
>> view 
>> edit 
>> 
>>  
>> 
>> <image008.jpg>
>> Category: Summit 2011 Mitigation Track
>> 
>> Name of Working Session
>> 
>> Objective(s)
>> 
>> Owner/Leader 
>> 
>> Members/Attendees 
>> 
>> view 
>> edit
>> 
>> Virtual Patching Best Practices 
>> 
>> Identify which attacks/vulnerabilities are best suited for virtual patching
>> Identify which tools are best suited for virtual patching (appliance vs. embedded, WAFs vs IPS, etc...)
>> Identify who should be responsible for virtual patching
>> How to develop/test virtual patches
>> DELIVERABLE: White paper cataloguing
>> 
>> Ryan Barnett
>> 
>> Colin Watson
>> 
>> Achim Hoffmann
>> 
>> view 
>> edit
>> 
>> Scaling Web Application Security Testing
>> 
>> Arian Evans 
>> Dinis Cruz
>> 
>> Lucas C. Ferreira
>> 
>> Achim Hoffmann
>> 
>> Steven van der Baan 
>> 
>> view 
>> edit
>> 
>> How to report known security vulnerabilities (for websites) 
>> 
>> Discuss the OWASP strategy and policy on responsible disclosure of known vulnerabilities in public web applications.
>> Should OWASP provide an OT10-Leaks platform in a country with legal protection for anonymous sources?
>> Dinis Cruz / Seba
>> 
>> view 
>> edit
>> 
>> view 
>> edit
>> 
>> view 
>> edit
>> 
>> view 
>> edit
>> 
>>  
>> 
>> <image010.jpg>
>> Category: Summit 2011 University Education Training Track
>> 
>> Name of Working Session
>> 
>> Objective(s)
>> 
>> Owner/Leader 
>> 
>> Members/Attendees 
>> 
>> view 
>> edit
>> 
>> University Outreach
>> 
>> Estimation of Security prorams currently exist in university settings around the world
>> How can OWASP participate and influence the curricula of these educational programs?
>> How can we foster relationships between OWASP and universities?
>> How can the relationship between OWASP and universities be standardized?
>> What can OWASP offer universities and what can they, in turn, expect from each other?
>> Martin Knobloch
>> 
>> Nishi Kumar
>> 
>> Cecil Su
>> 
>> Elke Roth-Mandutz
>> 
>> Heiko Richler
>> 
>> Lucas C. Ferreira
>> 
>> Jason Taylor
>> 
>> view 
>> edit
>> 
>> Computer Crime Laws
>> 
>> Understand the current laws/frameworks in place in relation to computer crime and prevention
>> Discuss ways these laws are currently failing consumers in protecting assets
>> Discuss possible amendments to the laws/frameworks to better protect the public
>> Daniel Cuthbert
>> 
>> Matthew Chalmers
>> 
>> view 
>> edit
>> 
>> OWASP Academies
>> 
>> Identification of goals;
>> Definition of methodology;
>> Analysis of legal aspects and relationship with Universities, other Academic institutions and Governmental initiatives;
>> Identification of Trainers and their involvement;
>> Certification of Contents and materials.
>> Sandra Paiva
>> 
>> Martin Knobloch
>> 
>> Paulo Coimbra
>> 
>> Dinis Cruz
>> 
>> Nishi Kumar
>> 
>> Cecil Su
>> 
>> Heiko Richler
>> 
>> Lucas C. Ferreira
>> 
>> Jason Taylor
>> 
>> Mateo Martinez
>> 
>> view 
>> edit
>> 
>> OWASP Training
>> 
>> Consolidation of the OWASP Training Model (Paid and Non Paid):
>> Methodolgies;
>> Contents and materials;
>> Trainers Database;
>> Training Kit
>> Sandra Paiva
>> 
>> Martin Knobloch
>> 
>> Paulo Coimbra
>> 
>> Dinis Cruz
>> 
>> Nishi Kumar
>> 
>> Cecil Su
>> 
>> Heiko Richler
>> 
>> Lucas C. Ferreira
>> 
>> Colin Watson
>> 
>> Jason Taylor
>> 
>> Achim Hoffmann
>> 
>> Mark Bristow
>> 
>> Mateo Martinez
>> 
>> view 
>> edit
>> 
>> Developer's Security Training Package
>> 
>> To create an organized package that can be used by companies for the purposes of educating developers on securely coding web applications and web services
>> Brad Causey
>> 
>> Martin Knobloch
>> 
>> Nishi Kumar
>> 
>> Jason Taylor
>> 
>> view 
>> edit
>> 
>> OWASP TOP 10 online training in Hacking-Lab
>> 
>> To learn more about the OWASP TOP 10 cases in Hacking-Lab - Vulnerable Apps in HL
>> Experience the users's view of a training - lab descriptions, exercises, send-solution, ranking, global ranking, my profile
>> Experience the teacher's view of a training - solution movies, accpet or reject solutions from users, solution movie
>> Experience the Hacking-Lab LiveCD (accessing the lab), teaming, levels in HL, avatar, rankings
>> Talk about a potential collaboration between OWASP and Hacking-Lab for the future. Free OWASP TOP 10 training.
>> Ivan Buetler
>> 
>> Nishi Kumar
>> 
>> Cecil Su
>> 
>> Jason Taylor
>> 
>> Achim Hoffmann
>> 
>> view 
>> edit
>> 
>> How to present worldwide David Rice's Pollution keynote
>> 
>> Dinis Cruz
>> 
>> view 
>> edit
>> 
>> OWASP Exams
>> 
>> Establish model for CC-licensed exams creation
>> Establish model for CC-licensed exams distribution and usage
>> Establish a first CC-licensed exam to test the concept (an alpha will be brought to the working session)
>> Try OWASP training and exam end-to-end to experience and improve training and exam usage scenarios
>> Jason Taylor
>> 
>> Dinis Cruz
>> 
>> Matthew Chalmers
>> 
>> Mateo Martinez
>> 
>> view 
>> edit
>> 
>> OWASP Certification
>> 
>> Determine whether certification would have value for OWASP's Community
>> Determine a model by which certification based on OWASP materials could succeed
>> Determine a model for creation and distribution of a CC-licensed certification exam based on OWASP materials
>> (if agreed) Determine a model for supporting the administration of certification based on OWASP Materials
>> Dinis Cruz
>> 
>> Matthew Chalmers
>> 
>> Mateo Martinez
>> 
>>  
>> 
>> <image012.jpg>
>> Category: Summit 2011 OWASP Secure Coding Workshop Track
>> 
>> Name of Working Session
>> 
>> Objective(s)
>> 
>> Owner/Leader 
>> 
>> Members/Attendees 
>> 
>> view 
>> edit 
>> 
>> Applying ESAPI Input Validation
>> 
>> Serial Decomp: Decode, canonicalize, filter
>> Structured data (SSN, CC, etc.)
>> Unstructured data (comments, blogs, etc.)
>> Other input exaples (ws-, database, etc.)
>> Chris Schmidt
>> 
>> Nishi Kumar
>> 
>> Colin Watson
>> 
>> Justin Clarke
>> 
>> view 
>> edit 
>> 
>> Defining AppSensor Detection Points
>> 
>> Understand AppSensor Fundamentals
>> Define AppSensor Detection Points applicable to most applications
>> Implement detection points into code
>> Michael Coates
>> 
>> Ryan Barnett
>> 
>> Colin Watson
>> 
>> Chris Schmidt
>> 
>> view 
>> edit 
>> 
>> Contextual Output Encoding
>> 
>> Provide real-world examples of the ESAPI encoder class stopping injection attacks.
>> Jim Manico
>> 
>> Colin Watson
>> 
>> Chris Schmidt
>> 
>> Justin Clarke
>> 
>> view 
>> edit 
>> 
>> Protecting Information Stored Client-Side
>> 
>> John Steven
>> 
>> Elke Roth-Mandutz
>> 
>> Colin Watson
>> 
>> Chris Schmidt
>> 
>> Justin Clarke
>> 
>> view 
>> edit 
>> 
>> Protecting Against CSRF
>> 
>> Eric Sheridan
>> 
>> Chris Schmidt
>> 
>> Achim Hoffmann
>> 
>> Ryan Barnett
>> 
>> Colin Watson
>> 
>> view 
>> edit 
>> 
>> Providing Access to Persisted Data
>> 
>> Create design and code examples for protecting access to database tables by role
>> Create design and code examples for protecting access to data when 'auto-wiring' and marshalling
>> Create design and code examples for protecting sensitive data at rest
>> Create design and code examples for providing SQL-like querying capabilities in a safe manner
>> Dan Cornell
>> 
>> Colin Watson
>> 
>> Chris Schmidt
>> 
>> Justin Clarke
>> 
>> Dan Cornell
>> 
>> John Steven
>> 
>> view 
>> edit 
>> 
>> The Future of the OWASP Secure Coding Workshop
>> 
>> Determine how to scale the idea
>> Determine how to get funding for it
>> Schedule at least two following OWASP Secure Coding Workshop days in 2011
>> John Steven 
>> Chris Schmidt
>> 
>> Colin Watson
>> 
>> Justin Clarke
>> 
>> view 
>> edit 
>> 
>> view 
>> edit 
>> 
>> view 
>> edit 
>> 
>> view 
>> edit 
>> 
>>  
>> 
>> <image014.jpg>
>> Category: Summit 2011 Individual OWASP Projects Track
>> 
>> Name of Working Session
>> 
>> Objective(s)
>> 
>> Owner/Leader 
>> 
>> Members/Attendees 
>> 
>> view 
>> edit 
>> 
>> ESAPI - Output Validation
>> 
>> Jeff Williams 
>> Chris Schmidt 
>> Jim Manico
>> 
>> Nishi Kumar
>> 
>> view 
>> edit 
>> 
>> O2 Platform 
>> 
>> Dinis Cruz
>> 
>> Nishi Kumar
>> 
>> Jason Taylor
>> 
>> Steven van der Baan 
>> 
>> view 
>> edit 
>> 
>> Mobile Security 
>> 
>> Primary: Create core knowledge base on project wiki site
>> Recruit volunteers to contribute to project
>> Establish relationships with key players (i.e. Apple/Google/etc)
>> Mike Zusman 
>> David Campbell
>> 
>> Colin Watson
>> 
>> Tom Neaves
>> 
>> Mateo Martinez
>> 
>> Justin Clarke
>> 
>> view 
>> edit 
>> 
>> Development Guide
>> 
>> Discussion of major enhancements to the next version of the development guide.
>> Vishal Garg
>> 
>> view 
>> edit 
>> 
>> ASVS Project
>> 
>> Matthias Rohr
>> 
>> Nishi Kumar
>> 
>> Steven van der Baan 
>> 
>> Wojciech Dworakowski
>> 
>> Jim Manico
>> 
>> view 
>> edit 
>> 
>> Enterprise Web Defense Roundtable
>> 
>> What techniques are effective for scaling web security within a large company?
>> Strategies for developer education that work?
>> Automated defenses - what techniques are currently in use?
>> Benefits/considerations for using security bounty programs and public hacking initiatives.
>> What can OWASP build or develop to assist with enterprise wide application security?
>> Michael Coates 
>> Chris Lyon
>> 
>> Colin Watson
>> 
>> Dinis Cruz
>> 
>> Chris Schmidt
>> 
>> Justin Clarke
>> 
>> view 
>> edit 
>> 
>> OWASP Testing Guide
>> 
>> Matteo Meucci 
>> 
>> Nishi Kumar
>> 
>> Cecil Su
>> 
>> Lucas C. Ferreira
>> 
>> Colin Watson
>> 
>> Achim Hoffmann
>> 
>> Tom Neaves
>> 
>> view 
>> edit 
>> 
>> OWASP Java Project
>> 
>> Restart the Java project
>> Find new leadership
>> Recruit volunteers
>> Build a new Roadmap for the project
>> Lucas C. Ferreira
>> 
>> Mateo Martinez
>> 
>> view 
>> edit 
>> 
>> OWASP Portuguese Language Project
>> 
>> Kickstart the project
>> Define leadership and roles
>> Prioritize documents
>> List all Portuguese materials available
>> Lucas C. Ferreira
>> 
>> view 
>> edit 
>> 
>> Threat Modeling
>> 
>> Discuss on various components of threat modeling
>> Various threat modeling methodologies and their challenges
>> If you have an idea to discuss, please email Anurag Agarwal at anurag at myappsecurity.com
>> Anurag Agarwal
>> 
>> Matthew Chalmers
>> 
>> Colin Watson
>> 
>> Mateo Martinez
>> 
>> Dinis Cruz
>> 
>> Jim Manico
>> 
>> Neil Matatall
>> 
>> Christian Martorella
>> 
>> Steven van der Baan 
>> 
>> Nishi Kumar
>> 
>>  
>> 
>> <image016.jpg>
>> Category: Summit 2011 OWASP Governance Track
>> 
>> Name of Working Session 
>> 
>> Objective(s)
>> 
>> Owner/Leader 
>> 
>> Members/Attendees 
>> 
>> view 
>> edit 
>> 
>> OWASP Board/Committee Governance
>> 
>> Universal Committee Governance Document/Policies
>> Review Board Governance and By-Laws (Including Board composition/elections)
>> Committee alignment to OWASP Goals/Mission including Authorities, Individual Missions and Areas of Responsibility (AoR).
>> Providing budgets to committees for direct oversight and spending in their AoR
>> Additional transparency in OWASP accounting (Expenditures, Expense Reports for Officers/Committee Members.....)
>> Mark Bristow 
>> Jason Li 
>> Tom Brennan
>> 
>> Jim Manico
>> 
>> Nishi Kumar
>> 
>> Joe Bernik
>> 
>> Matthew Chalmers
>> 
>> view 
>> edit 
>> 
>> Projects 
>> 
>> Assessment Criteria & Orphaned Projects
>> Funding, Marking & Commercial Services
>> Brad Causey 
>> Jason Li
>> 
>> Seba
>> 
>> Nishi Kumar
>> 
>> view 
>> edit 
>> 
>> Industry 
>> 
>> Yiannis Pavlosoglou
>> 
>> Lorna Alamri
>> 
>> David Campbell
>> 
>> Eoin Keary
>> 
>> Matt Tesauro
>> 
>> Joe Bernik
>> 
>> Nishi Kumar
>> 
>> Lucas C. Ferreira
>> 
>> Tobias Gondrom
>> 
>> Vehbi Tasar
>> 
>> Colin Watson
>> 
>> Jason Taylor
>> 
>> view 
>> edit 
>> 
>> Membership
>> 
>> Develop a plan for reaching out to other organizations in order to expand OWASP's exposure to the larger security and developer communities.
>> Create a budget and funding plan for the Membership Committee
>> Be ready to conduct a survey of new and existing OWASP Members and Supporters. Develop survey questions and specifics for the implementation.
>> Dan Cornell
>> 
>> Michael Coates
>> 
>> Mateo Martinez
>> 
>> Dan Cornell
>> 
>> view 
>> edit 
>> 
>> Connections
>> 
>> Jim Manico 
>> Justin Clarke
>> 
>> Achim Hoffmann
>> 
>> view 
>> edit 
>> 
>> Chapters
>> 
>> Challenges and solutions to run a successful OWASP chapter
>> Seba
>> 
>> Mandeep Khera
>> 
>> Matthew Chalmers
>> 
>> view 
>> edit 
>> 
>> Education
>> 
>> Estimate how the past achievements do support the current educational developments
>> Evaluate how we can get the projects involved in developing (or at least reviewing) training material
>> Define new goals for the upcoming period
>> Define success factors for the upcoming period
>> Martin Knobloch 
>> Seba
>> 
>> Nishi Kumar
>> 
>> Cecil Su
>> 
>> Jason Taylor
>> 
>> view 
>> edit 
>> 
>> Conferences - Improving Conference Planner Support 
>> 
>> Discuss the GCC's current 2011 Plan of action and new initiatives
>> Review comments provided in the Conference Planner Survey
>> Discuss mechanisms to improve Planner/Operational Support
>> Discuss mechanisms to improve event marketing/sponsorships
>> Discuss Global Conference Sponsorship Plan
>> Mark Bristow
>> 
>> Lorna Alamri
>> 
>> Nishi Kumar
>> 
>> Lucas C. Ferreira
>> 
>> Ralph Durkee
>> 
>> Matthew Chalmers
>> 
>> view 
>> edit 
>> 
>> Tracking OWASP Participation
>> 
>> Identify the specific needs for a participation tracking system
>> Develop a working framework that provides an open, distributed and accountable mechanism to track participation
>> Discuss initial "points system" detail and point values
>> Discuss normalization of system points
>> Mark Bristow
>> 
>> Jason Li
>> 
>> view 
>> edit 
>> 
>> Professionalize OWASP 
>> 
>> Having annual OWASP Foundation Bord Member election? During annual OWASP Summit's?
>> Professionalize OWASP PR, hiring more OWASP employees, at least one for PR?
>> Hiring more OWASP professionals?
>> Paying for OWASP Board Members and OWASP Leaders?
>> Creating an European OWASP entity?
>> Martin Knobloch
>> 
>> Nishi Kumar
>> 
>> Lorna Alamri
>> 
>> Colin Watson
>> 
>> Matthew Chalmers
>> 
>> Justin Clarke
>> 
>> view 
>> edit 
>> 
>> Building the OWASP Brazilian Leaders Group
>> 
>> Define the members of the group
>> Define the rules of engagement for the group
>> Discuss how to fund Brazilian chapters
>> Discuss the translation of OWASP materials to Portuguse
>> Define the rules for hosting AppSec Brazil
>> Lucas C. Ferreira
>> 
>> view 
>> edit 
>> 
>> view 
>> edit 
>> 
>>  
>> 
>> <image018.jpg>
>> Category: Summit 2011 OWASP Track
>> 
>> Name of Working Session
>> 
>> Objective(s)
>> 
>> Owner/Leader 
>> 
>> Members/Attendees 
>> 
>> view 
>> edit
>> 
>> OWASP Around the World
>> 
>> Internationalization
>> Global Job Board
>> New OWASP chapters in parts of the world where we have not spread much yet
>> Matthew Chalmers
>> 
>> Mateo Martinez
>> 
>> view 
>> edit
>> 
>> What is an OWASP Leader?
>> 
>> Define what it means to be an OWASP Leader
>> Dinis Cruz
>> 
>> Matthew Chalmers
>> 
>> Chris Schmidt
>> 
>> view 
>> edit
>> 
>> Overhauling the OWASP Website
>> 
>> Revisit goals from previous working session
>> Identify available Google Apps (e.g. Code Review, Moderator, Short Links, Project Hosting, Groups, etc) that we can leverage to support OWASP Website Infrastructure.
>> Review Website Overhaul Proposal for consideration
>> Decide what elements should be outsourced/contracted to expedite implementation
>> Resolve on schedule for achieving goals
>> Jason Li
>> 
>> Larry Casey
>> 
>> Achim Hoffmann
>> 
>> Michael Coates
>> 
>> Colin Watson
>> 
>> Nishi Kumar
>> 
>> Dinis Cruz
>> 
>> Matthew Chalmers
>> 
>> Justin Clarke
>> 
>> view 
>> edit
>> 
>> Managing the OWASP Brand
>> 
>> Jason Li
>> 
>> Lucas C. Ferreira
>> 
>> Matthew Chalmers
>> 
>> view 
>> edit
>> 
>> Developer Outreach 
>> 
>> Mark Bristow 
>> Jason Li
>> 
>> Martin Knobloch
>> 
>> Steven van der Baan 
>> 
>> view 
>> edit
>> 
>> Privacy - Personal Data/PII, Legislation and OWASP
>> 
>> Discuss whether OWASP needs to be more proactive about privacy
>> Define how we build privacy matters into existing tools and resources
>> Identify gaps
>> Colin Watson
>> 
>> Matthew Chalmers
>> 
>> Lorna Alamri
>> 
>> Achim Hoffmann
>> 
>> Elke Roth-Mandutz
>> 
>> view 
>> edit
>> 
>> Replicating Samy's EU Tour across OWASP
>> 
>> view 
>> edit
>> 
>> S is for Safety (as well as Security) 
>> 
>> Define how OWASP can take the lead in application security for safety
>> Colin Watson
>> 
>> view 
>> edit
>> 
>> OWASP Quotes
>> 
>> Open letter to governments
>> Open letter to insurance companies
>> Tools inoperability
>> Tools customization by security consultants
>> Wiki leaks & WebAppSec
>> Dinis Cruz
>> 
>> Matthew Chalmers
>> 
>> view 
>> edit
>> 
>> Did OWASP Failed to achieve its full potential? (and lessons learned)
>> 
>> Dinis Cruz
>> 
>> view 
>> edit
>> 
>> Should OWASP hire a Chief Executive Officer (CEO)?
>> 
>> TBD
>> 
>> Matthew Chalmers
>> 
>> Dinis Cruz
>> 
>> view 
>> edit
>> 
>> Less preaching to the choir, engage more with the outsiders
>> 
>> TBD
>> 
>> Matthew Chalmers
>> 
>> view 
>> edit
>> 
>> Investment justification for Web Application Security
>> 
>> TBD
>> 
>> view 
>> edit
>> 
>> Should OWASP work directly with PCI-DSS?
>> 
>> TBD
>> 
>> Matthew Chalmers
>> 
>> view 
>> edit
>> 
>> How can OWASP reach/talk/engage with developers
>> 
>> TBD
>> 
>> view 
>> edit
>> 
>> How can OWASP reach/talk/engage with auditors
>> 
>> Educate security professionals and developers on, and dispel the myths about, audit and control
>> Educate auditors on OWASP, software development and web & application security
>> Discuss ways OWASP can help security pros, developers and auditors work together for mutual benefit and world domination
>> Matthew Chalmers
>> 
>> Matthew Chalmers
>> 
>> Achim Hoffmann
>> 
>> Justin Clarke
>> 
>> view 
>> edit
>> 
>> OWASP and Facebook, Lessons Learned
>> 
>> Jim Manico
>> 
>> view 
>> edit
>> 
>> Creating an Application Security Career - For the Average IT/Network Security Practitioner
>> 
>> TBD
>> 
>> view 
>> edit
>> 
>> view 
>> edit
>> 
>> view 
>> edit
>> 
>> view 
>> edit
>> 
>> view 
>> edit
>> 
>> view 
>> edit
>> 
>> view 
>> edit
>> 
>> view 
>> edit
>> 
>> Subcategories
>> 
>> This category has the following 10 subcategories, out of 10 total.
>> 
>>  
>> 
>>  
>> 
>>  
>> 
>>  
>> 
>>  
>> 
>> --Jeff
>> 
>>  
>> 
>>  
>> 
>> From: owasp-board-bounces at lists.owasp.org [mailto:owasp-board-bounces at lists.owasp.org] On Behalf Of Paulo Coimbra
>> Sent: Thursday, January 20, 2011 10:39 AM
>> To: 'Kate Hartmann'; 'Sandra Paiva'; 'sarah cruz'; 'Deb Brewer'; 'Linda Potjes'; 'Sarah Baso'
>> Cc: 'OWASP Foundation Board List'; owasp-summit-2011 at lists.owasp.org
>> Subject: Re: [Owasp-board] We need to begin to direct appropriately
>> 
>>  
>> 
>> All,
>> 
>>  
>> 
>> As you know we had recently asked our community to work a bit more on the working sessions by adding more content and detailing as much possible overview, objectives, outcomes and participants. We are meanwhile diving into the content already available to try and find out a way to increase its coherence so as to create the conditions for us to have a productive meeting. We are also thinking about a new template - simpler to work with and abler to capture the entire range of questions implicit in each WS. We will inform you if we manage to build anything new and, for us, better than the template currently in use.
>> 
>>  
>> 
>> We have also been told that Jeff Williams will work on this issue and we will be ready to seek convergence with his initiative as soon as his path allows us to engage. While this is being done we will make sure that requests to create or change the current WS are timely answered.
>> 
>>  
>> 
>>  
>> 
>> Thanks,
>> 
>> - Paulo
>> 
>>  
>> 
>>  
>> 
>> Paulo Coimbra,
>> 
>> OWASP Project Manager
>> 
>>  
>> 
>> From: Kate Hartmann [mailto:kate.hartmann at owasp.org] 
>> Sent: quinta-feira, 20 de Janeiro de 2011 03:43
>> To: paulo.coimbra at owasp.org; Sandra Paiva; sarah cruz; Deb Brewer; Linda Potjes; Sarah Baso
>> Cc: dinis.cruz at owasp.org
>> Subject: We need to begin to direct appropriately
>> 
>>  
>> 
>> All, following up on my email from yesterday, I have posted roles here:  http://www.owasp.org/index.php/Summit_2011_Committee#Summit_Logistical_Team_.28Who_do_I_ask.3F.29
>> 
>>  
>> 
>> Paulo and Sandra, when will you be arriving so we can include your information.
>> 
>>  
>> 
>> I also need some contact information for Marta.
>> 
>>  
>> 
>> We have about 19 days left:  http://countdown.onlineclock.net/  I don’t know how to get this onto the wiki, but it would be cool.
>> 
>>  
>> 
>> Anyway, I highly recommend that we begin to really settle into our roles.  Paulo and Sandra, you will probably be more and more busy with the working sessions as we get closer to February 8, 2011, so please let the group know how we should help!  You two are the wiki masters!
>> 
>>  
>> 
>> I hope to fill out these roles in the upcoming days with more specific tasks, but for now I’m fairly confident we all have plenty to keep us busy. 
>> 
>>  
>> 
>> If you have any questions/concerns, please don’t hesitate to raise your voice. 
>> 
>>  
>> 
>> Thank you!
>> 
>>  
>> 
>>  
>> 
>>  
>> 
>> Kate Hartmann
>> 
>> Operations Director
>> 
>> 301-275-9403
>> 
>> www.owasp.org
>> 
>> Skype:  Kate.hartmann1
>> 
>>  
>> 
>> _______________________________________________
>> Owasp-board mailing list
>> Owasp-board at lists.owasp.org
>> https://lists.owasp.org/mailman/listinfo/owasp-board
> 
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/owasp-board/attachments/20110120/7b8e9b90/attachment-0002.html>


More information about the Owasp-board mailing list