[Owasp-board] FY16 Initiatives
Andrew van der Stock
vanderaj at owasp.org
Thu Nov 12 13:10:25 UTC 2015
I believe we need the following additional budgeted initiatives in FY16.
*AppSec India Seed*.
I would like to set aside $25k for an AppSec India seed. This might need to
be extended to a larger amount once actual planning takes place and a venue
and size estimated. We would most likely get this back or better, so
revenue neutral at worst, profitable at best.
Pros: Core to our mission, only draw down if India chapters get planning.
*OWASP Infrastructure Transformation*
>From Matt Tesuaro's briefing to us earlier this year, I believe we have a
lot of technical debt in OWASP's sprawling and basically unmanaged
infrastructure. If we don't have a good handle on our information assets,
we will lose them. I believe as part of a wider program of works, we need
to contract Matt's time as a project where this is his day job for a while,
first by taking a full inventory of assets, making a recommendation for
rolling all like systems into one, and making recommendations like the
MailMan upgrade / migration project.
Pros: Will drive out costs in subsequent years. Will increase the
effectiveness of Matt's time to look after only a smaller number of more
critical systems. Allows us to do things we can't do today. Cons: will
likely cost a bit. I would like to say 2-3 months of Matt's time, which we
would need to price out and make sure that we have a clear understanding of
I would like to put forward a proposal that could take a fair chunk of
change. I would like us to put $25k x 2 to be made available to AppSec EU
and AppSec US, to allow a week long project summit, prior to the actual
conferences. Projects would bid for some of the cash for travel expenses,
where we favor locals with lower costs over far flung remote costs.
I would like us to make it clear that folks can participate in a
sponsorship drive for the Project Summit to top up these funds.
Pros: Core to our mission that we work on projects. Cons: Would need to
make sure that projects are chosen based upon need or strategic
significance to OWASP, such as previous Flagship projects who need a lot of
TLC to get back into the good books.
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Owasp-board