[Owasp-board] FY16 Initiatives
johanna curiel curiel
johanna.curiel at owasp.org
Fri Nov 27 13:50:02 UTC 2015
As an advocate of projects, I think before spending money in more project
summits, we need to evaluate the results of the last ones.
I can provide my feedback on the APPSEC EU. I believe I did a short summary
on an email once. I think you need to evaluate the results from APPSEC US
>>Projects would bid for some of the cash for travel expenses, where we
favour locals with lower costs over far flung remote costs.
What happens for project leaders that are not living in US nor EU? Last
time we created a 'waiting list' to favour first locals and then if no
more locals will use the budget, a max of USD1000,- was available to other
projects leaders. Example John Patrick Lita lives in Philippines and it
will be unfair to exclude him only because is not 'US' or 'EU'
based...(just an example). USD1000,- will only cover his ticket so
traveling becomes difficult
>>Cons: Would need to make sure that projects are chosen based upon need or
strategic significance to OWASP, such as previous Flagship projects who
need a lot of TLC to get back into the good books.
Agree, but this is a really a very small group and many of them, probably
will not participate even if sponsored, due to time work and family. It
happened before.Thats why is important to evaluate the effectiveness of the
Money should be well spent in gathering project leaders fully sponsored by
the summit so they can meet, like ZAP developers.
Maybe instead of trying to create a 'whole summit' why not create a budget
for mini-summits among the developers of specific projects?
Trying to gather everyone in one place at a certain time of the year is
very expensive and maybe not so very effective.
On Thu, Nov 12, 2015 at 9:10 AM, Andrew van der Stock <vanderaj at owasp.org>
> I believe we need the following additional budgeted initiatives in FY16.
> *AppSec India Seed*.
> I would like to set aside $25k for an AppSec India seed. This might need
> to be extended to a larger amount once actual planning takes place and a
> venue and size estimated. We would most likely get this back or better, so
> revenue neutral at worst, profitable at best.
> Pros: Core to our mission, only draw down if India chapters get planning.
> Cons: None.
> *OWASP Infrastructure Transformation*
> From Matt Tesuaro's briefing to us earlier this year, I believe we have a
> lot of technical debt in OWASP's sprawling and basically unmanaged
> infrastructure. If we don't have a good handle on our information assets,
> we will lose them. I believe as part of a wider program of works, we need
> to contract Matt's time as a project where this is his day job for a while,
> first by taking a full inventory of assets, making a recommendation for
> rolling all like systems into one, and making recommendations like the
> MailMan upgrade / migration project.
> Pros: Will drive out costs in subsequent years. Will increase the
> effectiveness of Matt's time to look after only a smaller number of more
> critical systems. Allows us to do things we can't do today. Cons: will
> likely cost a bit. I would like to say 2-3 months of Matt's time, which we
> would need to price out and make sure that we have a clear understanding of
> achievable outcomes.
> *Project Summits*
> I would like to put forward a proposal that could take a fair chunk of
> change. I would like us to put $25k x 2 to be made available to AppSec EU
> and AppSec US, to allow a week long project summit, prior to the actual
> conferences. Projects would bid for some of the cash for travel expenses,
> where we favor locals with lower costs over far flung remote costs.
> I would like us to make it clear that folks can participate in a
> sponsorship drive for the Project Summit to top up these funds.
> Pros: Core to our mission that we work on projects. Cons: Would need to
> make sure that projects are chosen based upon need or strategic
> significance to OWASP, such as previous Flagship projects who need a lot of
> TLC to get back into the good books.
> Owasp-board mailing list
> Owasp-board at lists.owasp.org
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Owasp-board