[Owasp-board] [Owasp-community] RFP - OWASP Foundation Needs Assessment

johanna curiel curiel johanna.curiel at owasp.org
Thu Feb 4 23:51:42 UTC 2016


Hi Paul

Having been quite involved with OWASP and its content for 3.5 years , I can
provide a quick assessment  based on my experience:

*Content management of Wiki*
We lack a Content management team responsible/accountable to drive and
mantain cohesive content on the wiki.Right now the wiki is a 'messy
collage' of content, with sporadic volunteers but way too many people
creating isolated wiki pages, uncategorised and outdated content that never
gets properly cleaned up after many years ago.

*Volunteer program management*
We lack  proper implementation of a volunteer program.Volunteers needs to
be managed and motivated so they contribute(aka work for free ;-). I Think
we have a big gap in OWASP to motivate volunteers properly

*Integration of work-flow processes through Salesforce API *
I was a salesforce developer for SafeBoot
<http://searchsecurity.techtarget.com/news/1275984/McAfee-acquires-SafeBoot-for-endpoint-encryption>
(bought by McAfee in 2007) and I did some heavy integration between the
Safeboot website with customer portals and the Salesforce API. OWASP can do
the same and integrate many processes(such as the forms, requests from
volunteers, reports etc)  but this will require some serious development
and develop this process properly with involvement of the staff and
volunteers needs.Not sure if 1 hour conference call with a task force of
volunteers(which has not been formed yet) on each type of projects
(Builders, Breakers, Developers)will provide an external party with little
knowledge about OWASP enough information about these issues.

*Modernisation of Wiki *
For the wiki, we need to modernise it so we have the same level as Mozilla
Developer Network <https://developer.mozilla.org/en-US/> to allow continuos
reviews and a program properly managed to motivate volunteers work on
content (Mozilla have the 'badges <https://badges.mozilla.org/en-US/>'
which is quite nice). It is driven by volunteers, however managed by a team.
I contribute with content and reviews to Mozilla just because I love that
interface and the way the content looks(some of my contributions):

https://developer.mozilla.org/en-US/docs/Web/SVG/Tutorial/SVG_Filters_Tutorial
.

We lack volunteers working on content and doing out in a concessive way and
right now this is quite sporadic and messy. This also is closely correlated
to a proper management of volunteer contributions.

While I think is an excellent initiative to hire and contractor / 3rd
party, I think many of us involved with OWASP for some years already know
the answers to the problems: We need a team to manage the process and
implement the solutions. The assessment wont solve that problem, it will
only confirm what we already know.


Cheers

Johanna




On Wed, Feb 3, 2016 at 9:46 PM, Paul Ritchie <paul.ritchie at owasp.org> wrote:

> Hi Johanna:
> I can jump in and clarify.
>
> 1. Yes, this is the initiative & budget that the Board approve in late
> 2015.
> 30 days for vendor response, and 30 days to have a community team
> including Staff to evaluate the proposals is pretty reasonable.
>
> 2. On the budget, yes, this is the range approved by the board.  We
> included the 'range' as a beginning point so we didn't get any $50K or
> larger proposals that would have been a waste of time for both parties.
>
> To those cc'd on this email via the group Board List.   We are looking for
> Volunteers to help evaluate any proposals received. If you are interested
> in being part of the evaluation team.....please let me know.
>
> I know there have been similar initiatives on wiki/infrastructure
> enhancements in the past....but I'm aiming for the Kaizen
> philosophy........continuing and regular improvements over time.
>
> Regards. Paul
>
> Best Regards, Paul Ritchie
> OWASP Executive Director
> paul.ritchie at owasp.org
>
>
> On Wed, Feb 3, 2016 at 4:25 PM, johanna curiel curiel <
> johanna.curiel at owasp.org> wrote:
>
>> Hi Kate
>>
>> Do I understand well that this RFP is only to execute an assessment  with
>> a time line of 60 days (+/- 2 months)?
>> And the budget to do this research/assessment is USD20 to 30K?
>>
>> Cheers
>>
>> Johanna
>>
>> On Wed, Feb 3, 2016 at 5:33 PM, Kate Hartmann <kate.hartmann at owasp.org>
>> wrote:
>>
>>> OWASP Community,
>>>
>>> In late 2015, the OWASP Board approved an initiative to assess and
>>> update our Wiki and internal infrastructure.  The following RFP request
>>> includes the feedback & requirements received from various community
>>> leaders in order to capture various viewpoints from our diverse community.
>>>
>>> If you know of a consultant, service provider or expert who would like
>>> respond to this RFP, please forward to their attention.
>>>
>>> Details about the RFP objectives and requirements are available in the
>>> attached document.  The document is also available here:
>>> https://drive.google.com/file/d/0BxI4iTO_QojvY0ItSk56aWY3WXM/view?usp=sharing
>>> and on the wiki here:
>>> https://www.owasp.org/index.php/OWASP_Initiatives_Global_Strategic_Focus#Active_Initiatives
>>>
>>> Submission Information
>>>
>>> RFP open:  February 3, 2016
>>> RFP close:  February 29, 2016
>>>
>>> Please email proposals to owasp.foundation at owasp.org
>>>
>>> Sincerely,
>>> The OWASP Foundation
>>>
>>>
>>> ====
>>> Disclaimer: OWASP does not endorse or recommend commercial products or
>>> services allowing our community to remain vendor neutral with the
>>> collective wisdom of the best minds in application security worldwide.
>>> ====
>>> _______________________________________________
>>> Owasp-community mailing list
>>> Owasp-community at lists.owasp.org
>>> https://lists.owasp.org/mailman/listinfo/owasp-community
>>>
>>>
>>
>> _______________________________________________
>> Owasp-board mailing list
>> Owasp-board at lists.owasp.org
>> https://lists.owasp.org/mailman/listinfo/owasp-board
>>
>>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/owasp-board/attachments/20160204/cb6f3dae/attachment.html>


More information about the Owasp-board mailing list