[Owasp-leaders] (Projects Reboot 2012) Re: OWASP 2014 - Strategic Goals

Larry Conklin larry.conklin at owasp.org
Thu Nov 14 02:12:06 UTC 2013


All,
I am the co-leader on Code Review Guide. I can offer info on monies spent
after APPSEC2013. Thank you. Larry.


On Wed, Nov 13, 2013 at 6:12 PM, Tobias <tobias.gondrom at owasp.org> wrote:

>  Dinis,
>
> I can offer some info on the CISO guide: Marco did an outstanding job as
> project lead for this and we have produced version 1.0! Books are already
> in print (using some of the budget) so we can distribute some of them at
> AppSecUS when we officially announce the release. I guess full budget
> clarity for CISO guide will be done in 4 weeks.
>
> And for ZAP: I think we saw some pretty awesome progress there over the
> last 12 months and at the last AppSecEU, also with special thanks to the
> project lead Simon.
>
> And for budget transparency: I think it is probably indeed a good idea to
> see if we can ask our staff what we can do to get some more transparency on
> project budget spending levels. Eoin is just a board member and I would
> love to see this information be available and maintained going forward for
> the whole community as well.
>
> Just my 5cents.
>
> Tobias
>
>
>
>
> On 13/11/13 23:32, Eoin Keary wrote:
>
> Dinis,
> I don't have control over the funds. We have an OWASP employee who does
> that. There has been some difference of opinion with the way funds were
> allocated. Some projects now have lots of cash and others have none. I
> tried to fix this and wound up donating some OWASP funds to other projects
> out of he code review guide.
>
>  Samantha can give you info on how funds are spent, how much and on what.
>
>  Some projects are due to come in early and mid next year. But we can't
> rush perfection.
>
>  Achievements:
> Funding zap promotion.
> Ciso guide promotion
> Code review guide graphic design -to do
> Dev guide purchased some project management software
> Samantha has the answers. As the OWASP employee she was tasked with
> management of funding and spend.
>
>  Final deliverables:
>
>  Code review guide 2.0
> Testing guide 3.0
> Dev guide
> Ciso guide
>
>  Again ask the project manager please.
>
>  Wiki It is out of date. Agreed. Need to fix that. But Sam should have
> all the metrics recorded.
>
>
>
> Eoin Keary
> Owasp Global Board
> +353 87 977 2988
>
>
> On 13 Nov 2013, at 23:05, Dinis Cruz <dinis.cruz at owasp.org> wrote:
>
>   I know that Eoin doesn't want to answer the questions I asked bellow,
> but since it looks like we're wrapping up the Projects Reboot , its
> important that they are answered
>
> The main reason is that when we do another project funding initiative, we
> can learn from this experiment and improve it.
> On 11 Nov 2013 15:16, "Dinis Cruz" <dinis.cruz at owasp.org> wrote:
>
>> Eoin, when you say ' very successful reboot project funding' , can you be
>> more specific on the criteria you used to reach that conclusion?
>>
>> For example where can I see:
>> - all funds allocated
>> - all funds projected to be spent
>> - all funds actually spent
>> - timeline of the expenditure
>> - what was achieved with the funds spent?
>> - the final deliverables of the project reboot 2012 (which started on
>> Jun/Aug 2012)
>>
>> Also the page https://www.owasp.org/index.php/Projects_Reboot_2012 seems
>> quite out of date. So I would expect that a number of the answers to my
>> questions should be placed there (since it is important to have accurate
>> historical documentation of this type of Owasp initiatives)
>>
>> Thanks
>> On 11 Nov 2013 14:15, "Eoin Keary" <eoin.keary at owasp.org> wrote:
>>
>>>  We have the very successful reboot project funding many projects. Some
>>> are to be released at appsecusa such as the ciso guide.
>>> I agree we need to spend more. If € is donated for a particular project
>>> or chapter, we can't move that money to another project that easily, given
>>> it was a donation.
>>> This is frustrating but needs to be observed to be compliant with
>>> charity law etc.
>>>
>>>
>>> Eoin Keary
>>> Owasp Global Board
>>> +353 87 977 2988 <%2B353%2087%20977%202988>
>>>
>>>
>>> On 11 Nov 2013, at 13:15, Dinis Cruz <dinis.cruz at owasp.org> wrote:
>>>
>>>   This innovation will not come from 'owasp' . The way to do it is to
>>> create a budget programme like the Owasp GSD project (
>>> https://www.owasp.org/index.php/OWASP_GSD_Project) and trust the owasp
>>> leaders with the responsibility and budget .
>>>
>>> This is the Projects/Chapters Buckets idea that I have been talking for
>>> a while now, and that idea will do more for OWASP's ability to innovate ,
>>> than any discussion thread or top-down initiative
>>>
>>> On the topic of Measurement , I completely agree, and that is something
>>> that the owasp OpsTeam (the employees) should really focus on (since they
>>> are the only ones that will have the independence and motivation to do it)
>>> On 11 Nov 2013 03:03, "Jeff Williams" <jeff.williams at owasp.org> wrote:
>>>
>>>> I wasn't suggesting that the organization-focused goals aren't
>>>> important. I'm thrilled to see OWASP continue to grow. Just saying a few of
>>>> the strategic goal ideas for 2014 should be focused on our domain...
>>>>
>>>>  * Foster innovation and experimentation. One possibility is a DARPA
>>>> style high-risk, high-reward proposal program... there are others.
>>>> * Encourage diversity.  I think the "Women in AppSec" program is great
>>>> and should be expanded
>>>> * Pursue Measurement.  As Jeremiah has correctly pointed out, nobody
>>>> really knows if any of this stuff really works. Let's find out.
>>>> * Advertise.  This isn't exactly the right word. I'm thinking of a
>>>> "Truth" style campaign to help the world understand the importance of appsec
>>>> * Encourage competition. The crypto community does this well through
>>>> NIST for algorithms. Why not other defenses?
>>>>
>>>>  --Jeff
>>>>
>>>>
>>>>  On Fri, Nov 8, 2013 at 11:21 PM, Jim Manico <jim.manico at owasp.org>wrote:
>>>>
>>>>> > Shouldn't the strategies have something to do with the mission?
>>>>>
>>>>>  Of course. But we also need a well run organization in order to
>>>>> properly serve the mission. The staff has done a remarkable job in cleaning
>>>>> up a lot of difficult messes that OWASP had become. There is no shame meant
>>>>> in that statement. OWASP is just growing up - kind of like moving from a
>>>>> start-up to a larger organization. The organizational changes that Colin
>>>>> and Josh suggest are really critical in terms of efficiency. We just want
>>>>> to maximize the minimal resources that we have to serve the mission.
>>>>>
>>>>> Another thing, the suggestions below from Colin and Josh are
>>>>> additions, not the entire set of strategic goals of the organization.
>>>>>
>>>>> Here are the past OWASP strategic goals.
>>>>> https://docs.google.com/a/owasp.org/document/d/19BJMDMTVWlwqMcvUfDy1Mcjtd_bKGbhu-D-VBE-7kFU/edit
>>>>>
>>>>> We are going to be building the 2014 strategic goals after AppSecUSA (
>>>>> www.appsecusa.com) on November 22rd.
>>>>> https://www.owasp.org/index.php/November_22,_2013 You are welcome to
>>>>> dial in and lend advice and support!
>>>>>
>>>>> If you have any suggestions as to how we can make "aggressive game
>>>>> changing innovation" in an open, vendor-neutral and community based way,
>>>>> then bring it on!
>>>>>
>>>>> > How are we going to change the trajectory of software development?
>>>>>
>>>>>  Jeff, as one of the OWASP Top Ten leaders, you have a HUGE
>>>>> opportunity to effect the culture of software. I see the OWASP Top Ten in
>>>>> almost every dev shop I run into. So I ask you, is the OWASP Top Ten 2013
>>>>> an "aggressive pursuit and encouragement of game-changing innovation, not
>>>>> just technological but cultural"? I think that one of your biggest
>>>>> opportunities to see the change you want.
>>>>>
>>>>> Aloha,
>>>>> Jim
>>>>>
>>>>>
>>>>> > How are we going to change the trajectory of software development?
>>>>>  How to make appsec something every developer wants to know...aspirational?
>>>>> >
>>>>> > The strategies ought to include aggressive pursuit and encouragement
>>>>> of game-changing innovation, not just technological but cultural. Otherwise
>>>>> we will continue to slowly lose ground in the face of rapid tech expansion.
>>>>> >
>>>>> > --Jeff
>>>>> >
>>>>> >
>>>>> >> On Nov 8, 2013, at 4:25 PM, Colin Watson <colin.watson at owasp.org>
>>>>> wrote:
>>>>> >>
>>>>> >> I still quite like the "platform" and "quality" aspects.
>>>>> >>
>>>>> >> 1. The community (incl staff) efforts on updating design and the
>>>>> wiki
>>>>> >> has made a huge improvement. Contrary to the 2013 objective, the
>>>>> wiki
>>>>> >> stuff is improving from the bottom up, but I'm sure this will
>>>>> surface
>>>>> >> onto the home page soon.
>>>>> >>
>>>>> >> 2. I'd like to see some effort in enabling "self-service" for
>>>>> >> volunteers to take some of the load off the staff e.g. "how tos and
>>>>> >> FAQs" for project leaders.
>>>>> >>
>>>>> >> 3.  I also think we need to keep pushing the "open" aspect. Make it
>>>>> >> difficult for secret groups, cliques and closed-door activities to
>>>>> >> occur.
>>>>> >>
>>>>> >> Colin
>>>>> >>
>>>>> >>
>>>>> >>
>>>>> >>> On 8 November 2013 21:06, Jim Manico <jim.manico at owasp.org> wrote:
>>>>> >>> Right on, Josh! Bring it! :)
>>>>> >>>
>>>>> >>> Aloha,
>>>>> >>> --
>>>>> >>> Jim Manico
>>>>> >>> @Manicode
>>>>> >>> (808) 652-3805
>>>>> >>>
>>>>> >>> On Nov 8, 2013, at 4:02 PM, Josh Sokol <josh.sokol at owasp.org>
>>>>> wrote:
>>>>> >>>
>>>>> >>> I would like to add two strategic goals to this list:
>>>>> >>>
>>>>> >>> 1) Create policies and processes to support the chapters.
>>>>>  Encourage them to
>>>>> >>> innovate.  Create a framework to allow them to be financially
>>>>> >>> self-sufficient.
>>>>> >>>
>>>>> >>> 2) Investigate what it means to be an "OWASP member".  How do we
>>>>> justify
>>>>> >>> becoming a paid member?  What are the benefits that paid members
>>>>> receive
>>>>> >>> from their contributions?
>>>>> >>>
>>>>> >>> ~josh
>>>>> >>>
>>>>> >>>
>>>>> >>> On Fri, Nov 8, 2013 at 2:50 PM, Michael Coates <
>>>>> michael.coates at owasp.org>
>>>>> >>> wrote:
>>>>> >>>>
>>>>> >>>> Leaders,
>>>>> >>>>
>>>>> >>>> For the past 2 years we have set strategic goals at the board
>>>>> level. The
>>>>> >>>> purpose of these initiatives are to zero in on a few key elements
>>>>> where we
>>>>> >>>> wish to drive growth. These strategic goals are also used to
>>>>> prioritize and
>>>>> >>>> guide the operation team's tactcial goals and focus.
>>>>> >>>>
>>>>> >>>> As we're planning for 2014 I'd like to ask all of you for your
>>>>> thoughts
>>>>> >>>> and feedback on strategic goals for the OWASP foundation. Please
>>>>> note that
>>>>> >>>> these items are geared towards the owasp organization, not any
>>>>> specific
>>>>> >>>> project, conference, chapter etc. OWASP is building the platform
>>>>> for all of
>>>>> >>>> these wonderful things to occur. How should we specifically try
>>>>> and grow
>>>>> >>>> that platform in pursuit of our mission in 2014?
>>>>> >>>>
>>>>> >>>> The list of 2012 and 2013 strategic goals can be found here:
>>>>> >>>>
>>>>> https://docs.google.com/document/d/19BJMDMTVWlwqMcvUfDy1Mcjtd_bKGbhu-D-VBE-7kFU/edit
>>>>> >>>>
>>>>> >>>>
>>>>> >>>> Please reply to this thread with your thoughts, comments and
>>>>> ideas.
>>>>> >>>>
>>>>> >>>>
>>>>> >>>>
>>>>> >>>> Thanks!
>>>>> >>>>
>>>>> >>>> --
>>>>> >>>> Michael Coates | OWASP | @_mwc
>>>>> >>>>
>>>>> >>>>
>>>>> >>>> _______________________________________________
>>>>> >>>> OWASP-Leaders mailing list
>>>>> >>>> OWASP-Leaders at lists.owasp.org
>>>>> >>>> https://lists.owasp.org/mailman/listinfo/owasp-leaders
>>>>> >>>
>>>>> >>> _______________________________________________
>>>>> >>> OWASP-Leaders mailing list
>>>>> >>> OWASP-Leaders at lists.owasp.org
>>>>> >>> https://lists.owasp.org/mailman/listinfo/owasp-leaders
>>>>> >>>
>>>>> >>>
>>>>> >>> _______________________________________________
>>>>> >>> OWASP-Leaders mailing list
>>>>> >>> OWASP-Leaders at lists.owasp.org
>>>>> >>> https://lists.owasp.org/mailman/listinfo/owasp-leaders
>>>>> >> _______________________________________________
>>>>> >> OWASP-Leaders mailing list
>>>>> >> OWASP-Leaders at lists.owasp.org
>>>>> >> https://lists.owasp.org/mailman/listinfo/owasp-leaders
>>>>>
>>>>>
>>>>
>>>> _______________________________________________
>>>> OWASP-Leaders mailing list
>>>> OWASP-Leaders at lists.owasp.org
>>>> https://lists.owasp.org/mailman/listinfo/owasp-leaders
>>>>
>>>>    _______________________________________________
>>> OWASP-Leaders mailing list
>>> OWASP-Leaders at lists.owasp.org
>>> https://lists.owasp.org/mailman/listinfo/owasp-leaders
>>>
>>>
>> _______________________________________________
>> OWASP-Leaders mailing list
>> OWASP-Leaders at lists.owasp.org
>> https://lists.owasp.org/mailman/listinfo/owasp-leaders
>>
>>
>
> _______________________________________________
> OWASP-Leaders mailing listOWASP-Leaders at lists.owasp.orghttps://lists.owasp.org/mailman/listinfo/owasp-leaders
>
>
>
> _______________________________________________
> OWASP-Leaders mailing list
> OWASP-Leaders at lists.owasp.org
> https://lists.owasp.org/mailman/listinfo/owasp-leaders
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/owasp-leaders/attachments/20131113/945b4428/attachment-0001.html>


More information about the OWASP-Leaders mailing list