[Owasp-leaders] Scheduling SWAMP/OWASP Call Regarding Partnership - week of 7/7

Jim Manico jim.manico at owasp.org
Thu Jul 3 02:48:12 UTC 2014


Tom,

The requirements from SWAMP to have a custom "make" file for every
project prohibit us from participation at this juncture for project
review per my understanding. Johanna said she is not likely to use
SWAMP for our quality review automation for that reason and she
intends to continue with our project server build.

It's 100% Johannas call, because she is in charge of project review,
not the board. :)

But like you stated, perhaps there are other ways we can participate
in the SWAMP that are in alignment with our mutual goals?

With respect,
--
Jim Manico
@Manicode
(808) 652-3805

> On Jul 3, 2014, at 10:42 AM, Tom Brennan <tomb at owasp.org> wrote:
>
> Thank you for this Allyson,
>
> cc: to a few others leaders on the OWASP side to get a heads up on the
> proposed agenda and raise their hand or contact you directly if they
> want to get involved or add items to it to the DHS SWAMP project.
> Depending on the response it may make sense for you to host a webex to
> allow more attendance of interested parties.  I'm available on either
> day currently proposed, send a invite I will join as one of the many
> volunteers if possible.
>
> There are a LOT of items on this list all good BTW. With my OWASP Hat
> on everyone welcomes the opportunity to work together with the US
> Government to help the OWASP Mission of "Raising Software Security
> Awareness" -- is this .PDF still the CURRENT roadmap of the project?
>
> http://www.dhs.gov/sites/default/files/publications/csd-day-3-02-tta14-swamp-livny.pdf
> it was linked to from this page: http://www.dhs.gov/csd-swamp.  It
> would appear that you are in a important phase of the project reaching
> out to a professional association like OWASP.
>
> I would recommend Allyson that your team and project sponsors review
> the OWASP Goverment Bodies green-book that is on the home page of
> www.owasp.org (right side navigation)
> https://www.owasp.org/images/d/de/OWASP_Green_Book-Governmental_Bodies.pdf
> and we add that to the agenda for alignment of principals and goals.
> As you know OWASP is global and not just based in the USA so best to
> be as transparent as possible as we start these discussions; then
> enable folks to join tasks forces if they want to help out.
>
> Personally as previously expressed, I really like the DHS, Software
> Assurance Market Place (SWAMP) for what it could do for all OWASP
> open-source code projects (for those that you can support) raising the
> quality level.  I am sure the project leaders and attendees of
> APPSECUSA 2014 would be really interested in the GRANT MONEY that you
> have budgeted for 2015 and the process to respond to the solicitation
> of what SWAMP is looking to fund as a OWASP open-source project in its
> final deliverable.
>
> ** For anyone reading this asking what is SWAMP and how can it help
> your open-source project TODAY check out
> https://continuousassurance.org/
>
> Although I do not foresee anything on your agenda needed a "VOTE" by
> the board of directors -- as all of these things our staff can handle
> today, FYI we do have a meeting coming up on July 9th see:
> https://www.owasp.org/index.php/Board#tab=Agenda_for_2014_Meetings
> should it be needed. Your team is WELCOMED to attend it as is everyone
> in the community to add new business.
>
> Tom Brennan
> Vice Chairman, OWASP Foundation
> 973-202-0122
>
>
>
>
>
> On Wed, Jul 2, 2014 at 10:59 AM, Miller, Allyson
> <AMiller at continuousassurance.org> wrote:
>> Hi Tom, Sarah, and Josh,
>>
>> What times would you and any others from the OWASP team be available for a
>> call during the week of 7/7? Based on the agenda below that I sent out on
>> Friday, I’d be happy to coordinate a meeting time with others, if needed.
>>
>> Since Johanna was going to be out of the office during the week of 7/7, I
>> scheduled a call with her and the SWAMP team to discuss any lingering
>> technical issues and questions that have come up since our last call with
>> her. However, I did want to wait to discuss the agenda items below until the
>> week of 7/7 once we have more people on the phone. Let me know if you have
>> any questions/concerns/updates to the agenda below, and I look forward to
>> receiving some meeting times from you.
>>
>> Thanks!
>>
>> Ally Miller
>> Administrative Assistant
>> Software Assurance Marketplace (SWAMP)
>> Office: (608) 316-4266 | Cell: (608) 630-0936
>> amiller at continuousassurance.org
>>
>> Morgridge Institute for Research
>> 330 N. Orchard St. Madison, WI 53715
>> morgridgeinstitute.org | continuousassurance.org
>>
>>
>>
>> Hi everyone,
>>
>> Here is the proposed agenda for the partnership call during the week of 7/7.
>> If you have any questions/concerns/additions to the below, just let me know.
>> Also, please send me your availabilities ASAP once you know who all will
>> attend. (Note, since Johanna will be out the week of 7/7, I’m scheduling a
>> quick call with her separately next week.)
>>
>>
>> Agenda for OWASP-SWAMP Strategic Partnership Call
>>
>>
>>
>> ·      Defining what the “strategic partnership” means and noting any
>> exceptions/boundaries.
>>
>> ·      What we can do to help each other and how to do that.
>>
>> o   SWAMP is planning a Press Release to formally announce the partnership
>> during AppSec.
>>
>> o   Other opportunities at AppSec
>>
>> §  Co-hosting a party/event/meal?
>>
>> §  Holding a press conference and panel discussion
>>
>> §  OWASP to have a spot in SWAMP booth?
>>
>> §  OWASP to participate in the press conference
>>
>> §  OWASP to speak to selected editors/press, as needed
>>
>> §  Should SWAMP have an in-booth presentation every hour or so?
>>
>> §  Can we co-brand giveaway items to celebrate the partnership?
>>
>> o   Co-brand a release or a communiqué targeted at OWASP members about using
>> SWAMP
>>
>> o   Work together on blog posts, whitepapers, and other marketing activities
>>
>> o   Adding OWASP’s current software analysis tools (and ones still under
>> development) to the SWAMP.
>>
>> o   Collaborating on upcoming OWASP initiatives pertaining to
>> continuous/software assurance
>>
>> §  OSSAP (OWASP Software Security Assurance Process)
>>
>> §  Any other OWASP initiatives SWAMP should be aware of?
>>
>> o   What else is OWASP willing to do to promote SWAMP?
>>
>> o   No hiring of each other’s employees
>>
>> ·      Other topics/open discussion
>>
>> o   Demo/Webinar of the technical aspects of the SWAMP for the OWASP
>> community, including points from Tom Brennan’s email.
>>
>> o   Doing a survey of the SWAMP and OWASP fellowship about their experiences
>> with continuous assurance (for a news release/story to pitch to the press)
>>
>>
>>
>> Thanks, and have a great weekend!
>>
>> Ally Miller
>> Administrative Assistant
>> Software Assurance Marketplace (SWAMP)
>> Office: (608) 316-4266 | Cell: (608) 630-0936
>> amiller at continuousassurance.org
>>
>> Morgridge Institute for Research
>> 330 N. Orchard St. Madison, WI 53715
>> morgridgeinstitute.org | continuousassurance.org
>>
>>
>>
>> What's the agenda we can rally interested parties.
>>
>> Tom Brennan
>> 973-202-0122
>>
>> On Jun 26, 2014, at 9:42 AM, "Miller, Allyson"
>> <AMiller at continuousassurance.org> wrote:
>>
>> Hi OWASP folks,
>>
>> I’d like to schedule a call with your team and a few of us from the SWAMP,
>> including Kevin Greene, regarding the formation of our strategic
>> partnership. Could you send me your availabilities? Due to APPSEC Europe and
>> the upcoming 4th of July holiday, we’d like to schedule a call during the
>> week of 7/7. Would some time on Tuesday, July 8 work?
>>
>> Thanks!
>>
>> Ally Miller
>> Administrative Assistant
>> Software Assurance Marketplace (SWAMP)
>> Office: (608) 316-4266 | Cell: (608) 630-0936
>> amiller at continuousassurance.org
>>
>> Morgridge Institute for Research
>> 330 N. Orchard St. Madison, WI 53715
>> morgridgeinstitute.org | continuousassurance.org
>>
>>


More information about the OWASP-Leaders mailing list