[Owasp-leaders] Fwd: OWASP-SWAMP Strategic Partnership Call - Notes 7/8/14

Tom Brennan - OWASP tomb at owasp.org
Wed Jul 9 10:40:15 UTC 2014


Begin forwarded message:

> From: "Miller, Allyson" <AMiller at continuousassurance.org>
> Date: July 8, 2014 at 6:49:14 PM EDT
> To: Miron Livny <miron at cs.wisc.edu>, "Beyer, Patrick" <PBeyer at continuousassurance.org>, "Landrum, Irene" <ILandrum at continuousassurance.org>, Robin Lutchansky <robinl at lcomm.com>, "Bart Miller" <bart at cs.wisc.edu>, Josh Sokol <josh.sokol at owasp.org>, Jim Manico <jim.manico at owasp.org>, Kevin Greene <kevin.greene at hq.dhs.gov>, Fabio Cerullo <fcerullo at owasp.org>, Ken Prole <Ken.Prole at securedecisions.com>, Bev Corwin <bev.corwin at owasp.org>
> Cc: Tom Brennan <tomb at owasp.org>, Sarah Baso <sarah.baso at owasp.org>, "Johanna Curiel" <johanna.curiel at owasp.org>
> Subject: Re: OWASP-SWAMP Strategic Partnership Call - Notes 7/8/14
> Notes from today’s meeting, 7/8/14. Follow up items are highlighted. 
> Please forward these notes to anyone who was not on the call who may be interested or to those who were on the call but didn’t announce themselves.
> Attendees: Miron Livny, Pat Beyer, Irene Landrum, Ally Miller, Robin Lutchansky, Bart Miller, Kevin Greene, Josh Sokol, Jim Manico, Fabio Cerullo, Bev Corwin, Ken Prole (Apologies for leaving off anyone who didn’t announce themselves on the call or who didn’t log in to WebEx with their name.)
> Miron Livny
> We’d like to see how we can collaborate to create more secure software.
> “Do it early, and Do it often.”
> We’d like the OS community to leverage our services to not only offer a service but also to learn how to improve what we do from our users’ experiences.
> Josh Sokol
> Integrate the SWAMP into OWASP testing goals and project quality
> Focused on improving application security and spreading this message
> Johanna sent a technical summary of her questions/problems to the SWAMP group last week.
> There was a call on Thurs 7/3 with Johanna and the SWAMP. 
> The SWAMP group will be reviewing her packages/projects and report back to her hopefully by end of next week with resolutions or next steps.
> Issues were centered around dependencies and exporting code for projects Johanna didn’t develop.
> Would like to integrate OWASP tools into the SWAMP.
> Individual project leaders would be the right contacts to talk to regarding integrating their tools into the SWAMP. (Jason Johnson and Johanna have been involved.)
> Other collaborations and initiatives are open/possible
> Jim Manico
> Jenkins is being used.
> The quality review team would benefit from seamless uploading capabilities and could jump in to using the SWAMP with more gusto at that time. (Need to be able to integrate with source control/repositories like Git, SVN, etc.)
> Automatic upload functionality is on the SWAMP’s future roadmap.
> Individual project owners can work independently to upload and use the SWAMP in the meantime.
> For now, let’s work on pilots to use the SWAMP with a smaller number of apps.
> Aside from that, anything we else OWASP and the SWAMP can do to advance open source application security is great!
> The SWAMP is going to be the diamond sponsor at AppSec USA.
> Miron
> How can we keep this dialog going?
> Get the results/analysis from the initial pilot, make them available to the board, and check in at that time. Next checkpoint will be with the board and Johanna.
> Communicate with OWASP leaders and community contact list
> We’d like to continue the conversation with OWASP in the press and wider community regarding (continuous) software assurance.
> We are 100% on the same page - non–commercial, open source, Apache, etc.
> SWAMP Background
> The SWAMP is funded by a grant from the Department of Homeland Security, Science and Technology Directorate. The grant was given to 4 entities (Morgridge Institute for Research, University of Wisconsin-Madison, Indian University, and University of Illinois) who work together, with the Morgridge Institute hosting/leading the project. 
> The SWAMP is available to anyone (open-source, international), and contains curated/public packages. 
> Commercial vendors can also integrate with the SWAMP.
> What is the next steps for a strategic partnership?
> The SWAMP should prepare a 1 page document including the SWAMP’s motivation, objectives, and proposal for creating a strategic partnership with OWASP. The document should include:
> What is the proposal?
> How does it benefit OWASP?
> How does it benefit the SWAMP?
> FAQs
> Provide the SWAMP privacy whitepaper/press release to share with this document in addition to explicitly addressing privacy concerns in the document.
> The SWAMP would like to share and get feedback on an initial draft from a few folks at OWASP before sending. Jim Manico said he’d review the draft.
> Send this document to the OWASP board and Users & Community list (40,000 users) for discussion/input (not just a board vote).
> Include a final feedback deadline date so we can stick to a timeline to prepare for AppSec USA.
> Ally Miller
> Administrative Assistant
> Software Assurance Marketplace (SWAMP)
> Office: (608) 316-4266 | Cell: (608) 630-0936
> amiller at continuousassurance.org
> Morgridge Institute for Research
> 330 N. Orchard St. Madison, WI 53715
> morgridgeinstitute.org | continuousassurance.org
> From: AMiller at continuousassurance.org
> When: 2:00 PM - 3:00 PM July 8, 2014 
> Subject: OWASP-SWAMP Strategic Partnership Call
> Location: Rm. 2330 + WebEx: 1-650-479-3207, 193 763 460
> more details »
> OWASP-SWAMP Strategic Partnership Call
> When: Tuesday, July 08, 2014 2:00 PM-3:00 PM. (UTC-06:00) Central Time (US & Canada)
> Where: Rm. 2330 + WebEx: 1-650-479-3207, 193 763 460
> *~*~*~*~*~*~*~*~*~*
> Call to discuss the OWASP-SWAMP Strategic Partnership. Please forward this request on to others who may wish to attend.
> WebEx
> Phone #: 1-650-479-3207
> Meeting #: 193 763 460
> URL: https://meetings.webex.com/collabs/#/meetings/detail?uuid=MA34SCAAB29VNXDGMX84OJBWIC-26TN&rnd=233652.65770
> Documents to review prior to the call:
> SWAMP Roadmap/Vision Document: https://continuousassurance.org/wp-content/uploads/2013/10/SWAMP-VISION-10.28.13.pdf
> OWASP Government Bodies “Green Book”: https://www.owasp.org/images/d/de/OWASP_Green_Book-Governmental_Bodies.pdf
> Agenda for OWASP-SWAMP Strategic Partnership Call
> · Defining what the “strategic partnership” means and noting any exceptions/boundaries.
> · What we can do to help each other and how to do that.
> o SWAMP is planning a Press Release to formally announce the partnership during AppSec.
> o Other opportunities at AppSec
> • Co-hosting a party/event/meal?
> • Holding a press conference and panel discussion
> • OWASP to have a spot in SWAMP booth?
> • OWASP to participate in the press conference
> • OWASP to speak to selected editors/press, as needed
> • Should SWAMP have an in-booth presentation every hour or so?
> • Can we co-brand giveaway items to celebrate the partnership?
> o Co-brand a release or a communiqué targeted at OWASP members about using SWAMP
> o Work together on blog posts, whitepapers, and other marketing activities
> o Adding OWASP’s current software analysis tools (and ones still under development) to the SWAMP.
> o Collaborating on upcoming OWASP initiatives pertaining to continuous/software assurance
> • OSSAP (OWASP Software Security Assurance Process)
> • Any other OWASP initiatives SWAMP should be aware of?
> o What else is OWASP willing to do to promote SWAMP?
> o No hiring of each other’s employees
> · Other topics/open discussion
> o Demo/Webinar of the technical aspects of the SWAMP for the OWASP community, including points from Tom Brennan’s email.
> o Doing a survey of the SWAMP and OWASP fellowship about their experiences with continuous assurance (for a news release/story to pitch to the press)
> Ally Miller
> Administrative Assistant
> Software Assurance Marketplace (SWAMP)
> Office: (608) 316-4266 | Cell: (608) 630-0936
> amiller at continuousassurance.org
> Morgridge Institute for Research
> 330 N. Orchard St. Madison, WI 53715
> morgridgeinstitute.org | continuousassurance.org
> When	Tue Jul 8, 2014 2pm – 3pm Central Time
> Where	Rm. 2330 + WebEx: 1-650-479-3207, 193 763 460 (map)
> Calendar	Miron Livny
> Who	
> •	Miron Livny - organizer
> •	Miron Livny
> •	Landrum, Irene
> •	Beyer, Patrick
> •	Josh Sokol
> •	Sarah Baso
> •	Tom Brennan
> •	johanna curiel curiel
> •	Robin Lutchansky
> •	Kevin Greene
> •	Jim Manico
> •	Bart Miller
> Going?   Yes - Maybe - No    more options »
> Invitation from Google Calendar
> You are receiving this courtesy email at the account pbeyer at continuousassurance.org because you are an attendee of this event.
> To stop receiving future notifications for this event, decline this event. Alternatively you can sign up for a Google account at https://www.google.com/calendar/ and control your notification settings for your entire calendar.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/owasp-leaders/attachments/20140709/a4a6fc43/attachment-0001.html>

More information about the OWASP-Leaders mailing list