[Owasp-leaders] OWASP Community Manager News Flash – March 2015
noreen.whysel at owasp.org
Tue Mar 31 21:44:07 UTC 2015
*OWASP Community Manager News Flash – March 2015*
Greetings OWASP Community,
Goodbye, March. Hello, April. I realized as I am finalizing this email that
it may already be April for some of you when you get this newsletter. With
Springtime in the Northern Hemisphere and Autumn beginning in the Southern
Hemisphere, it is a time of change (for the better) and time to reflect on
your participation with OWASP activities.
Read on to find out how we can support positive changes, starting with our
2015 Strategic Goals, which focus on developing training, strengthening our
chapters and maturing our projects platforms. There are many ways for you
to get involved and I look forward to your participation.
*Announcing the 2015 Strategic Goals*
The 2015 Strategic Goals have been posted to the wiki. Thanks to all who
participated in our 2015 Strategic Goals Survey. You will notice that each
of these goals require the participation of the entire OWASP Community. We
hope you will help out where you are able and interested.
1. Build a scalable OWASP training program that spreads security training
around the world (contact Andrew van der Stock at vanderaj at owasp.org to
2. Strengthen OWASP chapters and increase Chapter’s abilities to spread
message of OWASP through locally organized and run events. (contact
Matt.Konda at owasp.org, Josh.Sokol at owasp.org orNoreen.Whysel at owasp.org to
3. Mature the OWASP Projects Platform: Provide the OWASP projects community
a mature project platform to encourage senior developers to participate in
the various and many OWASP projects. (contact Johanna.Curiel at owasp.org to
View metrics, board sponsors and foundation support for each goal at:
*Latest News – Updating the Chapter Leader Handbook*
I have been working on updating the Chapter Leader Handbook and invite our
community to participate in discussions around what is working and what is
not working, what needs changing and what should be kept as is.
If you would like to participate, please visit the Chapter Leader Handbook
I have started adding comments and suggested changes to the Talk pages of
each chapter. To add your comments, you will need to login to the wiki,
click the "Discussion" tab at the top left of the page, and it will open an
edit form where you can make suggestions, challenge suggested changes or
suggest clarifications and additional content. I can copy comments or
concerns reported via the mailing lists to the discussion page as well.
This way comments can be tracked and addressed directly in the wiki.
It would be helpful if you sign you name to any suggestions or comments you
make. The MediaWiki platform makes this very easy: simply type four tildes
in a row (~~~~) and click Save. This will automatically save your name and
a timestamp so we can address specific comments.
At this time do not make any edits to the Chapter Leader Handbook pages.
Unauthorized edits will be reverted to the current version.
If you have any questions, please feel free to reach out to me.
*Refresher on the Mandatory Chapter Rules*
We recommend that everyone take a refresher view at Chapter 2: Mandatory
Chapter Rules, which contains the minimum requirements for OWASP chapter
leaders. One of the areas which could see improvement is in announcing
upcoming chapter meetings. The rules state that you must post upcoming
meetings to the wiki and to the mailing list. Not all chapters do this
consistently. Some simply point to an external forum such as Facebook or
Meetup. This is not sufficient since the wiki posting and mailing lists are
intended to keep the broader OWASP community informed in addition to your
Think of this from the perspective so someone new to your chapter. If the
most recent meeting on your wiki site is from 2011, or the only way to
learn about meetings is via joining an external social media site, your
visitors may seek a different group. Meeting listings on the wiki and
mailing list are indicators that a chapter is active and affiliated with
the global OWASP Foundation. Also, we occasionally hear from security
minded folks (wouldn't you know?) who do not want to join yet another
social media group just to find out when a meeting will be held. OWASP's
first rule is "free and open" and the best way to keep it that way is to
post all announcements to the wiki.
Finally, we receive multiple requests each week from people who want to
"restart" a chapter that appears to be inactive. Failing to comply with
this rule risks having your chapter labeled "inactive" and possibly handed
over to someone new.
*OWASP On the Move - Recent Chapter Activity*
We are just a week away from the launch of LATAM 2015. We now have 10
countries participating! Registration is open for the following dates and
Santiago, Chile: April, 8th-9th 2015
Patagonia, Argentina: April, 10th-11th 2015
Bucaramanga, Colombia: April, 14th 2015
Montevideo, Uruguay: April, 15th-16th 2015
Lima, Peru: April, 17th-18th 2015
Santa Cruz, Bolivia: April 17th -18th 2015
San Jose, Costa Rica: April, 21st 2015
Guatemala, Guatemala: April, 21st-22nd 2015
Buenos Aires, Argentina: April, 24th 2015
Caracas, Venezuela: April, 23rd 2015
Visit https://www.owasp.org/index.php/LatamTour2015 for details.
Also Mark Miller interviewed the organizing team for AppSecEU 2015 You can
find the audio file here: 2015 AppSecEU Pre Conference Update [AUDIO]
AppSecEU is May 19-22, 2015 in Amsterdam.
We have a group who are working on launching an AppSec Africa event. If you
are interested, you can follow the discussion on the owasp-leaders mailing
list (see link below) or visit the draft event page and add your name to
the Team tab.
The New York City chapter successfully held a (mini)Project Summit at HACKNYC
2015 at the Pennsylvania Hotel, with teams working onOWASP Mobile Security
Project, WIASP Incident Response Project, ASVS and Open SAMM. Community
Manager, Noreen Whysel, was also on hand to teach attendees about OWASP and
Application Security on Wikipedia.
This month, we launched new chapters in Bihar State, India; Stockholm,
Sweden;a and Southern New Hampshire, USA. We are also in the process of
setting up a student chapter at Lovely Professional University in Phagwara
India. For information or to join these communities, please visit their
chapter wiki pages:
*TIP: Updating Chapter Leader Information*
We realize that commitments change and your chapter may need to name a new
leader. Please update your wiki pages and mailing lists with any new leader
contact information and submit a request for a new owasp.org email account,
Ideally, chapter leader changes should be reported by the current leader or
a member of the leadership team. If we receive a request directly from
someone who intends to become a new leader, we will always contact the
listed leader for verification. If a chapter is inactive and a new leader
would like to take over, we favor those who have demonstrated experience
with OWASP and/or application security and may reach out to the existing
chapter members for discussion. Since the leader has responsibility for any
funding allocated to that chapter, it is in everyone's interest that all
chapter members be involved in any leadership changes.
Leader turnover is not something where we have hard and fast rules. For the
most part we encourage the chapters to initiate any leadership changes
internally, and provide assistance in case of a dispute. Leadership is
covered in the Chapter Leader Handbook in Chapter 5: Governance. Again, we
would love to hear your thoughts about chapter governance on the wiki
Since launching our new Academic Supporter application, we have begun to
receive interest from universities in becoming supporters. This month, we
welcomed the Rajsthan Institute of Engineering of Technology in Jaipur,
India and the University of Vienna, Austria. If you are affiliated with
either of these institutions or know people in the program, feel free to
reach out to say thanks and to work on developing collaborations.
Thanks to everyone who has passed along the new Academic Supporter
application form. Do let your local universities know that this opportunity
exists by pointing them to the program:
2015 Strategic Goals:
Chapter Leader Handbook:
AppSec Africa Planning Discussion:
AppSecEU Pre-Conference Update:
Academic Supporter Information and Application
Feel free to contact me at any time if you have a question or suggestion.
To create a trackable case, please use the contact us form at
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the OWASP-Leaders