[Owasp-leaders] OWASP Talk Back/Town Hall Re: Website Changes

johanna curiel curiel johanna.curiel at owasp.org
Fri Jul 22 15:22:28 UTC 2016

Most of conclusions focuses in usability & Design users (UX) and not at all
in processes or gaps.

FYI: I did send information to Sooren but did not include any in the report
 . There was an attempt to  one time interview they set at 3AM my timezone,
so I could not make it including other volunteer, we are EST nor it was any
flexibility or effort to try another one. Since my opinion
was definitely not valued by this organisation doing the assessment,
I think the first mistake in this assessment is that they did not take the
time to identify the key contributors which are involved in the
process.Clearly my opinion did not count at all nor from others interviews
that were not finished as mentioned in the report.

An example

That report does not handle any details on the processes and gaps such as:

   - Process of Submission for obtaining funding
   - Process of Submission for starting a new project,
   - Follow up requests and approval for funding activities with project
   funds (status or requests)
   - How to request and follow up on an issue submitted through the contact
   form and no answered received
   - Requests for new mailing list
   - IT support request for mailing list when forgotten or wiki acocunt
   - The process of editing content: the need for multiple reviews and
   release process to a final document or getting rid off materials and
   outdated content

The final conclusion are in my view , nothing new and lacks analysis on the
process of content development and requests from the community and how this
should integrate properly with the community, chapter & project leaders

The report only concludes in 1/2 page(45) with a nice graphic: "*There is a
clear need to integrate all data source through one common platform for
better management, productivity and efficiency."*

Another conclusion with nothing new:

"*T**here is a clear need for project owners and the OWASP community to
define a better workflow and centralized documentation process that is
suitable for all and designate senior project*

*leaders to guide new users and reach to the community and developers for
volunteers and **project visibility.* In addition, standards for project
promotion should be in place and a review

board should be reestablished."

I think we already know this, so the need for assessment is *how* integrate
some of the processes and solve issues such as:

Projects requests, mailing list requests, wiki account requests & updating
wiki content (just the top of the iceberg here)

   - Submission of new projects through Salesforce: How does the actual
   process handles response time and denial or approval
   - process of reviewing submissions of new projects and how to integrate
   and automated process so submissions are not forgotten
   - Creation of new content in OWASP site: How to provide access and
   control acces so people don't publish unauthorised content which has
   happend in the past
   - Creation and editing of wiki content: How to properly create a process
   for review, labelling and tagging content: how to implement a proper
   process based on our needs, identify the needs
   - How to manage the content of project pages and how to automate or
   alert when these pages are outdated based on review needs
   - How to get rid-off properly of old content and what kind of process is
   needed(we do not have a proces just tagging content)

Keep in mind that the content on the wiki is *volunteer-driven*, therefore
a proper and transparent process should be designed first before even
before thinking about what technology can actually support properly the
content management. A lot of conclusions on the report goes into
what technology without analysing the process, gaps and needs.

On funding:

   - Submission for funding : the report does not handle how this process
   occurs, from submission to release of funding . This should be analysed as
   this is one of the biggest bottlenecks for many to obtain funds or even
   know hot to request funds properly
   - Integration with Salesforce: who manages and how are they managed
   and controlled ? how to create an efficient process so submissions are
   handled more efficiently
   - Proper management of requests from within Salesforce and management of
   cases:How to make this process more transparent for the community not just
   using a contact form which many do not understand is being used to handle
   all kind of requests and the need to analyse if the information or process
   aligns with our needs.

I feel many things are still unanswered and the report focuses only on UX.
I 'm quite disappointed of these results that concluded nothing new and
lets a lot answered regarding improving the process of editing content,
improving submissions of technical issues such as mailing list and
structuring content. We already know that the usability of the swaps site
needs to be improved but HOW is what we need to work on.

In the end we can sugarcoat the owasp site  but the cake(content) will be
the same if we don't get into how to fix the process which is where we
actually need assessment.

On Fri, Jul 22, 2016 at 9:43 AM, johanna curiel curiel <
johanna.curiel at owasp.org> wrote:

> Hi Colin,
> I personally think that this initiative had a better output if cit was
> driven by volunteers that are deeply involved with the wiki like Jim or
> others like you.
> Many interviews conducted were not with key contributors or people
> involved editing the wiki or people active with different projects.
> A lot of information is very superficial, I could have said the same, we
> already know many things mentioned here so what is new in this report?
> Nothing.
> Cheers
> Johanna
> On Fri, Jul 22, 2016 at 9:37 AM, johanna curiel curiel <
> johanna.curiel at owasp.org> wrote:
>> +Colin
>> >>Many of those agreed outputs don't seem to be in the report. For
>> example, there is very little about project workflow, or other tools. Or
>> assessment gaps.
>> Agree. As someone who has been involved with projects and editing the
>> wiki (not just my project/chapter pages), I think that the report is quite
>> superficial.
>> On Fri, Jul 22, 2016 at 9:26 AM, Colin Watson <colin.watson at owasp.org>
>> wrote:
>>> Tiffany
>>> I have had a chance to read the report now. The RFP (
>>> https://drive.google.com/a/owasp.org/folderview?id=0BxI4iTO_QojvaVJpa1YtNEcydTg&usp=sharing#
>>> ) was referenced by the the SOW (
>>> https://docs.google.com/document/d/1FP2jDYVU7IpKmxESdAgaM3Xv1Qpkf3729xoCrNjhxTs/edit
>>> ) which stated the following would be done:
>>> *The final report would consist of the following:*
>>>    1. *Overview of interview and survey results regarding
>>>    usability/accessibility and workflow inefficiencies *
>>>    2. *Key areas of strengths and weaknesses of existing applications
>>>    and how each meets the needs of OWASP *
>>>    - *Mediawiki*
>>>       - *SalesForce and integrated tools*
>>>       - *Eventbrite, Quickbooks, Paypal, Vertical Response, Survey
>>>       Monkey, Vimeo/Youtube, Citrix, Dropbox, Trello, Social media*
>>>       - *Server hosting *
>>>       - *Code Repository*
>>>       - *Discussion List Tools*
>>>    3. *Top-down priority list of assessment of gaps *
>>>    4. *Recommendations to fill weakness/gaps identified *
>>>    5. *Recommendation for suite of project hosting and lifecycle tools *
>>>    6. *Conclusion of findings *
>>> Many of those agreed outputs don't seem to be in the report. For
>>> example, there is very little about project workflow, or other tools. Or
>>> assessment gaps.
>>> When the RFP was published I considered submitting a response, but apart
>>> from being a volunteer already and thus the possible conflict of interest,
>>> some of these aspects were outside the areas I would have been comfortable
>>> with (e.g. employee processes/systems, Salesforce forms). However the Needs
>>> Assessment Report doesn't cover them either - or many website identified in
>>> the RFP aspects either (e.g. internationalisation, content structure,
>>> audiences, templates, etc). Now I wish I had submitted a response.
>>> Also, a the questions stated above for next week's Facebook and Twitter
>>> chats *only* relate to some simple aspects of the wiki. Most of the
>>> RFP's scope is missing.
>>> Worried, Colin
>>> On 19 July 2016 at 22:44, Tiffany Long <tiffany.long at owasp.org> wrote:
>>>> Hello Everyone,
>>>> We now have the results of the Needs Assessment done by Sooryen (
>>>> https://www.owasp.org/images/b/b2/OWASP_Needs_Assessment_Report.pdf).
>>>>  The main takeaways of the report were:
>>>>    - Clean up our navigation and content strategy to increase
>>>>    usability and search capability.
>>>>    - Create a cleaner front page and select landing pages (such as the
>>>>    main Projects Page) so that people coming to our site can clearly figure
>>>>    out their next steps.
>>>>    - Improve the wiki aspect of our site so that it is easier to use.
>>>>    - Better integrate back end systems and communication.
>>>>    - Create a distinction between business/organization information
>>>>    and App Sec information.
>>>> Now we need your opinions on the matter.  To that end we will be
>>>> hosting a Twitter and FB chat on July 25th where you can discuss your
>>>> thoughts with Ram Ganesan, Gin Cheng from Sooryen as well as myself. Please
>>>> share this information with your Chapters, Projects, Leaders, and fellow
>>>> Members.  It is vital that we have as much participation as possible in
>>>> this discussion.
>>>> The *Facebook* chat will be hosted from *2 am PDT/9 am GMT to 8 am
>>>> PDT/3 pm GMT* on our FB Page
>>>> <https://tracking.cirrusinsight.com/ffe97632-8093-43fd-874e-367d6297da7e/facebook-com-open-web-application-security-project-296236753839074>
>>>> The *Twitter* chat will be hosted form *8 am PDT/3 pm GMT to 9 am
>>>> PDT/4 pm GMT*.  The hashtag will be* #OWASPChat*
>>>> The Questions covered are:
>>>>    1.
>>>>    For the top level navigation, what do you think are the most
>>>>    relevant categories that should be included?
>>>>    2.
>>>>    What are your thoughts on segregating the business and security
>>>>    information?
>>>>    3.
>>>>    What are your thoughts on moving off of the MediaWiki platform?
>>>>    4.
>>>>    What search engine would you recommend (elasticsearch)?
>>>>    5.
>>>>    What are your thoughts on the redesigns?
>>>>    6.
>>>>    What communications platforms or methods do you think we should
>>>>    adopt to better communicate with the community?
>>>>    7.
>>>>    Do you feel positive about moving forward with the site make over
>>>>    and improvements?
>>>> Tiffany Long
>>>> Community Manager
>>>> _______________________________________________
>>>> OWASP-Leaders mailing list
>>>> OWASP-Leaders at lists.owasp.org
>>>> https://lists.owasp.org/mailman/listinfo/owasp-leaders
>>> _______________________________________________
>>> OWASP-Leaders mailing list
>>> OWASP-Leaders at lists.owasp.org
>>> https://lists.owasp.org/mailman/listinfo/owasp-leaders
>> --
>> Johanna Curiel
>> OWASP Volunteer
> --
> Johanna Curiel
> OWASP Volunteer

Johanna Curiel
OWASP Volunteer
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/owasp-leaders/attachments/20160722/0d87eeee/attachment-0001.html>

More information about the OWASP-Leaders mailing list