[Owasp-leaders] OWASP Wiki/Web redo reboot.

Matt Tesauro matt.tesauro at owasp.org
Fri Oct 28 16:50:19 UTC 2016


Thanks for the summary.  I'm adding my 2 cents below:

On Thu, Oct 27, 2016 at 4:34 PM, Larry Conklin <larry.conklin at owasp.org>

> To all:
> The web redo task force met today. In attendance was Kate, Tiffany L, Matt
> T, and myself. Please remember when you don’t give feedback or are not
> involved you are giving your approval to things getting done.
> A few things…
>    - Matt and Tiffany are gatherings information together. The Board
>    handed them this project at the last meeting at AppSecUSA DC.
> The board handed this to Kate Hartmann, Tiffany Long and myself during the
AppSec USA board meeting - just want to make sure Kate's name included
since she's definitely contributing to this effort.

>    - Discussion of RFPs. I suggested an RPF per task instead of one
>    all-encompassing RFP. More agile like. One vendor may not have the skill
>    set for everything.
> We are definitely looking at 1+ vendors.  I'd be happy if there was a
single vendor that had domain experience in the multiple domains covered in
this effort but I don't expect that to happen.  We are breaking the overall
effort into smaller 'activities' so that we can run things in parallel as
much as feasible.  The RFP's will go out and a vendor is welcome to bid on
1+ of those RFPs but each will be evaluated separately to ensure OWASP get
the right vendor for each piece over just getting one generalist.  That's
the current plan.

e.g. as a hypothetical, I'd choose one vendor to do the style/web front-end
work and a second to turn that work into a MediaWiki theme if I couldn't
find a single vendor I was confident had experience in both.  Vendor
selection will be based on getting the most out of OWASP's spend over
convenience for the staff in having to manage a single vendor.

>    - Budget is an unknown, Matt is looking at it and getting timelines to
>    show in-house effort and vendor led estimate effort.
> Yup.  We're gathering numbers for the next board meeting and, basically,
the amount of funding this effort gets will determine the speed at which
things happen since it will basically determine how much of this is
contracted vs done by staff/volunteers.

>    - Matt and Tiffany are looking for next Board meeting to discuss
>    money/ budget for this effort.
> +1

>    - Some discussion of making sure this meets future needs. I suggested
>    it’s a waste of time to predict future needs. Future will come but it won’t
>    be the future you planed on.
> I think Larry and I suffered from miscommunication on this.  One
perspective the staff are keeping in mind - call it an over-arching
requirement/criteria/whatever - is that any work we do on the website
reboot doesn't remove or impede the ability for OWASP to increase its
automation/integration later.  I see this as the difference between
selecting something with or without a REST API.  Selecting something
without an API removes the opportunity to automate that thing in future.
I'd select the thing with a REST API even though it may NEVER be automated
as priorities change.  However, it leaves open that option in future which
the non-API'ed choice would remove.

There's basically 3 islands of information currently at OWASP - all of them
are manually maintained - Salesforce, the wiki and Mailman.  To update a
chapter leader means touching all three systems.  That was OK when OWASP
was smaller.  However, if we want to continue to grow and remain
functional, we're going to have to make sure we have some amount of
future-proofing in our near-term decisions.  Staff has a larger goal of a
single source of truth for this kind of information and that's a high level
goal we will not consider violating on this or any other large effort.  We
have enough work to do getting to the one source of truth without building
new obstacles in front of that objective.

So while I have some thoughts on what the end game will look like and how
we'll get that done, we're not going to finalize those decisions until
we're working that sprint and have the results of the previous sprints and
current status of OWASP to make the best decision.

>    - Matt and Tiffany gave me the impression that RFPs and in-house
>    efforts estimate will be completed by next board meeting. That does not
>    mean feedback will be available by next board meeting but hopefully RPF
>    will have been sent out.
That's what we're shooting for - all the RFPs may not be formalized into
actual RFP documents but the work for each of the 'activities' in the
Website Reboot will be specified.  Some of the work has dependencies aka no
reason to start on the content organization sprint until production is
updated to the latest version of MediaWIki. By the board meeting we should
have what needs to get done and the rough order the work will happen.

>    -
>    - I suggested and asked Matt if we could get feedback from Wikipedia.
>    Mostly around keeping things organized if we keep the wiki. Matt also said
>    he has in-side contacts at Wikimedia we may be able to lean on.
> We will definitely be working with the MediaWiki Foundation on several
part of this as we get our wiki updated to what is should be.  At the very
least, MediaWiki themes, content organization (and workflows around
managing that) and MediaWiki internationalization need to be discussed with

>    -
>    - Task force does not have any other meetings planned. Matt??
> Absolutely, there are meetings planned but none yet scheduled.  Let us get
back the board meeting and have an understanding of how this is going to be
funded before we start talking about things in any more detail.  I'm trying
to avoid spending community effort on an activity where its unclear if it
will be contracted or done by staff + volunteers.

Once we have a critique-able plan with budget and timeline we will share
with the community for feedback and approval.


-- Matt Tesauro

> Larry
> _______________________________________________
> OWASP-Leaders mailing list
> OWASP-Leaders at lists.owasp.org
> https://lists.owasp.org/mailman/listinfo/owasp-leaders
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/owasp-leaders/attachments/20161028/7e594887/attachment.html>

More information about the OWASP-Leaders mailing list