[Owasp-leaders] OWASP Website Project

Matt Tesauro matt.tesauro at owasp.org
Thu Mar 2 04:50:47 UTC 2017


Larry,

Answering inline:

On Wed, Mar 1, 2017 at 11:19 AM, Larry Conklin <larry.conklin at owasp.org>
wrote:

> I thought we already had this. It was with third party report that we went
> over in the last APPSecUSA. I have asked for more clarification from Tom B
> on why we are hitting roadblocks in Operations.
>
> Matt, What are you road blocks?
>

Already answered in my reply to Tom B but to be thorough:
The project is progressing and was only blocked because the board has not,
yet, approved a budget for 2017.

Please see the Ops Blog for December
<https://owasp.blogspot.com/2016/12/owasp-operations-update-for-december.html>
:

"Waiting for 2017 Budget to get approved by the Board"

And the updates in the Ops Blog post for January
<https://owasp.blogspot.com/2017/01/owasp-operations-update-for-january-2017.html>
:

*Blocked*: waiting for the 2017 Budget to get approved by the OWASP Board

And the updates in the Ops Blog post for February
<https://owasp.blogspot.com/2017/02/owasp-operations-update-for-february.html>
:

*Blocked*: waiting for the 2017 Budget to get approved by the OWASP Board


Even with the lack of budget clarity and the unexpected ending of
Rackspace's hosting donation (also in the Feb Ops Blog), there has been
progress made on the Website Reboot.  I'll be posting this Friday a March
Ops Blog in preparation for next weeks Board meeting where further updates
will be documented.


>
> Is it money? and or Time. I believe to get responses to RFP's you don't
> need to have an exact budget amount.
>

It is not about getting an exact budget amount its about getting an budget
amount i can be confident in.  During the board meeting at AppSec USA, two
board members disagreed about the budget amount for this project and
differed by a factor of 10x - one told me $150k and another said $15k.  I
have been waiting for a firm agreement on what is budgeted for this effort
since then.

You don't want quotes based on our budget. You want good quotes based on
> what the vendor thinks his time and effort will cost OWASP.
>

I completely agree with you but I don't want to engage a vendor when I'm
not sure if I even have a reasonably firm and appropriate budget
allocated.  I'm not going to prepare RFPs for things that may not happen
when there's plenty to do already.

After the February board meeting, I met with Tom Pappas and discussed the
budget he and Andrew van der Stock have worked on for 2017.  After that
meeting where my budget requests for the Website Reboot (and others) were
compared with the working 2017 budget, I have confidence that, baring a
radical change in the proposed 2017 budget, I can safely begin on the next
phases outlined for the project in the Ops Blog.

Cheers!

Matt Tesauro


>
> Larry
>
> On Wed, Mar 1, 2017 at 11:47 AM, Bev Corwin <bev.corwin at owasp.org> wrote:
>
>> Hi Tom and Dinis, Yes, I agree that the community should help and support
>> this effort to avoid bottlenecks and brick walls. Could an Advisory
>> Committee be created for this purpose? Best wishes, Bev
>>
>> On Wed, Mar 1, 2017 at 9:05 AM, Tom Brennan - OWASP <tomb at owasp.org>
>> wrote:
>>
>>> Dinis,
>>>
>>> Not sure of how things are getting added to the agenda or focus areas
>>> for the Summit.  But for operational items core to the OWASP mission like
>>> the OWASP Website Project, I wonder if it is appropriate to carve out time
>>> for that discussion.
>>>
>>> The project has hit a wall after being handed off to operations and it
>>> may need some community push to underscore it as a priority.
>>>
>>> See history: https://www.owasp.org/index.php/OWASP_Initiatives_G
>>> lobal_Strategic_Focus/website_project
>>>
>>> _______________________________________________
>>> OWASP-Leaders mailing list
>>> OWASP-Leaders at lists.owasp.org
>>> https://lists.owasp.org/mailman/listinfo/owasp-leaders
>>>
>>>
>>
>> _______________________________________________
>> OWASP-Leaders mailing list
>> OWASP-Leaders at lists.owasp.org
>> https://lists.owasp.org/mailman/listinfo/owasp-leaders
>>
>>
>
> _______________________________________________
> OWASP-Leaders mailing list
> OWASP-Leaders at lists.owasp.org
> https://lists.owasp.org/mailman/listinfo/owasp-leaders
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/owasp-leaders/attachments/20170301/d1293406/attachment.html>


More information about the OWASP-Leaders mailing list