[Owasp_technical_project_advisors] Meeting Minutes and Action Items

Samantha Groves samantha.groves at owasp.org
Wed Aug 7 01:42:58 UTC 2013


Hello Advisors,

Thank you so much for joining today's call. I think we had some excellent
discussions that helped us get some ideas flowing within the group. Below,
you will find a brief outline of our meeting minutes along with the action
items for our next call, and call in details for our next meeting.

*Meeting Minutes: Advisor's 2nd Meeting - August 6th, 2013*

*Attendees*
*
*
Samantha Groves
Ly Vandy
Christopher Bush
Chuck Cooper
Joshua Clements

*Agenda*

*- Pending Items: Wiki account access, other technical issues.*

*- Project Summit Participation*
  - AppSec USA Conference <http://appsecusa.org/2013/>: November 18th - 21st
  - Location: Times Square, New York
  - Question: Will you be able to come for an in-person Advisor's working
session during the conference? We will be working along side a handfull of
Flagship Project Leaders. Let me know so I can propose this to the Local
Event Managers.

*- Discussion: Assessment Criteria Questions, Comments, Suggestions, and
Next Steps.*
 - Notes via Joshua. Thank you Joshua for sharing your notes with the
group. They are incredibly helpful.
----------------------------------
>From ???
- Can we make suggestions for requirements for projects?  Yes
- Is there an MVP for the project?
- better description of the project
- what's the concern that the project is addressing
- What's the MVP


>From Chris --
- share examples of a good project
- define success criteria of a flagship project?
- how do we summarize the guidelines for a successful project
- a roadmap?
- Have a mentor for incubator projects
- from a well-run project
- have a list ready to go so that an incubator project can request leads
from other projects
- would need to have a process around this
- define the list
- defi
- missing details on what a successful OAuth project is

>From ???
- for documentation project -- does it need to be possible to convert to
OWASP book
- no -- because some documentation projects are videos
- yes -- if the documentation project is a document only

>From Samantha
- Goals of the team???
- Samantha will send over the database of projects -- just a spreadsheet
* - Current goal of team is to handle the acceptance process*
- There's a process in place to see if the project has been updated in at
least 6 months
- previously, reviewers have QUIT because the review process is just too
much work
- need to be able to review and then stop on a project, not continue to
review over and over
- need to not have to review future deliverables on a project
- the project handbook has assessment results sheet available somewhere --
I didn't see it
----------------------------------

*Action Items: Taken from Joshua's Notes and Modified to show additions*
*
*
- Samantha to send over more information on AspectUSA conference: AppSec
USA Website <http://appsecusa.org/2013/>

- Samantha to send out some assessment results.
  - Example 1: OWASP
ZAP<https://www.owasp.org/index.php/OWASP_Zed_Attack_Proxy_Project#tab=Project_About>:
Deliverable release 1.3.0
Assessment<https://www.owasp.org/index.php/Projects/OWASP_Zed_Attack_Proxy_Project/Releases/ZAP_1.3.0/Assessment>
  - Example 2: OWASP Codes of Conduct for Government
Bodies<https://www.owasp.org/index.php/OWASP_Codes_of_Conduct#tab=Government_Bodies>:
Green Book V1.1
Assessment<https://www.owasp.org/index.php/Projects/OWASP_Codes_of_Conduct/Releases/The_OWASP_%22Green_Book%22_v1.1/Assessment>
  - Example 3: OWASP Codes of Conduct for Standards
Groups<https://www.owasp.org/index.php/OWASP_Codes_of_Conduct#tab=Standards_Groups>:
Yellow Book V1.1
Assessment<https://www.owasp.org/index.php/Projects/OWASP_Codes_of_Conduct/Releases/The_OWASP_%22Yellow_Book%22_v1.1/Assessment>
  - Primary concerns: While the reviews did occur, they are random and
there is very little rigour to them. Currently, anyone in the OWASP
Community can review a project, but not everyone should be. These
particular assessments where conducted by trusted OWASP Members, but even
they only answered "yes" and "no" to several of the questions. I feel if we
are going to increase the quality of our projects, there must be more
rigour in our assessments, and there must be more information in each
reviewers responses. Why did they say yes, for example.

- Samantha to send out "next steps" that occurred after assessment.
   - After Assessment, the project leader can publicly state that their
release has been officially reviewed by OWASP. The issue is that our review
criteria lacks rigour, our reviewers are random, and there is nothing
stopping one Leader's mate to say yes to all of our criteria questions
thereby passing his mate's assessment. This has occurred in the past which
means we have many projects with official OWASP reviewed releases that are
of very poor quality, as some of you noted on today's call. This, as you
can imagine, decreases our brand value over time.

- Samantha to send over database of projects: Project Inventory
Link<https://docs.google.com/spreadsheet/ccc?key=0AllOCxlYdf1AdHBGbDhXQko4akJoVnMtMUpvZnJucVE&usp=sharing>

- Advisors to review current project inventor.

- Advisors to develop a list of successful/Flagship project's Best
Practices, and be ready to share and discuss the list on our next meeting.

- Ly's Assessment Criteria
spreadsheet<https://docs.google.com/spreadsheet/ccc?key=0AllOCxlYdf1AdHliVUlMYVdPRWpqajF1bGtnSGtWckE&usp=sharing>:
I have created a new version of Ly's spreadsheet. Let's use this as the
Master document. Please place your changes, notes, comments, additions, etc
on this document. When you add or delete something, please make sure to
create a comment on the section with your name on it so we know you have
edited something.

*Next Meeting: Tuesday, August 27th - 3pm MST*

*Meeting Details*

1.  Please join my meeting, 27 Aug 2013 at 15:00 MST.
https://www3.gotomeeting.com/join/590731190

2.  Use your microphone and speakers (VoIP) - a headset is recommended. Or,
call in using your telephone.

United States: +1 (626) 521-0017
United States (toll-free): 1 877 309 2070
Access Code: 590-731-190
Audio PIN: Shown after joining the meeting

Meeting ID: 590-731-190

GoToMeeting®
Online Meetings Made Easy™

Not at your computer? Click the link to join this meeting from your
iPhone®, iPad® or Android® device via the GoToMeeting app.

*Thank you*

Please do reach out to me if you have questions about any of the items
above. I know it can be a bit overwhelming working with OWASP as there is
quite a bit of information and history to take in, at first. People usually
describe it as drinking out of a fire hose. :) Please do let me know if
there is any other direction I can provide, or any other information you
need. Again, thank you so much for your time and work on this project.

Have a great rest of the week, Advisors.

Samantha Groves

-- 

*Samantha Groves, MBA*****

*OWASP Projects Manager*

*
*

The OWASP Foundation

Arizona, USA

Email: samantha.groves at owasp.org

Skype: samanthahz


OWASP Global Projects<https://www.owasp.org/index.php/Category:OWASP_Project>

Book a Meeting with Me <http://goo.gl/mZXdZ>

OWASP Contact US Form <http://owasp4.owasp.org/contactus.html>

New Project Application
Form<https://docs.google.com/a/owasp.org/spreadsheet/viewform?formkey=dHZfWGhHZ0Z4UFFwZU42djBXcVVLSlE6MQ#gid=0>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/owasp_technical_project_advisors/attachments/20130806/45d03df5/attachment-0001.html>


More information about the Owasp_technical_project_advisors mailing list