[Owasp_technical_project_advisors] Meeting Minutes and Action Items
samantha.groves at owasp.org
Wed Aug 7 16:29:23 UTC 2013
I am not sure what you mean by the projects we will be reviewing. We will
not be reviewing them "officially" at all at this point. Can you clarify?
Additionally, can you clarify what you mean by splitting the projects?
Apologise for asking for clarification. I just need to get a bit more
context before I can give you the correct answer.
Thank you Johanna.
On Tue, Aug 6, 2013 at 7:24 PM, Johanna Curiel <johanna.curiel at owasp.org>wrote:
> Hi Advisors, Samantha
> did you have the opportunity to discuss how do we split the projects we
> will reviewing?
> I think is a good idea that we split and phase the projects we will
> review. Do you have at the moment a implementation on how we will do this?
> I'm trying to go one by one on the status of the lab projects and I'm
> busy creating a report on the status and my analysis approach of these ones
> best regards
> On Aug 6, 2013, at 9:42 PM, Samantha Groves <samantha.groves at owasp.org>
> Hello Advisors,
> Thank you so much for joining today's call. I think we had some excellent
> discussions that helped us get some ideas flowing within the group. Below,
> you will find a brief outline of our meeting minutes along with the action
> items for our next call, and call in details for our next meeting.
> *Meeting Minutes: Advisor's 2nd Meeting - August 6th, 2013*
> Samantha Groves
> Ly Vandy
> Christopher Bush
> Chuck Cooper
> Joshua Clements
> *- Pending Items: Wiki account access, other technical issues.*
> *- Project Summit Participation*
> - AppSec USA Conference <http://appsecusa.org/2013/>: November 18th -
> - Location: Times Square, New York
> - Question: Will you be able to come for an in-person Advisor's working
> session during the conference? We will be working along side a handfull of
> Flagship Project Leaders. Let me know so I can propose this to the Local
> Event Managers.
> *- Discussion: Assessment Criteria Questions, Comments, Suggestions, and
> Next Steps.*
> - Notes via Joshua. Thank you Joshua for sharing your notes with the
> group. They are incredibly helpful.
> From ???
> - Can we make suggestions for requirements for projects? Yes
> - Is there an MVP for the project?
> - better description of the project
> - what's the concern that the project is addressing
> - What's the MVP
> From Chris --
> - share examples of a good project
> - define success criteria of a flagship project?
> - how do we summarize the guidelines for a successful project
> - a roadmap?
> - Have a mentor for incubator projects
> - from a well-run project
> - have a list ready to go so that an incubator project can request leads
> from other projects
> - would need to have a process around this
> - define the list
> - defi
> - missing details on what a successful OAuth project is
> From ???
> - for documentation project -- does it need to be possible to convert to
> OWASP book
> - no -- because some documentation projects are videos
> - yes -- if the documentation project is a document only
> From Samantha
> - Goals of the team???
> - Samantha will send over the database of projects -- just a spreadsheet
> * - Current goal of team is to handle the acceptance process*
> - There's a process in place to see if the project has been updated in
> at least 6 months
> - previously, reviewers have QUIT because the review process is just too
> much work
> - need to be able to review and then stop on a project, not continue to
> review over and over
> - need to not have to review future deliverables on a project
> - the project handbook has assessment results sheet available somewhere --
> I didn't see it
> *Action Items: Taken from Joshua's Notes and Modified to show additions*
> - Samantha to send over more information on AspectUSA conference: AppSec
> USA Website <http://appsecusa.org/2013/>
> - Samantha to send out some assessment results.
> - Example 1: OWASP ZAP<https://www.owasp.org/index.php/OWASP_Zed_Attack_Proxy_Project#tab=Project_About>:
> Deliverable release 1.3.0 Assessment<https://www.owasp.org/index.php/Projects/OWASP_Zed_Attack_Proxy_Project/Releases/ZAP_1.3.0/Assessment>
> - Example 2: OWASP Codes of Conduct for Government Bodies<https://www.owasp.org/index.php/OWASP_Codes_of_Conduct#tab=Government_Bodies>:
> Green Book V1.1 Assessment<https://www.owasp.org/index.php/Projects/OWASP_Codes_of_Conduct/Releases/The_OWASP_%22Green_Book%22_v1.1/Assessment>
> - Example 3: OWASP Codes of Conduct for Standards Groups<https://www.owasp.org/index.php/OWASP_Codes_of_Conduct#tab=Standards_Groups>:
> Yellow Book V1.1 Assessment<https://www.owasp.org/index.php/Projects/OWASP_Codes_of_Conduct/Releases/The_OWASP_%22Yellow_Book%22_v1.1/Assessment>
> - Primary concerns: While the reviews did occur, they are random and
> there is very little rigour to them. Currently, anyone in the OWASP
> Community can review a project, but not everyone should be. These
> particular assessments where conducted by trusted OWASP Members, but even
> they only answered "yes" and "no" to several of the questions. I feel if we
> are going to increase the quality of our projects, there must be more
> rigour in our assessments, and there must be more information in each
> reviewers responses. Why did they say yes, for example.
> - Samantha to send out "next steps" that occurred after assessment.
> - After Assessment, the project leader can publicly state that their
> release has been officially reviewed by OWASP. The issue is that our review
> criteria lacks rigour, our reviewers are random, and there is nothing
> stopping one Leader's mate to say yes to all of our criteria questions
> thereby passing his mate's assessment. This has occurred in the past which
> means we have many projects with official OWASP reviewed releases that are
> of very poor quality, as some of you noted on today's call. This, as you
> can imagine, decreases our brand value over time.
> - Samantha to send over database of projects: Project Inventory Link<https://docs.google.com/spreadsheet/ccc?key=0AllOCxlYdf1AdHBGbDhXQko4akJoVnMtMUpvZnJucVE&usp=sharing>
> - Advisors to review current project inventor.
> - Advisors to develop a list of successful/Flagship project's Best
> Practices, and be ready to share and discuss the list on our next meeting.
> - Ly's Assessment Criteria spreadsheet<https://docs.google.com/spreadsheet/ccc?key=0AllOCxlYdf1AdHliVUlMYVdPRWpqajF1bGtnSGtWckE&usp=sharing>:
> I have created a new version of Ly's spreadsheet. Let's use this as the
> Master document. Please place your changes, notes, comments, additions, etc
> on this document. When you add or delete something, please make sure to
> create a comment on the section with your name on it so we know you have
> edited something.
> *Next Meeting: Tuesday, August 27th - 3pm MST*
> *Meeting Details*
> 1. Please join my meeting, 27 Aug 2013 at 15:00 MST.
> 2. Use your microphone and speakers (VoIP) - a headset is recommended.
> Or, call in using your telephone.
> United States: +1 (626) 521-0017
> United States (toll-free): 1 877 309 2070
> Access Code: 590-731-190
> Audio PIN: Shown after joining the meeting
> Meeting ID: 590-731-190
> Online Meetings Made Easy™
> Not at your computer? Click the link to join this meeting from your
> iPhone®, iPad® or Android® device via the GoToMeeting app.
> *Thank you*
> Please do reach out to me if you have questions about any of the items
> above. I know it can be a bit overwhelming working with OWASP as there is
> quite a bit of information and history to take in, at first. People usually
> describe it as drinking out of a fire hose. :) Please do let me know if
> there is any other direction I can provide, or any other information you
> need. Again, thank you so much for your time and work on this project.
> Have a great rest of the week, Advisors.
> Samantha Groves
> *Samantha Groves, MBA*****
> *OWASP Projects Manager*
> The OWASP Foundation
> Arizona, USA
> Email: samantha.groves at owasp.org
> Skype: samanthahz
> OWASP Global Projects<https://www.owasp.org/index.php/Category:OWASP_Project>
> Book a Meeting with Me <http://goo.gl/mZXdZ>
> OWASP Contact US Form <http://owasp4.owasp.org/contactus.html>
> New Project Application Form<https://docs.google.com/a/owasp.org/spreadsheet/viewform?formkey=dHZfWGhHZ0Z4UFFwZU42djBXcVVLSlE6MQ#gid=0>
> Owasp_technical_project_advisors mailing list
> Owasp_technical_project_advisors at lists.owasp.org
*Samantha Groves, MBA*****
*OWASP Projects Manager*
The OWASP Foundation
Email: samantha.groves at owasp.org
OWASP Global Projects<https://www.owasp.org/index.php/Category:OWASP_Project>
Book a Meeting with Me <http://goo.gl/mZXdZ>
OWASP Contact US Form <http://owasp4.owasp.org/contactus.html>
New Project Application
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Owasp_technical_project_advisors