[Owasp_technical_project_advisors] Meeting Minutes and Action Items

johanna curiel curiel johanna.curiel at owasp.org
Wed Aug 7 16:53:16 UTC 2013


Hi Sam

Thanks for clarifying, indeed I was under the impression that the process
of reviewing had already started ;-P
Unfortunately I couldn't make it to the meeting so I lost focus on the
actual objectives.

I would like to catch with you sometime so I can also clarify the upcoming
plan

regards

Johanna


On Wed, Aug 7, 2013 at 12:29 PM, Samantha Groves
<samantha.groves at owasp.org>wrote:

> Hello Johanna,
>
> I am not sure what you mean by the projects we will be reviewing. We will
> not be reviewing them "officially" at all at this point. Can you clarify?
> Additionally, can you clarify what you mean by splitting the projects?
> Apologise for asking for clarification. I just need to get a bit more
> context before I can give you the correct answer.
>
> Thank you Johanna.
>
> SG
>
>
> On Tue, Aug 6, 2013 at 7:24 PM, Johanna Curiel <johanna.curiel at owasp.org>wrote:
>
>> Hi Advisors, Samantha
>>
>> did you have the opportunity to discuss how do we split the projects we
>> will reviewing?
>>
>> I think is a good idea that we split and phase the projects we will
>> review. Do you have at the moment a implementation on how we will do this?
>>
>> I'm trying to go one by one on the status of the  lab projects and I'm
>> busy creating a report on the status and my analysis approach of these ones
>>
>> best regards
>>
>> Johanna
>>
>>
>>
>>
>>
>> On Aug 6, 2013, at 9:42 PM, Samantha Groves <samantha.groves at owasp.org>
>> wrote:
>>
>> Hello Advisors,
>>
>> Thank you so much for joining today's call. I think we had some excellent
>> discussions that helped us get some ideas flowing within the group. Below,
>> you will find a brief outline of our meeting minutes along with the action
>> items for our next call, and call in details for our next meeting.
>>
>> *Meeting Minutes: Advisor's 2nd Meeting - August 6th, 2013*
>>
>> *Attendees*
>> *
>> *
>> Samantha Groves
>> Ly Vandy
>> Christopher Bush
>> Chuck Cooper
>> Joshua Clements
>>
>> *Agenda*
>>
>> *- Pending Items: Wiki account access, other technical issues.*
>>
>> *- Project Summit Participation*
>>   - AppSec USA Conference <http://appsecusa.org/2013/>: November 18th -
>> 21st
>>   - Location: Times Square, New York
>>   - Question: Will you be able to come for an in-person Advisor's working
>> session during the conference? We will be working along side a handfull of
>> Flagship Project Leaders. Let me know so I can propose this to the Local
>> Event Managers.
>>
>> *- Discussion: Assessment Criteria Questions, Comments, Suggestions, and
>> Next Steps.*
>>  - Notes via Joshua. Thank you Joshua for sharing your notes with the
>> group. They are incredibly helpful.
>> ----------------------------------
>> From ???
>> - Can we make suggestions for requirements for projects?  Yes
>> - Is there an MVP for the project?
>>  - better description of the project
>>  - what's the concern that the project is addressing
>>  - What's the MVP
>>
>>
>> From Chris --
>> - share examples of a good project
>> - define success criteria of a flagship project?
>> - how do we summarize the guidelines for a successful project
>> - a roadmap?
>> - Have a mentor for incubator projects
>> - from a well-run project
>>  - have a list ready to go so that an incubator project can request
>> leads from other projects
>> - would need to have a process around this
>>  - define the list
>> - defi
>>  - missing details on what a successful OAuth project is
>>
>> From ???
>> - for documentation project -- does it need to be possible to convert to
>> OWASP book
>>  - no -- because some documentation projects are videos
>>  - yes -- if the documentation project is a document only
>>
>> From Samantha
>> - Goals of the team???
>> - Samantha will send over the database of projects -- just a spreadsheet
>> * - Current goal of team is to handle the acceptance process*
>>  - There's a process in place to see if the project has been updated in
>> at least 6 months
>> - previously, reviewers have QUIT because the review process is just too
>> much work
>>  - need to be able to review and then stop on a project, not continue to
>> review over and over
>>  - need to not have to review future deliverables on a project
>> - the project handbook has assessment results sheet available somewhere
>> -- I didn't see it
>> ----------------------------------
>>
>> *Action Items: Taken from Joshua's Notes and Modified to show additions*
>> *
>> *
>> - Samantha to send over more information on AspectUSA conference: AppSec
>> USA Website <http://appsecusa.org/2013/>
>>
>> - Samantha to send out some assessment results.
>>   - Example 1: OWASP ZAP<https://www.owasp.org/index.php/OWASP_Zed_Attack_Proxy_Project#tab=Project_About>:
>> Deliverable release 1.3.0 Assessment<https://www.owasp.org/index.php/Projects/OWASP_Zed_Attack_Proxy_Project/Releases/ZAP_1.3.0/Assessment>
>>   - Example 2: OWASP Codes of Conduct for Government Bodies<https://www.owasp.org/index.php/OWASP_Codes_of_Conduct#tab=Government_Bodies>:
>> Green Book V1.1 Assessment<https://www.owasp.org/index.php/Projects/OWASP_Codes_of_Conduct/Releases/The_OWASP_%22Green_Book%22_v1.1/Assessment>
>>   - Example 3: OWASP Codes of Conduct for Standards Groups<https://www.owasp.org/index.php/OWASP_Codes_of_Conduct#tab=Standards_Groups>:
>> Yellow Book V1.1 Assessment<https://www.owasp.org/index.php/Projects/OWASP_Codes_of_Conduct/Releases/The_OWASP_%22Yellow_Book%22_v1.1/Assessment>
>>   - Primary concerns: While the reviews did occur, they are random and
>> there is very little rigour to them. Currently, anyone in the OWASP
>> Community can review a project, but not everyone should be. These
>> particular assessments where conducted by trusted OWASP Members, but even
>> they only answered "yes" and "no" to several of the questions. I feel if we
>> are going to increase the quality of our projects, there must be more
>> rigour in our assessments, and there must be more information in each
>> reviewers responses. Why did they say yes, for example.
>>
>> - Samantha to send out "next steps" that occurred after assessment.
>>    - After Assessment, the project leader can publicly state that their
>> release has been officially reviewed by OWASP. The issue is that our review
>> criteria lacks rigour, our reviewers are random, and there is nothing
>> stopping one Leader's mate to say yes to all of our criteria questions
>> thereby passing his mate's assessment. This has occurred in the past which
>> means we have many projects with official OWASP reviewed releases that are
>> of very poor quality, as some of you noted on today's call. This, as you
>> can imagine, decreases our brand value over time.
>>
>> - Samantha to send over database of projects: Project Inventory Link<https://docs.google.com/spreadsheet/ccc?key=0AllOCxlYdf1AdHBGbDhXQko4akJoVnMtMUpvZnJucVE&usp=sharing>
>>
>> - Advisors to review current project inventor.
>>
>> - Advisors to develop a list of successful/Flagship project's Best
>> Practices, and be ready to share and discuss the list on our next meeting.
>>
>> - Ly's Assessment Criteria spreadsheet<https://docs.google.com/spreadsheet/ccc?key=0AllOCxlYdf1AdHliVUlMYVdPRWpqajF1bGtnSGtWckE&usp=sharing>:
>> I have created a new version of Ly's spreadsheet. Let's use this as the
>> Master document. Please place your changes, notes, comments, additions, etc
>> on this document. When you add or delete something, please make sure to
>> create a comment on the section with your name on it so we know you have
>> edited something.
>>
>> *Next Meeting: Tuesday, August 27th - 3pm MST*
>>
>> *Meeting Details*
>>
>> 1.  Please join my meeting, 27 Aug 2013 at 15:00 MST.
>> https://www3.gotomeeting.com/join/590731190
>>
>> 2.  Use your microphone and speakers (VoIP) - a headset is recommended.
>> Or, call in using your telephone.
>>
>> United States: +1 (626) 521-0017
>> United States (toll-free): 1 877 309 2070
>> Access Code: 590-731-190
>> Audio PIN: Shown after joining the meeting
>>
>> Meeting ID: 590-731-190
>>
>> GoToMeeting®
>> Online Meetings Made Easy™
>>
>> Not at your computer? Click the link to join this meeting from your
>> iPhone®, iPad® or Android® device via the GoToMeeting app.
>>
>> *Thank you*
>>
>> Please do reach out to me if you have questions about any of the items
>> above. I know it can be a bit overwhelming working with OWASP as there is
>> quite a bit of information and history to take in, at first. People usually
>> describe it as drinking out of a fire hose. :) Please do let me know if
>> there is any other direction I can provide, or any other information you
>> need. Again, thank you so much for your time and work on this project.
>>
>> Have a great rest of the week, Advisors.
>>
>> Samantha Groves
>>
>> --
>>
>> *Samantha Groves, MBA*****
>>
>> *OWASP Projects Manager*
>>
>> *
>> *
>>
>> The OWASP Foundation
>>
>> Arizona, USA
>>
>> Email: samantha.groves at owasp.org
>>
>> Skype: samanthahz
>>
>>
>> OWASP Global Projects<https://www.owasp.org/index.php/Category:OWASP_Project>
>>
>> Book a Meeting with Me <http://goo.gl/mZXdZ>
>>
>> OWASP Contact US Form <http://owasp4.owasp.org/contactus.html>
>>
>> New Project Application Form<https://docs.google.com/a/owasp.org/spreadsheet/viewform?formkey=dHZfWGhHZ0Z4UFFwZU42djBXcVVLSlE6MQ#gid=0>
>>
>>
>>
>>  _______________________________________________
>> Owasp_technical_project_advisors mailing list
>> Owasp_technical_project_advisors at lists.owasp.org
>> https://lists.owasp.org/mailman/listinfo/owasp_technical_project_advisors
>>
>>
>
>
> --
>
> *Samantha Groves, MBA*****
>
> *OWASP Projects Manager*
>
> *
> *
>
> The OWASP Foundation
>
> Arizona, USA
>
> Email: samantha.groves at owasp.org
>
> Skype: samanthahz
>
>
> OWASP Global Projects<https://www.owasp.org/index.php/Category:OWASP_Project>
>
> Book a Meeting with Me <http://goo.gl/mZXdZ>
>
> OWASP Contact US Form <http://owasp4.owasp.org/contactus.html>
>
> New Project Application Form<https://docs.google.com/a/owasp.org/spreadsheet/viewform?formkey=dHZfWGhHZ0Z4UFFwZU42djBXcVVLSlE6MQ#gid=0>
>
>
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/owasp_technical_project_advisors/attachments/20130807/5d886aa6/attachment-0001.html>


More information about the Owasp_technical_project_advisors mailing list