[Owasp_technical_project_advisors] Meeting Minutes and Action Items

Samantha Groves samantha.groves at owasp.org
Wed Aug 7 16:57:59 UTC 2013


Of course, yes. Skype me when you are able.


On Wed, Aug 7, 2013 at 9:53 AM, johanna curiel curiel <
johanna.curiel at owasp.org> wrote:

> Hi Sam
>
> Thanks for clarifying, indeed I was under the impression that the process
> of reviewing had already started ;-P
> Unfortunately I couldn't make it to the meeting so I lost focus on the
> actual objectives.
>
> I would like to catch with you sometime so I can also clarify the upcoming
> plan
>
> regards
>
> Johanna
>
>
> On Wed, Aug 7, 2013 at 12:29 PM, Samantha Groves <
> samantha.groves at owasp.org> wrote:
>
>> Hello Johanna,
>>
>> I am not sure what you mean by the projects we will be reviewing. We will
>> not be reviewing them "officially" at all at this point. Can you clarify?
>> Additionally, can you clarify what you mean by splitting the projects?
>> Apologise for asking for clarification. I just need to get a bit more
>> context before I can give you the correct answer.
>>
>> Thank you Johanna.
>>
>> SG
>>
>>
>> On Tue, Aug 6, 2013 at 7:24 PM, Johanna Curiel <johanna.curiel at owasp.org>wrote:
>>
>>> Hi Advisors, Samantha
>>>
>>> did you have the opportunity to discuss how do we split the projects we
>>> will reviewing?
>>>
>>> I think is a good idea that we split and phase the projects we will
>>> review. Do you have at the moment a implementation on how we will do this?
>>>
>>> I'm trying to go one by one on the status of the  lab projects and I'm
>>> busy creating a report on the status and my analysis approach of these ones
>>>
>>> best regards
>>>
>>> Johanna
>>>
>>>
>>>
>>>
>>>
>>> On Aug 6, 2013, at 9:42 PM, Samantha Groves <samantha.groves at owasp.org>
>>> wrote:
>>>
>>> Hello Advisors,
>>>
>>> Thank you so much for joining today's call. I think we had some
>>> excellent discussions that helped us get some ideas flowing within the
>>> group. Below, you will find a brief outline of our meeting minutes along
>>> with the action items for our next call, and call in details for our next
>>> meeting.
>>>
>>> *Meeting Minutes: Advisor's 2nd Meeting - August 6th, 2013*
>>>
>>> *Attendees*
>>> *
>>> *
>>> Samantha Groves
>>> Ly Vandy
>>> Christopher Bush
>>> Chuck Cooper
>>> Joshua Clements
>>>
>>> *Agenda*
>>>
>>> *- Pending Items: Wiki account access, other technical issues.*
>>>
>>> *- Project Summit Participation*
>>>   - AppSec USA Conference <http://appsecusa.org/2013/>: November 18th -
>>> 21st
>>>   - Location: Times Square, New York
>>>   - Question: Will you be able to come for an in-person Advisor's
>>> working session during the conference? We will be working along side a
>>> handfull of Flagship Project Leaders. Let me know so I can propose this to
>>> the Local Event Managers.
>>>
>>> *- Discussion: Assessment Criteria Questions, Comments, Suggestions,
>>> and Next Steps.*
>>>  - Notes via Joshua. Thank you Joshua for sharing your notes with the
>>> group. They are incredibly helpful.
>>> ----------------------------------
>>> From ???
>>> - Can we make suggestions for requirements for projects?  Yes
>>> - Is there an MVP for the project?
>>>  - better description of the project
>>>  - what's the concern that the project is addressing
>>>  - What's the MVP
>>>
>>>
>>> From Chris --
>>> - share examples of a good project
>>> - define success criteria of a flagship project?
>>> - how do we summarize the guidelines for a successful project
>>> - a roadmap?
>>> - Have a mentor for incubator projects
>>> - from a well-run project
>>>  - have a list ready to go so that an incubator project can request
>>> leads from other projects
>>> - would need to have a process around this
>>>  - define the list
>>> - defi
>>>  - missing details on what a successful OAuth project is
>>>
>>> From ???
>>> - for documentation project -- does it need to be possible to convert to
>>> OWASP book
>>>  - no -- because some documentation projects are videos
>>>  - yes -- if the documentation project is a document only
>>>
>>> From Samantha
>>> - Goals of the team???
>>> - Samantha will send over the database of projects -- just a spreadsheet
>>> * - Current goal of team is to handle the acceptance process*
>>>  - There's a process in place to see if the project has been updated in
>>> at least 6 months
>>> - previously, reviewers have QUIT because the review process is just too
>>> much work
>>>  - need to be able to review and then stop on a project, not continue
>>> to review over and over
>>>  - need to not have to review future deliverables on a project
>>> - the project handbook has assessment results sheet available somewhere
>>> -- I didn't see it
>>> ----------------------------------
>>>
>>> *Action Items: Taken from Joshua's Notes and Modified to show additions*
>>> *
>>> *
>>> - Samantha to send over more information on AspectUSA conference: AppSec
>>> USA Website <http://appsecusa.org/2013/>
>>>
>>> - Samantha to send out some assessment results.
>>>   - Example 1: OWASP ZAP<https://www.owasp.org/index.php/OWASP_Zed_Attack_Proxy_Project#tab=Project_About>:
>>> Deliverable release 1.3.0 Assessment<https://www.owasp.org/index.php/Projects/OWASP_Zed_Attack_Proxy_Project/Releases/ZAP_1.3.0/Assessment>
>>>   - Example 2: OWASP Codes of Conduct for Government Bodies<https://www.owasp.org/index.php/OWASP_Codes_of_Conduct#tab=Government_Bodies>:
>>> Green Book V1.1 Assessment<https://www.owasp.org/index.php/Projects/OWASP_Codes_of_Conduct/Releases/The_OWASP_%22Green_Book%22_v1.1/Assessment>
>>>   - Example 3: OWASP Codes of Conduct for Standards Groups<https://www.owasp.org/index.php/OWASP_Codes_of_Conduct#tab=Standards_Groups>:
>>> Yellow Book V1.1 Assessment<https://www.owasp.org/index.php/Projects/OWASP_Codes_of_Conduct/Releases/The_OWASP_%22Yellow_Book%22_v1.1/Assessment>
>>>   - Primary concerns: While the reviews did occur, they are random and
>>> there is very little rigour to them. Currently, anyone in the OWASP
>>> Community can review a project, but not everyone should be. These
>>> particular assessments where conducted by trusted OWASP Members, but even
>>> they only answered "yes" and "no" to several of the questions. I feel if we
>>> are going to increase the quality of our projects, there must be more
>>> rigour in our assessments, and there must be more information in each
>>> reviewers responses. Why did they say yes, for example.
>>>
>>> - Samantha to send out "next steps" that occurred after assessment.
>>>    - After Assessment, the project leader can publicly state that their
>>> release has been officially reviewed by OWASP. The issue is that our review
>>> criteria lacks rigour, our reviewers are random, and there is nothing
>>> stopping one Leader's mate to say yes to all of our criteria questions
>>> thereby passing his mate's assessment. This has occurred in the past which
>>> means we have many projects with official OWASP reviewed releases that are
>>> of very poor quality, as some of you noted on today's call. This, as you
>>> can imagine, decreases our brand value over time.
>>>
>>> - Samantha to send over database of projects: Project Inventory Link<https://docs.google.com/spreadsheet/ccc?key=0AllOCxlYdf1AdHBGbDhXQko4akJoVnMtMUpvZnJucVE&usp=sharing>
>>>
>>> - Advisors to review current project inventor.
>>>
>>> - Advisors to develop a list of successful/Flagship project's Best
>>> Practices, and be ready to share and discuss the list on our next meeting.
>>>
>>> - Ly's Assessment Criteria spreadsheet<https://docs.google.com/spreadsheet/ccc?key=0AllOCxlYdf1AdHliVUlMYVdPRWpqajF1bGtnSGtWckE&usp=sharing>:
>>> I have created a new version of Ly's spreadsheet. Let's use this as the
>>> Master document. Please place your changes, notes, comments, additions, etc
>>> on this document. When you add or delete something, please make sure to
>>> create a comment on the section with your name on it so we know you have
>>> edited something.
>>>
>>> *Next Meeting: Tuesday, August 27th - 3pm MST*
>>>
>>> *Meeting Details*
>>>
>>> 1.  Please join my meeting, 27 Aug 2013 at 15:00 MST.
>>> https://www3.gotomeeting.com/join/590731190
>>>
>>> 2.  Use your microphone and speakers (VoIP) - a headset is recommended.
>>> Or, call in using your telephone.
>>>
>>> United States: +1 (626) 521-0017
>>> United States (toll-free): 1 877 309 2070
>>> Access Code: 590-731-190
>>> Audio PIN: Shown after joining the meeting
>>>
>>> Meeting ID: 590-731-190
>>>
>>> GoToMeeting®
>>> Online Meetings Made Easy™
>>>
>>> Not at your computer? Click the link to join this meeting from your
>>> iPhone®, iPad® or Android® device via the GoToMeeting app.
>>>
>>> *Thank you*
>>>
>>> Please do reach out to me if you have questions about any of the items
>>> above. I know it can be a bit overwhelming working with OWASP as there is
>>> quite a bit of information and history to take in, at first. People usually
>>> describe it as drinking out of a fire hose. :) Please do let me know if
>>> there is any other direction I can provide, or any other information you
>>> need. Again, thank you so much for your time and work on this project.
>>>
>>> Have a great rest of the week, Advisors.
>>>
>>> Samantha Groves
>>>
>>> --
>>>
>>> *Samantha Groves, MBA*****
>>>
>>> *OWASP Projects Manager*
>>>
>>> *
>>> *
>>>
>>> The OWASP Foundation
>>>
>>> Arizona, USA
>>>
>>> Email: samantha.groves at owasp.org
>>>
>>> Skype: samanthahz
>>>
>>>
>>> OWASP Global Projects<https://www.owasp.org/index.php/Category:OWASP_Project>
>>>
>>> Book a Meeting with Me <http://goo.gl/mZXdZ>
>>>
>>> OWASP Contact US Form <http://owasp4.owasp.org/contactus.html>
>>>
>>> New Project Application Form<https://docs.google.com/a/owasp.org/spreadsheet/viewform?formkey=dHZfWGhHZ0Z4UFFwZU42djBXcVVLSlE6MQ#gid=0>
>>>
>>>
>>>
>>>  _______________________________________________
>>> Owasp_technical_project_advisors mailing list
>>> Owasp_technical_project_advisors at lists.owasp.org
>>> https://lists.owasp.org/mailman/listinfo/owasp_technical_project_advisors
>>>
>>>
>>
>>
>> --
>>
>> *Samantha Groves, MBA*****
>>
>> *OWASP Projects Manager*
>>
>> *
>> *
>>
>> The OWASP Foundation
>>
>> Arizona, USA
>>
>> Email: samantha.groves at owasp.org
>>
>> Skype: samanthahz
>>
>>
>> OWASP Global Projects<https://www.owasp.org/index.php/Category:OWASP_Project>
>>
>> Book a Meeting with Me <http://goo.gl/mZXdZ>
>>
>> OWASP Contact US Form <http://owasp4.owasp.org/contactus.html>
>>
>> New Project Application Form<https://docs.google.com/a/owasp.org/spreadsheet/viewform?formkey=dHZfWGhHZ0Z4UFFwZU42djBXcVVLSlE6MQ#gid=0>
>>
>>
>>
>>
>


-- 

*Samantha Groves, MBA*****

*OWASP Projects Manager*

*
*

The OWASP Foundation

Arizona, USA

Email: samantha.groves at owasp.org

Skype: samanthahz


OWASP Global Projects<https://www.owasp.org/index.php/Category:OWASP_Project>

Book a Meeting with Me <http://goo.gl/mZXdZ>

OWASP Contact US Form <http://owasp4.owasp.org/contactus.html>

New Project Application
Form<https://docs.google.com/a/owasp.org/spreadsheet/viewform?formkey=dHZfWGhHZ0Z4UFFwZU42djBXcVVLSlE6MQ#gid=0>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/owasp_technical_project_advisors/attachments/20130807/b0fbbde6/attachment-0001.html>


More information about the Owasp_technical_project_advisors mailing list