OWASP Operations UpdateOperations updates are posted on the blog before each month's board meeting. This update is from January 6, 2017
Welcome to the first operations update for 2017. We started monthly blogs about what's happening at the OWASP Foundation back in December.
Here's our major efforts and status of those in process starting with updates from last time:
The Website Reboot aka TWR - a major effort to update and modernize OWASP's web presence. Since last month, we've
The OWASP Communications Plan - a staff-created plan to professionalize how OWASP interacts with its community and the world at large. There’s a ton of moving parts to this effort but here’s what we focusing on currently:
Two new major, interlinked efforts
Two major efforts are starting this month - a significant upgrade to OWASP's Association Management System (AMS) and the proposed plan for updating our membership models.
Updates on Events for 2017
Membership and Outreach
As always, the OWASP staff are here to help make the OWASP community even stronger. If you have any question, concern or need, let us know by using the ‘Contact Us’ form here.
Your friendly neighborhood OWASP staff:
Kate, Kelly, Alison, Laura, Claudia, Tiffany, Dawn and Matt
OWASP in the NEWS!
OWASP AppSec California Brings Diversity to the Beach – ITSP Magazine, January 27, 2017
IT Governance’s head of consultancy to speak at Anglia Ruskin University – Ein PResswire, January 18, 2017
FTC Files to Protect Consumers’ Security in the Internet of Things – National Law Review, January 9, 2017
Cyber security career has massive potential – Belfast Telegraph, January 3, 2017
Mobile banking surges as security issues are addressed – FinExtra, January 3, 2017
Project Graduation Updates
Graduation is the process by which Projects move between Incubator, Labs, and Flagship levels. It includes a self review, followed by a review by our Senior Project Coordinator Matt Tesauro, and finally certified by our community through peer review. You can read about our recent Project Graduates or sign up to be a peer reviewer.
Combating the Vulnerability Chaos with OWASP DefectDojo
Greg Anderson invites you streamline your entire application security process by exploring DefectDojo with a live demo of the vulnerability aggregation tool.
OWASP is Once Again Participating in the Google Summer of Code Program
It is that time of year again! OWASP will participate in the Google Summer of Code (GSoC). We love that GSoC is a great vehicle to introduce students to both open source projects and application security with real, hands on projects. Long time Project Leader Konstantinos Papapanagiotou notes “GSoC is an amazing opportunity for projects to make significant progress in terms of code and attract new, enthusiastic contributors. On a personal basis I enjoy GSoC because it gives me the opportunity to interact with numerous students around the world and participate in one of the largest open source initiatives.”
To read more about this event and sign up to participate check out our blog post.
Global AppSec Events
AppSec Europe 2017 8–12 May, 2017, Belfast, UK
AppSec USA 2017 September 19–22, 2017, Orlando, Florida, USA
Local and Regional Events
AppSec Africa 2017 February 1–2, 2017, Casablanca, Morocco
SnowFROC 2017 March 16, 2017, Denver, CO, USA
Latam Tour 2017 April 3–28, 2017, South America
OWASP Middle East Cyber Security Conference 2017 May 3–4, 2017, Dubai, UAE
OWASP Project Summit 2017 June12–16, 2017, London, UK
Partner and Promotional Events
Cyber Resilience & InfoSec 2017 February 6-7, 2017 Abu Dhabi, U.A.E.
SC Congress London February 23, 2017 London, UK
CyberCentral April 4-6, 2017 Prague, Czech Republic
QuBit Conference 2017 April 4-6, 2017 Prague, Czech Republic OWASP members save 10% by using discount code: QB17OWASP
Cyber Security North Africa Summit April 26-27, 2017 Cairo, Egypt
SC Congress New York May 2, 2017 New York, NY
Techno Security & Digital Forensics Conference June 4-7, 2017 Myrtle Beach, SC
SC Congress Toronto June 13-14, 2017 Toranto, Canada
Welcome to our new chapters in January!
In 2016 OWASP grew in 2016—especially in Asia and the Middle East.
From uni-directional to vibrant and dynamic: Ottawa Chapter on becoming a community
There are two challenges that consume most chapters: getting speakers and growing their community. The Ottawa Chapter documented their approach to growing 450% in one year. The key to their success was diversity of activities and actively courting a diverse membership. You can read more about their experiments on the blog.
Request for Blog Content
OWASP would like to start spotlighting chapter activity on our blog. If your chapter hosted and recorded an amazing talk that just NEEDS to be shared, or perhaps you ran a great event and would like to help other chapter follow suite think about writing a blog post to be shared on the OWASP Blog. Contact our community manager, Tiffany Long for more details.
We would like to thank the following companies for supporting the OWASP Foundation. The companies listed below have contributed this month by either renewing their existing Corporate Membership or joining OWASP as a new Corporate Member. Details about Corporate Membership can be found here.
Contributor Corporate Members
Accenture is a leading global professional services company, providing a broad range of services and solutions in strategy, consulting, digital, technology and operations. Combining unmatched experience and specialized skills across more than 40 industries and all business functions—underpinned by the world’s largest delivery network—Accenture works at the intersection of business and technology to help clients improve their performance and create sustainable value for their stakeholders. With more than 394,000 people serving clients in more than 120 countries, Accenture drives innovation to improve the way the world works and lives. Visit us at www.accenture.com.
Organizations worldwide use Black Duck’s industry-leading products to automate the process of securing and managing open source software, eliminating the pain related to security vulnerabilities, compliance and operational risk. Black Duck is headquartered in Burlington, MA, and has offices in San Jose, CA, London, Frankfurt, Hong Kong, Tokyo, Seoul and Beijing. For more information, visit www.blackducksoftware.com.
Cybozu is a Japanese cloud computing vendor founded in 1997. Its service supports effective team collaboration hence our services are widely used from large-scaled teams like multinational enterprises to small-scaled teams like volunteer groups, clubs even families. “kintone” is one of the Cybozu’s key products released in 2011.
It is called "no-code application platform" which makes work more productive through business applications. It is recognized as one of the leading vendors in” Gartner 2016 Enterprise application Platform as a Service (aPaaS), Worldwide Magic Quadrant”.
Cybozu has been focusing on security enhancement. It has started "bug bounty project" in 2013 to find any vulnerabilities which may exist in its product in order to provide its customers with the most secure service possible.
For more information about Cybozu, please visit https://www.cybozu.com/jp/.
Want your name here? Find out how by visiting our Corporate Member information page, or contact or contact our Membership & Business Liaison Kelly Santalucia today! Thank you to all of our Premier and Contributor Corporate Members for your support in 2017!
New Membership Proposal
Over the last several months there have been a number of ideas put forth for how to modernize our membership plan from simply adjusting the cost to developing an entirely new membership organization. Our current membership plan is in need of optimization. This proposal includes back end system integration upgrades and modern price tier structures.
Concurrently, OWASP is upgrading our Association Management System (AMS) this spring; some of the improvements in the AMS will allow us to think about membership in a host of new ways. To this end our Operations and Membership team have put together a Flexible Individual Membership plan and updated our Corporate Membership plan. These plans account for our diverse membership are developed to optimize accessibility and growth. We are asking for the Community to provide feedback and the Board to vote on them at the February 8 meeting so that they may be included in the February AMS migration.
Feedback can be submitted via the board list or by attending the board meeting.
OWASP Social Media
OWASP Social Media Sites