GPC/Meetings/2011-03-07

= Meeting Details = Dial-In: 1-866-534-4754 (code: 192341)

When: Monday, March 7th @ 21:00 GMT (based on member availability) = Agenda =
 * Confirmation of new committee members (all)
 * Board update (Jason)
 * Proposed 2011 Budget (Jason)
 * Project Hosting Update (Chris)
 * Project Lifecycle Process Update (Justin/Brad)
 * Current Project Status Overview (Paulo)
 * Number of new projects since previous announcement
 * OWASP Application Security Skills Assessment
 * OWASP Common Vulnerability List (replaced by Common Numbering Project)
 * Common Numbering Project
 * OWASP HTTP Post Tool
 * OWASP Forward Exploit Tool Project
 * OWASP Java XML Templates Project
 * OWASP ASIDE Project
 * OWASP Secure Password Project
 * OWASP Secure the Flag Competition Project
 * OWASP Security Baseline Project
 * OWASP ESAPI Objective - C Project
 * OWASP Academy Portal Project
 * OWASP Exams Project
 * OWASP Portuguese Language Project
 * OWASP Browser Security ACID Tests Project
 * OWASP Web Browser Testing System Project
 * OWASP Myth Breakers Project
 * Software Security Assurance Process
 * OWASP Web Service Attack Community Project
 * Number of new releases set up since previous announcement
 * ModSecurity 2.0.10
 * Zed Attack Proxy Project - ZAP 1.2.0
 * Number of adopted projects since previous announcement
 * OWASP LAPSE Project
 * OWASP Java Project
 * Number of reviewed releases since previous announcement
 * OWASP Zed Attack Proxy Project - Release ZAP 1.1.0
 * Projects ready to be set up
 * Enhancing Security Options Framework (ESOP Framework) - Amber Marfatia
 * Mantra -Security Framework to OWASP, Yashartha Chaturvedi
 * German Language Project, German Chapter
 * Java HTML Sanitization, Jim Manico
 * Java Encoder Project, Jim Manico
 * Projects' Releases requiring review
 * http://www.owasp.org/index.php/OWASP_Secure_Web_Application_Framework_Manifesto,
 * http://www.owasp.org/index.php/GPC_Project_Assessment/OWASP_Vicnum,
 * http://www.owasp.org/index.php/GPC_Project_Assessment/OWASP_Content_Validation_using_Java_Annotations
 * http://www.owasp.org/index.php/Category:OWASP_AppSensor_Project,
 * http://www.owasp.org/index.php/OWASP_O2_Platform,
 * http://www.owasp.org/index.php/Category:OWASP_Webslayer_Project,
 * http://www.owasp.org/index.php/Category:OWASP_EnDe#tab=Project_Details,
 * http://www.owasp.org/index.php/Projects/OWASP_Fiddler_Addons_for_Security_Testing_Project,
 * http://www.owasp.org/index.php/OWASP_HTTP_Post_Tool,
 * http://www.owasp.org/index.php/Category:Software_Assurance_Maturity_Model
 * http://www.owasp.org/index.php/Projects/OWASP_Zed_Attack_Proxy_Project/Releases/ZAP_1.2.0,
 * OWASP Reviews Dashboard
 * Projects with new leader/need to be re-set up
 * OWASP .NET Project - Daniel Brzozowski
 * WebScarab-NG - Daniel Brzozowski
 * College Chapter Program Project - Martin Knobloch
 * OWASP AJAX Security Project - Abraham Kang
 * Project in need of reorganization
 * ESAPI
 * CSRF ecosystem, Sheridan
 * Projects in adoption process
 * OWASP Application Security Assessment Standards Project | Volunteers: Bithika & Matteo Michelini (waiting for data)
 * Other tasks to do
 * Top 10/Upload redesigned content and new covers (Lulu)
 * Other issues
 * How shoud we label projects like OWASP Live CD 2007 Project? Deprecated? Inactive? or else?
 * What should we do with ESAPI PHP? Let's put in on for adoption?
 * Outstanding requests from project leaders
 * None except the above

=Minutes=
 * Meeting started: 21:00 GMT
 * Meeting adjourned: 23:00 GMT
 * Update for April Board Meeting

Attendees

 * Jason Li (Chair)
 * Brad Causey (Committee Member)
 * Chris Schmidt (Committee Member)
 * Justin Searle (Committee Member)
 * Larry Casey (Committee Member)
 * Keith Turpin (Committee Member)
 * Paulo Coimbra (Projects Manager)
 * Kate Hartmann (Director of Operations)
 * Sarah Baso (observer)

Decisions

 * 1) Chris, Justin and Larry have been formally seated as GPC members; Keith is awaiting additional nominations and has been named a provisional member
 * 2) LiveCD 2007 project page should be archived and marked inactive with reference pointer to current LiveCD (WTE) project
 * 3) Any approval step in the Incubator/Labs processes of the OWASP Projects Lifecycle will have an rolling approval window (i.e. if GPC does not take action within X time, it is automatically approved). This compromise prevents the GPC from becoming a bottleneck. Note this policy places extra burden on the GPC to get things right.

Action Items

 * 1) Chris will reach out to ESAPI PHP project about project leadership
 * 2) Jason will work with Paulo to identify aspects of his workflow that can be automated
 * 3) Justin will research licensing issues for Projects and what would be involved in a license change (Sarah has volunteered to be a resource)
 * 4) Justin/Chris will sketch out an addition to the lifecycle process ("OWASP Enterprise")
 * 5) Jason will identify tools to help improve committee calls (e.g. Google Moderator, "talking stick")
 * 6) Jason will send Doodle for April meeting