Wednesday, May 31, 2017

OWASP Threat Dragon Project Update



OWASP Threat Dragon Project
Project: Leader: Mike Goodwin   Github Link

Threat modelling is a very powerful technique for finding and fixing design-level flaws in applications. It is especially good at promoting defence-in-depth. However, the free tooling that is currently available is limited. OWASP Threat Dragon aims to fix that by providing a free, open source threat modelling tool that
  • Is cross-platform
  • Is easy and enjoyable to use
  • Integrates well with other SDLC tools
  • Has a powerful threat generation rule engine
Although Threat Dragon is an Incubator project, it is progressing well and I hope it will be ready to be promoted to Labs soon. Some highlights of the project so far:
  • The original working prototype has been given a major architecture review. This was my first node.js project and my first significant Angular application so there were quite a few kinks to be straightened out. Also, I completely rethought the model storage approach - originally it was using browser local storage like Mozilla SeaSponge, but this turned out to be problematic in practice.
  • A web application variant that uses GitHub as a backend for storing model files. I have plans to add support for BitBucket and possibly other backends soon. This source control system integration is key to the success of the project IMO and I have lots of plans for deeper and better integration in the future.
  • An installable, cross-platform desktop variant based on Electron and using the local file systems for model storage. This is important for people who use a source control system that is not supported by the web app variant, or for people who want to evaluate the tool without giving it access to their repos. The desktop variant shares >85% of it's code with the web app variant - including most of it's UI. This is critical to make it manageable by a small team (just me at the moment!). The desktop app is still a little rough around the edges compared to the web app (e.g. no auto-update on OSX yet) but it is getting there and most of my effort on the project is going into that at the moment.
  • Good unit test coverage (>90%). Quality is not just for Flagship projects - Incubator projects need it too!
  • A cute logo dragon called Cupcakes :o) (based on an original image by DreamsOfMine)
So what's next for Threat Dragon? Well, firstly, although I think it's progressing well on the first 3 key project aims, that's just my opinion. It needs feedback. Lots of feedback. All feedback is welcome - feature requests, bug reports or comments on any aspect of the project. Secondly, at the moment it can be used for basic threat modelling, but the threat generation engine is just a stub. You have to come up with all the threats yourself. Threat generation is the next major functional area that I plan to tackle - hopefully with some collaborators. Thirdly, did I say I was interested in feedback?


Please give it a try and let me know what you think!  

Tuesday, May 30, 2017

Blackhat USA 2017 Call for Volunteers



OWASP and Blackhat USA 2017 have once again formed a co-marketing agreement. Included in our agreement, Blackhat has offered OWASP complimentary expo space along with a limited amount of briefing and expo passes.

OWASP is looking for volunteers who are willing to donate time at the OWASP booth, in exchange for a briefing or expo pass. Volunteers need to be familiar with OWASP, and be able to comfortably speak about the Foundation to booth visitors.

Volunteers who sign up for 9 or more booth hours may qualify for a full briefings pass. Volunteers who sign up for 6 or more booth hours may qualify for an expo only pass. Passes are limited and are on a first come first serve basis, with priority going to OWASP Leaders and OWASP Members first. 

If you are interested, you can sign up here!  Any questions should be submitted through our Contact Us form.

Connector May 2017

OWASP Connector

FOLLOW US


           
  COMMUNICATIONS |  PROJECTS |  EVENTS |  CHAPTERS |  MEMBERSHIP  
Mon, May 29, 2017
OWASP CONNECTOR
Communications

Change to the Global Board of Directors

Johanna Curiel has stepped down from her position on the Global Board of Directors. Following precedent, Martin Knobloch, who received the next highest vote count, was raised to the OWASP Board of Directors and the board will hold a vote for positions on the board.


Operations Update

The May Operations Update includes vital information about OWASP's infrastructure initiatives, project activity, and Chapters. Read it for an overview of what is happening in OWASP.


2017 Global Board of Directors Election

The Call for Candidates for the Global Board of Directors ​is now open! The OWASP Global Board of Directors is an all-volunteer board dedicated to the organizational mission which directs the strategic direction of OWASP. This year there are 4 open positions for the board. Due to a vote on February 8th, 2017 which mandated that no board member may serve more than 2 2-year terms in a 10 year period there will be no incumbent board member up for election. To learn more about the Election and to submit your candidacy, please visit: https://www.owasp.org/index.php/2017_Global_Board_of_Directors_Election


OWASP in the News

 
Projects

OWASP Code Sprint '17

The OWASP Code Sprint 2017 is a program that aims to provide incentives for students to contribute to OWASP projects. By participating in the OWASP Code Sprint 2017 a student can get real-life experience contributing to an open source project. A student who successfully completes the program will receive in total $1500. You can read more on the Code Sprint 2017 wiki page.

How it works

 

Any code/tool project can participate in the OWASP Code Sprint. Each project will be guided by an OWASP mentor. Students are evaluated in the middle and at the end of the coding period, based on success criteria identified at the beginning of the project. Successful students will receive $750 after each evaluation, a total of $1500 per student.

ALL STUDENTS PLEASE APPLY HERE


Project Summit Belfast Recap

OWASP had another successful project summit at AppSec Europe Belfast. The Project Summit is a combination project working session and program improvement session for OWASP Projects. In addition to presenting their projects to the summit, the leaders discussed ways for their projects to collaborate and there was a proposal from one leader to combine two existing projects with some additional work into a new third project. Project leaders were very excited about up coming improvements to OWASP and Projects, including Discourse, Project Handbook changes and gamification options that will be soon available.

In addition to focusing on programmatic changes and their projects, leaders and other community members came together to review seven applications for projects wishing to graduate to the next level of project maturity.

If you would like to attend the next AppSec Project Summit, see the below for details.


Sign Up for the AppSec USA Project Summit!

The AppSec USA Project summit is now accepting participants and suggestions for our Hot Topics. Project Summits at Global events include working sessions that allow project leaders and contributors to work together face to face in an intense and productive environment to move their projects forward. This is a great opportunity for local contributors or those attending the conference to become more deeply involved in OWASP Projects. Qualifying Project Leaders can receive grants to cover their attendance at the event.

Requirements for Participation:

  • Active OWASP Project started in the last 9 months.
  • Complete and updated wiki page with a clear roadmap.
  • Agenda and Deliverables for your project at the summit are required.
  • Deadline on September 5th!

 

Funding Opportunities: (through the Reimbursement Process)

  • $750.00 for Air Travel Assistance per OWASP Project
  • Two Nights of accommodations for the days of the Project Summit USA
  • OWASP Project Leaders (three leader max) receive a complimentary pass for AppSec USA 2017.

Please use the Contact Us form for any questions or concerns.

Contacts at OWASP Foundation: Matt Tesauro and Claudia Aviles Casanovas.


OWASP Top 10 Release Candidate

The OWASP Top 10 Release Candidate is now available for comment. Each edition of the OWASP Top 10 enters this phase of the project with plenty of controversy and this year is no different. You can still join the Top 10 Mailing List to contribute your thoughts or read OWASP’s Sr. Project Coordinator, Matt Tesauro’s thoughts on the topic.


Ads are not endorsements and reflect the messages of the advertiser only. They represent co-marketing arrangements with other organizations in
support of the OWASP Community.  CLICK HERE for more information on Advertising.
 
Events

AppSec USA Second Round CfP

The AppSec USA Call for Presentations Round Two will be opened for two weeks starting on May 30th, 2017. Applications will be accepted until June 15th and applicants will be notified of their success shortly thereafter. Papers that did not make it in round one will need to reapply for round two as applications will not be forwarded automatically to the next round.

 


2017 OWASP Summit; The Woodstock of AppSec

The OWASP Summit in London will be the largest concentration of AppSec and Security talent focused on solving problems in 2017. A 5-day, high-energy experience, the summit will allow attendees to work and collaborate intensively. Our villa set up means that you will have the opportunity to develop projects in our 10 tracks nearly around the clock!

In order to attract as much talent as possible to the Summit, tickets were kept at a low price. A 5x 8h daily ticket costs £400 (i.e. without accommodation) and a 5x 24h daily ticket costs £1,200 (i.e. with 4-night accommodation), with a 10% discount (for 5 to 9 tickets) and a 20% discount (for 10+ tickets). 1x daily 8h tickets are also available at £100 and 24h tickets at £300.

Learn more about your opportunity to bring your team to 2017’s biggest AppSec output focused event.


AppSec USA Sponsorships Nearly Sold Out

There are only a few remaining sponsorships left for AppSec USA. The expo floor plan designed to maximize foot traffic to YOUR booth, you can be assured that you will maximize lead generation activities. Additionally, the planning team has several events planned to encourage a family friendly atmosphere to drive attendance numbers skyrocketing upwards, and what better place than Walt Disney World?

The vendor booths are located in high track areas so that you can be assured to get the attention of more than 1,000 security decision makers, influencers, and practitioners in the community. This is the opportunity for your company to recruit, generate business,and share ideas. Grab your booth today before space runs out.

Please contact Kelly Santalucia for more information on how your company can participate!


AppSec Europe Wrap Up

AppSec Europe brought the craic this year! From the first ever outreach event to 200 teens to Keynotes packed with attendees, to nearly a dozen supplementary events, the conference was an unqualified success. Many thanks to the AppSec Eu Team, Gary Robison, Michelle Simson, Owen Pendlebury, Martin Knobloch, Erlend Oftedal, David Mathy, Mark Miller, Siobhan Gallagher, and Fiona Collins! You can read Owen Pendlebury's account of the event on the OWASP Blog and soon, watch all of the talks on the OWASP YouTube Channel.


AppSec Europe Developer Summit

Johanna Curiel hosted an interactive all day hands-on session on Day 1. A total of 16 people attended to learn about "Reverse Engineering Android Apps with Bytecodeviewer."

Our Day 2 morning session topic was ​"​Automating On-Deploy Security Testing* of web applications with ZAP and Jen​"​ hosted by Spyros Gasteratos. We had 21 people attend this session.

And last by certainly not least, our Day 2 afternoon session was hosted by Nicole Becher amd Mordecai Kraushar​. This session drew a total of 20 attendees who were eager to learn about "Attacking your web app."

This was by far our biggest DevSummit attendee turnout to date! We are looking forward to doubling our DevSummit attendee numbers for our upcoming AppSec USA 2017 event in September!

 


Upcoming Events

 

Global AppSec Events

Regional and Local Events

  • OWASP Sibiu Event  June 8, 2017; Sibiu, Romania
  • New York Metro Joint Cyber Security Conference  October 5, 2017; New York City, NY, USA
  • OWASP Bucharest AppSec Conference 2017  October 6, 2017; Bucharest, Romania
  • OWASP AppSec Africa 2018  May 10-12, 2018; Morocco

Project Summits

Partner and Promotional Events

Chapters

Chapter Leader Workshop

Before every Global AppSec Event we host a Leaders’ Workshop. These workshops serve to allow the foundation staff (and board) to hear from Chapter and Project Leaders and to catch them up on big occurrences in the OWASP Foundation. This year there was an unusually large portion of the meeting dedicated to sharing information from the Foundation.

The OWASP Staff have been analyzing the Foundation’s technical debt and engaged in deep listening activities to understand how to prioritize our actions. This activity has led to the staff prioritizing 4 large changes to our structure: The Website Reboot, the AMS update, a new system for mailing lists, and a volunteer management program. These new systems will bring more insight and control to Project and Chapter Leaders.

The Leaders’ Workshop is recapped in three blog posts: OWASP Leaders’ Workshop Pt 1: 4 Major Changes and Leader Insight and Control, about the 4 major updates; OWASP Code Sprint 2017, answering the question about the code sprint; and Chapter Questions from the LW, discussing the other two questions leaders brought up: (1)Discussion on move from 2 to 4 meetings per year, (2)What does the foundation look at when judging if an event can be charged for or not? The final blog post is not yet up.

We have also confirmed that future Leaders’ Workshops will attempt to include the webinar platform so that Leaders who are not attending the event can still participate in the meeting.


Welcome New Chapters

Albany Hokushinetsu Sofia Kyiv Akita

Membership

May 2017 Corporate Members

May 2017 Corporate Members

 
We would like to thank the following companies for supporting the OWASP Foundation.  
The companies listed below have contributed this month by either renewing their existing 
Corporate Membership or joining OWASP as a new Corporate Member.  
 
Details about Corporate Membership can be found here.
 
 
Premier Corporate Member
 
Qualys, Inc. (NASDAQ: QLYS) is a pioneer and leading provider of cloud-based security and compliance solutions with over 8,800 customers in more than 100 countries, including a majority of each of the Forbes Global 100 and Fortune 100. The Qualys Cloud Platform and integrated suite of solutions help organizations simplify security operations and lower the cost of compliance by delivering critical security intelligence on demand and automating the full spectrum of auditing, compliance and protection for IT systems and web applications. Founded in 1999, Qualys has established strategic partnerships with leading managed service providers and consulting organizations including Accenture, BT, Cognizant Technology Solutions, Dell SecureWorks, Fujitsu, HCL Comnet, Infosys, NTT, Optiv, Tata Communications, Verizon and Wipro. The company is also a founding member of the Cloud Security Alliance (CSA). For more information, please visit www.qualys.com. Qualys, the Qualys logo and QualysGuard are proprietary trademarks of Qualys, Inc. All other products or names may be trademarks of their respective companies. For more information, please visit https://www.qualys.com.
 
 
Contributor Corporate Members
 
 
 
Oracle is shifting the complexity from IT, moving it out of the enterprise by engineering hardware and software to work together—in the cloud and in the data center. By eliminating complexity and simplifying IT, Oracle enables its customers—400,000 of them in more than 145 countries around the world—to accelerate innovation and create added value for their customers. By engineering out the complexity that stifles business innovation, Oracle is engineering in speed, reliability, security, and manageability. The result is best-in-class products throughout an integrated stack of hardware and software, with every layer designed and engineered to work together according to open industry standards. Oracle's complete, open, and integrated solutions offer extreme performance at the lowest cost—all from a single vendor. Encompassing every phase of the product development lifecycle, Oracle Software Security Assurance is Oracle's methodology for building security into the design, build, testing, and maintenance of its products. Oracle's goal is to ensure that Oracle's products, as well as the customer systems that leverage those products, remain as secure as possible. For more information, please visit https://www.oracle.com/support/assurance/index.html



 
Rakuten, Inc. and its consolidated subsidiaries and affiliates ("Rakuten Group") are full-line Internet services companies. Since its founding in 1997, Rakuten, Inc. ("Rakuten") has spent a decade evolving its business model centered on e-commerce, to create a market completely new to Japan. The Rakuten Group is focusing on two approaches in particular to target growth in the decade to come. The first is to empower people and society through continuous innovation and business operation based on our five concepts of success. The second is to establish a "Rakuten eco-system" which enables us to maximize our customers lifetime value and leverage synergies. Guided by the key phrase "more than Web", the Rakuten Group is taking on the challenge of creating new value by driving convergence between the Internet and traditional "bricks and mortar" businesses. For more information, please visit https://www.rakuten.com/



 



Want your company name here? 
 
Find out how by visiting our Corporate Member information page, or contact Kelly Santaluciaour Membership & Business Liaison today!  
 
 
 
Thank you to all of our Premier and Contributor Corporate Members for your support!

The OWASP Foundation, 1200C Agora Drive #232, Bel Air, Maryland, 21014, USA

Wednesday, May 24, 2017

OWASP CODE SPRINT 2017 - Applications Extended to June 18th!

Student Applications Extended to June 18th!

Student application submission is now open: APPLY HERE    Many students are already exploring ideas on our wiki page, which means your project still has a chance to join the Code Sprint!

Remember: We need your help in a making this program a success and the more mentors the more slots for Students!

Goal:
The OWASP Code Sprint 2017 is a program that aims to provide incentives to students to contribute to OWASP projects. By participating in the OWASP Code Sprint 2017 a student can get real life experience while contributing to an open source project. A student who successfully completes the program will receive $1500.

Become a Mentor: 
Do you want to become a mentor for a student?
Choose a participating OWASP project from the OWASP Code Sprint 2017 wiki page--preferably the one you are most familiar with.

Touch base with the project leader and ask one of the org admins (Claudia, Kostas or Fabio) to send you an invitation to get started today.

Help OWASP Invite Students: 

Please let us know you need help or supporting material.

Program Leaders:
Kontantinos Papapanagiotou
Fabio Cerullo
Spyros Gasteratos

Claudia Aviles Casanovas, Project Coordinator

2017 OWASP Global BoD Election Call for Candidates is Now Open!






OWASP is excited to announce that the 2017 Global Board of Directors Call for Candidates is Now Open!

You may submit your candidacy here. There are 4 seats available for this election. For the complete election timeline, board responsibilities, eligibility requirements, and other election details please visit our 2017 Election page

Some key updates for this year's election process:

  • Similar to years past, we will announce all verified candidates once the Call for Candidates closes. This process generates more candidates and minimizes any "popularity contests".  More candidates = more choices for you!  Candidates that wish to announce their candidacy themselves may do so at any time. 
  • An email will be sent to the entire community prior to the paid membership deadline (Sept. 30, 2017) asking them to check the Membership Directory to be sure they are listed as a current individual member.  Individuals who believe they are a current paid individual member, but their name does not appear in the Membership Directory, will be asked to contact us immediately.  Please feel free to check the directory now and contact me if you believe you should be listed as an Individual Member and are not.  
  • Unsubscribed emails to voting list - without an @owasp.org email address Simply Voting, our voting system, is unable to identify who has chosen to unsubscribe from receiving the emails which contain a unique link to each individual's ballot. To be sure all registered voters receive their ballots, OWASP will send an email notifying individuals that the email with their unique link to their ballot has been sent. If they did not receive their ballot, they will be asked to contact us immediately.
  • An email will be released in addition to social media posts on August 7 that will include the candidates names, "why me", profile picture, and bio.

Honorary Membership Update:
  • Honorary Membership is open YEAR ROUND!  Please refer to the Honorary Membership section on the election page for more detailed information.

We are looking forward to a successful election process. If you have any questions or if I can be of any assistance to you, please let me know.
 
Kindest Regards,  
 
Kelly Santalucia
Membership and Business Liaison

Tuesday, May 23, 2017

OWASP Leaders' Workshop Pt 1: 4 Major Changes and Leader Insight and Control



The Leaders' Workshop was held on Wednesday night before the AppSec Europe conference with about 30 project and chapter leaders in attendance. It covered some exciting new developments in the OWASP infrastructure as well as leaders' questions about ongoing concerns and upcoming events. If you have been a leader for at least six months, please remember that you can receive free access to any Global AppSec and that you can attend this pre-conference workshop even if you do not attend the conference.  In future conferences we plan to host the workshop on a GoToMeeting Webex as well to allow leaders from all over the world to join in.




There are four key changes coming to OWASP infrastructure as a result of the year-long listening activity that the staff has been engaged in as we assess how to tackle the organization's technical debt and growing pains.  The first four topics we are focusing on include the Website Reboot, the Association Management System (AMS), our mailing lists, and a volunteer program.  This meeting focused primarily on changes coming for our AMS and Lists.  


Website Reboot and Volunteer Systems


We started with a quick update to the Website Reboot and the Volunteer Program.  The Website reboot had hit some snags in scheduling as we waited for the board to approve funding for the project and then had to address a sudden loss of our host provider.  During this time Phase 1: Updating wiki source to 1.27.x  has been completed, Matt is writing the RFP for Phase 2: Wiki style updates, and Phase 3: single sign on is being integrated with the move to Amazon Web Services.  


The Volunteer Program is on the horizon and you should see surveys coming out in the next month and the first results in Q4.  Currently, the goal of the Volunteer Program will be to have an easy way for members and potential volunteers to put together a “Volunteer Resume” and apply to volunteer positions written by leaders.  The end goal is to allow leaders to a) have an easy way to widely distribute calls for volunteers, b) interview and choose volunteers, and C) track, interact with, and reward volunteers.  This program is also closely tied to the AMS and new abilities and insights it will give our leaders.


As always you can follow our monthly Operations Update posts on the OWASP Blog or in the OWASP Connector for detailed information on these projects as they progress.


Updated Association Management System


The Association Management System (AMS) is the platform that allows OWASP to effectively manage the needs of our community.  It is essentially cross-referenced lists of every request, member, volunteer, project, chapter, and sponsor OWASP has interacted with.  Until recently the technology to allow our community leaders to interact with this system in a sustainable and scale-able way did not exist.  Now we are glad to tell you that we are implementing a new system what will not only help things run more smoothly behind the scenes, but also give leaders significant insight into your project or chapter as well as create a single source of truth for the community to work with.  


We are now allowed to give visible and invisible badges to our leaders who will in turn be able to identify project and chapter contributors for badging. Amongst other things, when fully rolled out, leaders will be able to log into their force portal and see who is an OWASP member that has allocated to their chapter or project currently and in the past, as well as who they have listed as official contributors to their project.


Through APIs we will be able to allow special permissions for protected aspects of the wiki.  For example, leader positions will be tied directly to Sales Force so that even if someone changes them on the wiki they will revert to the official status. Additionally, project leaders can allow particular contributors to update protected projects pages. When tied with the upcoming volunteer platform, Leaders will have much more organized control, APIs will slowly be able to eliminate repetitive tasks, and key insights will be much more apparent.  


Equally as important are the new conveniences that authenticating with the force portal will bring.  In your portal page, not only will leaders be able to have new insights into WHO they are working with and HOW they are dividing the work, but the labor they are doing and the support they have requested will be clearly presented.  



The new force portal will create a single location to request, track, and receive funding.  Leadership badges mean that when their membership is up for renewal leaders will be directed to honorary (and if they choose, paid) membership plans rather than having to locate them based on prior knowledge.  It also means that we will be able to severely limit event codes which can lead to annoying slowdowns and frustrating disorganization.  You will be able to register for events directly from your portal and therefore you will be authenticated as a leader and have the discounts automatically applied to your order.  



Mailman Transformed


OWASP’s lists system is very problematic, it is bloated, it is unsupported, and currently, it is insecure.  No matter how we choose to address lists, at this point it would require a migration.  


We began our search for a replacement with a long list of requirements.  We needed a system that worked in both email and on a separate platform.  Our replacement needed to mobile native and allow for restricted lists as well as for a searchable archive.  It also needed to do a more successful job of fostering community than our current solution which has left us with crickets in the community list and many abandoned chapter and project lists.  Furthermore, it needs to allow for people to easily choose what communications they wish to interact with and ignore those they do not wish to spend time on without missing vital communications.  



In the end, the answer to our search was Discourse.  With Discourse we will allow us to create a platform that allows for users to customize their experience, it is searchable, archive-able, mobile native, and you can choose to interact with it through email or through the app/browser platform.  It also has features such as a daily digest that you can choose to replace up-to-the-minute notifications.  


The most important difference that our change to discourse will bring is a reorganization of our lists and how we use them. This is due partially because our current system is incompatible with Discourse, and partially because over the past decade we have learned much about what our community wants and  needs.   With Discourse we can create a system of communication that is both less siloed and more granular.  For instance, the most common complaint about the leader’s list is that too many discussions of governance happen in it.  By changing the structure we can create a place for leaders who wish to communicate without these discussions to thrive, while also supporting our community members who deeply care about governance.  We can also make it easy for our community members to dip into different sections when the topic is vital to them.



In Discourse we will have 6 main categories with subcategories.  

Community:
The Community category is the the “main” category for the average OWASP user.  Here there will be a Main uncategorized location to have general conversations.   You can expect recurring events such as puzzles, polls, or directed weekly questions as well as a location to chat with other community members from around the globe.

There will also be a Governance sub-category for those who are interested in discussing, changing, or writing on specific points of governance for our community.  Separately, there is a Board List for reading and communicating directly with the board of directors in their official capacities.  

The two NEW parts of this category are requests from Leaders and community members respectively: Many leaders have asked for an Announce Only list that they can subscribe to so that they can get information from OWASP without automatically signing up for the discussions that usually come with those announcements.  

The second was a request from community members for a place where they can ask specific appsec questions from people they already trust. Answers can be voted on, rewarded, and discussed.  One large request from the Leaders' Workshop was to limit this topic to only paid and honorary members of OWASP.  

Projects, Chapters, and Committees

The Projects, Chapters, and Committees will each have individual sub categories for each project, chapter, or committee (Example: AppSensor or Charlotte or Education Committee) as well their respective FAQs and a location for general uncategorized conversations about projects or chapters.

Projects will specifically have the ability to badge their contributors and allow them to have write-rights in project specific sub categories.

Events

The events category will have sub categories dedicated to local, regional, and global events.  Here you will be able to compare notes, get ideas and problem solve with other volunteers who are running events.  This is an excellent place for experienced event teams to mentor new event teams.  It will also serve as a great place for event teams to set up specific event topics for planning or to discuss making the events platform better.  

Leaders

The Leaders’ category will remain much as it does now, with the addition of an announce only section for the leaders list.  


What makes this system easier to use across categories is that each user can choose to follow individual categories, sub categories, or even topics.  No longer will someone be overwhelmed by the leaders list and therefore unwilling to engage in with the wider community.  As members sign up, they will be able to sign up for their own Chapter or Project sub category as well as join the community lists and other lists in just one step.  No more applying to join and hoping the moderator notices.  No more joining for one topic but having to slog through dozens of emails you are, frankly, uninterested in.  

Furthermore, due to the trust and social badging systems on Discourse, members will be identified and the volunteer work done by each member will be clearly available so that our top contributors can get the kudos they deserve. Best of all the, Discourse system is responsive.  Threads, topics, subcategories, and categories can change as our community changes--helping OWASP to meet community needs quickly.  

Timeline and Logistics  
Discourse is expected to start being rolled out in Q4 or Q1 of 2018.  In the meantime, we will be slowly beta testing features and you can respond to requests for testers as we roll them out and ramp up each test.  

Other Questions
Our leaders asked us three additional questions:
  • What is happening with the OWASP Code Sprint?
  • Discussion on move from 2 to 4 meetings per year
  • What does the foundation look at when judging if an event can be charged for or not?

We will be answering these questions in future blog posts.  Look for the Code Sprint post on Thursday May 25th and the other questions next week.  

If you have feedback on the Website Reboot, Volunteer program, our new AMS and the Force Portal, or the move to Discourse, please feel free to reach out on the lists, this comments section, or the talk page on the appropriate wiki page.  We will be monitoring all three.  

Which of these upgrades are you most excited about?