Sunday, June 29, 2008

June 29th, the 50% mark for Summer of Code 2008 is here.  Here’s an unofficial update of what has been done for the OWASP .NET Project for SOC 2008:

Goal 1:  OWASP .NET Site Reorganization

Pages (I’d say I’m about 50% done – there’s a ton of stuff that I *want* to add, but as far as what is useful and relevant, the content is about 50% there.)

Special Projects becomes Vulnerability Research

After discussions with OWASP .NET Project contributors and Dinis Cruz, added Recommended Resources

Goal 2: OWASP .NET Project Outreach

Presentation Materials for OWASP & OWASP .NET & Software Lifecycle

OWASP .NET Bullet Points

Community Outreach

  • User Groups – I gave a 10 minute introduction to OWASP .NET Reorg in the OWASP EU App Sec 2nd Keynote.  I reached out to OWASP Philadelphia and New York to find time for me to present (still working on these), plan on reaching out to other groups for the 2nd half.)
  • Forums - Participating in ASP.NET forum, I need to be more involved and find additional forums.
  • Microsoft MVP Community – I reached out to Alex Smolen, a Security MVP who informed me that there was talk about having MVP’s participate in the OWASP .NET side.  I will continue to push for their involvement.
  • Microsoft - I have a couple of contacts that I will work with at Microsoft to keep me in the loop.

Media Outreach

  • ISSA Journal - I was asked to submit an abstract for an upcoming issue of ISSA.  The editor is interested in a couple of ideas that I provided.  I will be completing this in the next few weeks.
  • ISC2 Blog - I was giving blogging privileges for the ISC2 Blog (CISSP folks).  I haven’t found the right content to bridge security development and the CISSP level stuff, but I have a few ideas in my backlog.
  • MSDN Magazine - I e-mailed the editor and he offered to present OWASP .NET as a resource for their Toolbox section.  I volunteered to provide anything required.
  • OWASP Media Guidelines - As I’m working on an article for ISSA, I’m keeping a log of what things other OWASP authors might find useful.  For example, a standard blurb about OWASP and your project as part of your author introduction.

Goal 3: OWASP Project Support

Projects that I’m working with in addition to OWASP .NET Reorganization that will allow me to continue to recruit content for OWASP .NET

Here is the roadmap going forward for the next half of Summer of Code 2008