Re: Meetup

[Claudia Casanovas]

Hi Sean,

Please review the How to Start a Project  wiki page and submit a New Project Request Form to get started on your project.

Next steps:  

Creating Wiiki page for your project once information is completed

Reviewed and added to the Project Inventory List

Please let me know if you have any questions.

On Thu, Feb 18, 2016 at 8:40 PM, Sean Auriti <se...@alphaonelabs.com> wrote:

I added our notes here - https://github.com/CoderBounty/coderbounty/blob/master/OWASP.txt  wanted to try out the new drag and drop file upload... Looking forward to making this happen.

On Wed, Feb 17, 2016 at 7:01 PM, Sean Auriti <se...@alphaonelabs.com> wrote:

Great, thanks!

On Wed, Feb 17, 2016 at 6:54 PM Tom Brennan - OWASP <to...@owasp.org> wrote:

Claudia can help you navigate those options.

On Wed, Feb 17, 2016 at 4:49 PM, Sean Auriti <se...@alphaonelabs.com> wrote:

I've got the license setup. I have a few concerns about the donating the project part. I'd still like to retain some rights and come up with a structure that works to both Coderbounty, Inc.'s benefit and OWASP mutually. I think the points Johanna mentioned work perfectly and we can consider those on the roadmap. If we can work this out harmoniously then let's move forward!

On Wed, Feb 17, 2016 at 6:23 PM Tom Brennan - OWASP <to...@owasp.org> wrote:

Sean has there been any movement on YOUR effort?

http://www.coderbounty.com/

Have you filed to make it a OWASP project yet?

This is on the table have a read

https://docs.google.com/document/d/1PvNeEWgoO1w51VhHLwqqSgo0mBh-RvmSFUKMTz4QrYg/edit?usp=sharing

Tom Brennan
Global Board of Directors
NYC/NJ Metro Chapter Leader
(d) 973-506-9304

OWASP Foundation | www.owasp.org

On Tue, Dec 15, 2015 at 9:03 PM, Sean Auriti <se...@alphaonelabs.com> wrote:

Me too.

On Tue, Dec 15, 2015 at 10:52 PM Bev Corwin <bevc...@gmail.com> wrote:

Sounds good Sean, Sorry to miss you earlier today. Looking forward to future updates when they are available. Best wishes, Bev

On Tue, Dec 15, 2015 at 7:49 PM, Sean Auriti <se...@alphaonelabs.com> wrote:

Hi All,

I think the best next step is for me to submit the project. I'll send out a google doc and feel free to chip in.

In essence, you can consider Johanna's recent points as part of the Coderbounty roadmap. The project is now AGPL 3.0 and we're making progress every day.

Thanks,

Sean

On Tue, Dec 15, 2015 at 7:24 PM Claudia Casanovas <claudia.avil...@owasp.org> wrote:

Can you send me the meeting invite?  I do not have the invite.

Thank you

On Tue, Dec 15, 2015 at 4:04 PM, Sean Auriti <se...@alphaonelabs.com> wrote:

I'm in the goto meeting.  Is anyone else joining?

On Wed, Dec 9, 2015 at 2:04 PM, Tom Brennan <to...@proactiverisk.com> wrote:

Technically we can out of the gate right.. there is $500 allocated to new projects (and retro to any project without a balance currently) and on milestones on achieving next level (sounds like gamification grin)  etc.. so funding is not difficult. 

The other part is the management of the activities.  Does OWASP want to manage their own service like what Sean is suggesting and OWN the process task a staff member(s) to run it OR is paying 10% to a 3rd party the cost of doing business and cheap and gives OWASP new exposure to bug hunting developers. Both models have value.

Funding

https://www.owasp.org/index.php/Funding

Backed up by Oct 14th Board Vote on Projects and Chapters

https://www.owasp.org/index.php/OWASP_Board_Votes

Therefor 2016 is about execution with a 80% plan.. we will have to debate and work out the other 20% but that is OK everyone wants to see success here not failure, chaos or infighting. Finally the amounts regardless of 500, 5000, 50000 are simply placeholders and everything is open to discussion.  

Example you have a amazing concept, you ask for $1000 from each chapter * X chapters + the initial $500 + you do some crowdsourcing exercises MONEY is not a problem -- what we need solid advancement of the mission and that comes with innovation and experimentation.

I always admired: https://www.owasp.org/index.php/OWASP_Initiatives_Global_Strategic_Focus as a concept for requesting help and getting it..  (see current help requests - http://owasp.force.com/volunteers/GW_Volunteers__VolunteersJobListing simply adding a bounty to them would be in concept what we are talking about.. but we need move of a visual interface) 

Off to XMAS Shopping hohoho ;)

On Wed, Dec 9, 2015 at 1:48 PM, psiinon <psi...@gmail.com> wrote:

I think this looks really interesting.

I did try bountysource, but in the end I was using it to pay an existing contributor which means in reality I was just throwing away 10% of the money.

However I can definitely see the value for attracting new contributors and allowing customers to increase the rewards (and therefore hopefully the likelihood of someone fixing) issues they care about.

Maybe OWASP could actually cover some of the fees for labs projects and more of the fees for flagship projects? That would be a real benefit for projects and an incentive to get a project promoted.

Cheers,

Simon

On Wed, Dec 9, 2015 at 5:11 PM, Bev Corwin <bevc...@gmail.com> wrote:

Sounds good, perhaps a possible future "convergence" integration project if they are complimentary.

Bev

On Wed, Dec 9, 2015 at 11:55 AM, Tom Brennan <to...@proactiverisk.com> wrote:

*nod* I agree.  The value has to be determined and if it is a OWASP Foundation managed service (by the business) as part of the platform for the world the charity serves as well as from the individual volunteers that want to get things done on projects they are working on..  There are two perspectives and workflows in some cases 

After doing a quick search provides examples of others trying out the concept:  https://www.bountysource.com/search?query=owasp and I have a few projects and will throw out some in BOTH systems to try them out and experiment.  

On Wed, Dec 9, 2015 at 10:06 AM, johanna curiel curiel <johanna...@owasp.org> wrote:

>>The concept of simply getting the monies that are "ring fenced" following in the community via projects or chapters is the spirit of the discussion.

@Tom: as  project leader I think I have the choice to decide if I want to run a bounty through this platform or any other using the money that ha sheen set available for OWASP projects. 

My perspective on this is from a project leader. What is my benefit from using this platform instead of bountysource.com or hackerone for example?

On Wed, Dec 9, 2015 at 11:00 AM, Tom Brennan <to...@proactiverisk.com> wrote:

Keep in mind Johanna/All that this concept was discussed 12/7 and Sean
as a Brooklyn Chapter Leader is willing to adjust his code and make a
project out of it.. so the current state is before that.  The concept
of simply getting the monies that are "ring fenced" following in the
community via projects or chapters is the spirit of the discussion.

We have to be agile, tactical and see the big picture here with if
general rough concensous likes the concept we give it a try and
experiment --- that is OWASP.


On Wed, Dec 9, 2015 at 9:55 AM, johanna curiel curiel

<johanna...@owasp.org> wrote:
> Hi Sean
>
> I think since the project has quite big differences from the standard
> projects at owasp, you as the owner and also OWASP as a non-profit
> organisation will need to analyse the  conditions
>
> 1- I noticed there is a copyright under 'coderbounty' . If you want to run
> this project under OWASP that will have to change to an Open Source license,
> meaning the platform will be free and anyone can use your code. Are you sure
> you want to do that? Give all the work for free?
>
> 2.- No OWASP project makes actually money. Charging 10% fee means that the
> money will be handled by OWASP administration, similar to when money is
> donated to projects but the project leader is not 'free' to use the money as
> he wants.
>
> I don't know how other project leaders will feel about using this platform.
> I know Simon has used bountysource.com to run bounties on his project. If I
> see it from a project leader perspective, the question is:
> How does this platform benefit my project compare to use another platforms
> such as bountysource.com?
>
> Also what kind of implications does this project has on OWASP as it is not a
> security related project?
>
> I like the idea, is just that the project is quite different from the actual
> projects running at OWASP. Counderbounty is similar to other existing bounty
> source platforms as there are other platforms doing the same at the moment.
>
> Running the project under OWASP will also mean that security related issues
> on the platform becomes an exposure . We preach security , and I notice the
> project does not have an SSL certificate , so authentication is not secure
> ;-). Hope you get my point.
>
> Regards
>
> Johanna
>
> On Wed, Dec 9, 2015 at 10:38 AM, Sean Auriti <se...@alphaonelabs.com> wrote:
>>
>> Sounds good!
>>
>> Payments are currently accepted by Wepay and paid out by PayPal because
>> Wepay no longer does payments. We are switching to Braintree to be the
>> all-in-one solution.
>>
>> We have not been pen tested yet with this new release as far as I know
>> from the logs. I can prepare for that and will be more than happy to help
>> with it.
>>
>> Yes, Coderbounty takes a 10% fee.
>>
>> Sean
>>
>> On Wed, Dec 9, 2015 at 9:28 AM johanna curiel curiel
>> <johanna...@owasp.org> wrote:
>>>
>>> 2) the handbook states that projects must remain volunteer run. Since
>>> Coderbounty pays everyone involved, would this be an issue?
>>>
>>> This is a special project. Most OWASP projects are security and open
>>> source related initiatives.
>>> Coderbounty is a software platform that handles bounties and is not
>>> security related. This project could be considered into the 'operational
>>> project' category
>>>
>>> By being part of OWASP projects means
>>>
>>> The source code of 'coderbounty' must be open available, under an open
>>> source license
>>> It means any one can use your code under an open source license
>>>
>>> Some questions regarding payment transaction and security
>>>
>>> How are the payments handled by the platform?
>>> Has this platform been pen tested? I mean, if this is an OWASP project
>>> handling any form of credit and transaction data we should then make sure we
>>> practice what we preach ;-)
>>>  Does the 'platform' earn any form of commission?
>>>
>>>
>>> Regards
>>>
>>> Johanna
>>>
>>> On Wed, Dec 9, 2015 at 10:17 AM, Sean Auriti <se...@alphaonelabs.com>
>>> wrote:
>>>>
>>>> We are close to having a stable release and features, I'd say a few more
>>>> weeks. We've been using the site to build itself over the past month or so
>>>> with a bit of manual data entry and updating and it has proven to be a
>>>> valuable tool. Our immediate plan is to add bounties to the remaining issues
>>>> and speed this up.
>>>>
>>>> I'm open to how it will best serve OWASP's needs. One advantage of the
>>>> platform is that projects and organizations can co-exist to encourage
>>>> exploration and involvement.
>>>>
>>>> I read the project handbook and was wondering:
>>>>
>>>> 1) when signing the project donation contract, how does this affect a
>>>> project like this?
>>>>
>>>> 2) the handbook states that projects must remain volunteer run. Since
>>>> Coderbounty pays everyone involved, would this be an issue?
>>>>
>>>> Thank you for your support!
>>>>
>>>> Sean
>>>>
>>>>
>>>>
>>>>
>>>>
>>>>
>>>>
>>>>
>>>>
>>>> On Wed, Dec 9, 2015 at 8:42 AM Bev Corwin <bevc...@gmail.com> wrote:
>>>>>
>>>>> Hi Sean and everyone, Sounds like a great project, happy to support.
>>>>> Best wishes, Bev
>>>>>
>>>>> On Wed, Dec 9, 2015 at 7:54 AM, johanna curiel curiel
>>>>> <johanna...@owasp.org> wrote:
>>>>>>
>>>>>> Hi Sean
>>>>>>
>>>>>> The idea is to make www.coderbounty.com a 'bounty platform' containing
>>>>>> only OWASP projects bounties?
>>>>>>
>>>>>> Observation: Some of the 'bounties' do not seemed to be synchronised
>>>>>> with github. Example
>>>>>> http://www.coderbounty.com/issue/23/
>>>>>> appears open in the website but when you check it in Github is closed.
>>>>>>
>>>>>> How ready is the platform in terms of stable release and features?
>>>>>>
>>>>>> Cheers
>>>>>>
>>>>>> Johanna
>>>>>>
>>>>>> On Wed, Dec 9, 2015 at 12:52 AM, Jim Manico <jim.m...@owasp.org>
>>>>>> wrote:
>>>>>>>
>>>>>>> A platform like this is exactly what John Melton and other senior
>>>>>>> project leaders have asked for to increase participation. So I certainly
>>>>>>> support this kind of effort. I am very willing to pay folks to help with
>>>>>>> project in this sort of fashion. It will not (at all) break the bank.
>>>>>>>
>>>>>>> Aloha,
>>>>>>> Jim
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>> On 12/8/15 7:34 PM, Tom Brennan wrote:
>>>>>>>
>>>>>>> Sean I believe that you have a WINNER for the OWASP global community
>>>>>>> based on our talk last night at OWASP NYC Chapter meeting about making it a
>>>>>>> OWASP Project.   cc to Dinis, Jim, Micheal, Ken, Claudia, Johanna Simon and
>>>>>>> Josh who I believe will see immediate value in such a effort focused on
>>>>>>> OWASP Projects in light of recent events.
>>>>>>>
>>>>>>> www.coderbounty.com
>>>>>>>
>>>>>>> In concept, we could list every OWASP project (since they all have a
>>>>>>> min of $500 now at a min.,) and really try to get 10-15 of the active
>>>>>>> leaders to become interactive and post bounties for sprints. OWASP
>>>>>>> operations needs to feed it and provide quarterly payouts with funding from
>>>>>>> here:
>>>>>>> https://www.owasp.org/index.php/Donation_Scoreboard  <-- note tabs
>>>>>>>
>>>>>>> The Bounties could help us also achieve partial gamification within
>>>>>>> OWASP for builders working on cheat sheets, projects in GIT, writing code
>>>>>>> and related tasks.  Could we do the same thing with a odesk.com or
>>>>>>> freelancer.com account... maybe but I think you captured the simplification
>>>>>>> nicely!
>>>>>>>
>>>>>>> P.S. - IMHO This is exactly the type of PLATFORM value that OWASP
>>>>>>> needs to provide to projects. If the project is not a OWASP <Project> it
>>>>>>> would not be in the tool and get the support and full time management of the
>>>>>>> back office team as example.
>>>>>>>
>>>>>>> thoughts, professional discussions
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>> On Tue, Dec 8, 2015 at 9:49 PM, Bev Corwin <bevc...@gmail.com>
>>>>>>> wrote:
>>>>>>>>
>>>>>>>> Thanks Tom, We can explore possibilities at our next OWASP Brooklyn
>>>>>>>> Chapter Leaders GoToMeeting session in March. Sounds good if the chapter
>>>>>>>> leaders and members are interested. Hope that we can do more of the same
>>>>>>>> again at OWASP NY and LI, as well. Happy Holidays & Best wishes for the New
>>>>>>>> Year, Bev
>>>>>>>>
>>>>>>>> On Tue, Dec 8, 2015 at 8:32 AM, Tom Brennan <to...@proactiverisk.com>
>>>>>>>> wrote:
>>>>>>>>>
>>>>>>>>> Thanks for coming last night hope you enjoyed what we put on.
>>>>>>>>>
>>>>>>>>> If you replicate what we did last night in Brooklyn Q1 you might
>>>>>>>>> find new new energy for 2016 and Sean is your first submission
>>>>>>>>>
>>>>>>>>> ---------- Forwarded message ----------
>>>>>>>>> From: Sean Auriti <se...@alphaonelabs.com>
>>>>>>>>> Date: Monday, December 7, 2015
>>>>>>>>> Subject: Meetup
>>>>>>>>> To: Tom Brennan <to...@proactiverisk.com>
>>>>>>>>>
>>>>>>>>>
>>>>>>>>> Hi Tom, I contacted you through Facebook and your OWASP email. Not
>>>>>>>>> sure if you got the message. I'd like to pitch Coderbounty tonight if you
>>>>>>>>> can squeeze me in for 5 minutes. Because I think it's a great topic and
>>>>>>>>> relevant to what we are doing. Please let me know! Sean
>>>>>>>>>
>>>>>>>>>
>>>>>>>>>
>>>>>>>>> --
>>>>>>>>>
>>>>>>>>> Tom Brennan
>>>>>>>>> ProactiveRISK
>>>>>>>>> 973-506-9304
>>>>>>>>>
>>>>>>>>> Need to book time with me to discuss an existing or a future
>>>>>>>>> project click on my virtual calendar
>>>>>>>>> https://secure.scheduleonce.com/TomBrennan
>>>>>>>>>
>>>>>>>>> The information contained in this message and any attachments may
>>>>>>>>> be privileged, confidential, proprietary or otherwise protected from
>>>>>>>>> disclosure. If you, the reader of this message, are not the intended
>>>>>>>>> recipient, you are hereby notified that any dissemination, distribution,
>>>>>>>>> copying or use of this message and any attachment is strictly prohibited. If
>>>>>>>>> you have received this message in error, please notify the sender
>>>>>>>>> immediately by replying to the message, permanently delete it from your
>>>>>>>>> computer and destroy any printout.
>>>>>>>>
>>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>> The information contained in this message and any attachments may be
>>>>>>> privileged, confidential, proprietary or otherwise protected from
>>>>>>> disclosure. If you, the reader of this message, are not the intended
>>>>>>> recipient, you are hereby notified that any dissemination, distribution,
>>>>>>> copying or use of this message and any attachment is strictly prohibited. If
>>>>>>> you have received this message in error, please notify the sender
>>>>>>> immediately by replying to the message, permanently delete it from your
>>>>>>> computer and destroy any printout.
>>>>>>>
>>>>>>>
>>>>>>
>>>>>
>>>
>

--

The information contained in this message and any attachments may be
privileged, confidential, proprietary or otherwise protected from
disclosure. If you, the reader of this message, are not the intended
recipient, you are hereby notified that any dissemination, distribution,
copying or use of this message and any attachment is strictly prohibited.
If you have received this message in error, please notify the sender
immediately by replying to the message, permanently delete it from your
computer and destroy any printout.

The information contained in this message and any attachments may be privileged, confidential, proprietary or otherwise protected from disclosure. If you, the reader of this message, are not the intended recipient, you are hereby notified that any dissemination, distribution, copying or use of this message and any attachment is strictly prohibited. If you have received this message in error, please notify the sender immediately by replying to the message, permanently delete it from your computer and destroy any printout.

--

OWASP ZAP Project leader

The information contained in this message and any attachments may be privileged, confidential, proprietary or otherwise protected from disclosure. If you, the reader of this message, are not the intended recipient, you are hereby notified that any dissemination, distribution, copying or use of this message and any attachment is strictly prohibited. If you have received this message in error, please notify the sender immediately by replying to the message, permanently delete it from your computer and destroy any printout.

--

Claudia Aviles-Casanovas

Project Coordinator

Phone:973-288-1697

The information contained in this message and any attachments may be privileged, confidential, proprietary or otherwise protected from disclosure. If you, the reader of this message, are not the intended recipient, you are hereby notified that any dissemination, distribution, copying or use of this message and any attachment is strictly prohibited. If you have received this message in error, please notify the sender immediately by replying to the message, permanently delete it from your computer and destroy any printout.

The information contained in this message and any attachments may be privileged, confidential, proprietary or otherwise protected from disclosure. If you, the reader of this message, are not the intended recipient, you are hereby notified that any dissemination, distribution, copying or use of this message and any attachment is strictly prohibited. If you have received this message in error, please notify the sender immediately by replying to the message, permanently delete it from your computer and destroy any printout.

--

Claudia Aviles-Casanovas

Project Coordinator

Phone:973-288-1697

[Sean Auriti]

I have filled out the application to make Coderbounty an OWASP project and signed up for the wiki. Looking forward to the next steps!

[Claudia Casanovas]

Hi Sean,

I am working on your request today and will send your next steps.  I am building your wiki page with your information and will send shortly.

Claudia

[Sean Auriti]

Thank you so much!

[Claudia Casanovas]

Hi Sean,

I have reviewed the information submitted for your New OWASP Code Bounty Project and have created a wiki page for your project with the information submitted.  In addition, you should have received an email with the link and some instruction to get you started.

Link : https://www.owasp.org/index.php/OWASP_Coder_Bounty_Project#tab=Main

Please let me know if you have any questions.

Claudia Aviles-Casanovas

Project Coordinator

[Sean Auriti]

Awesome, thank you! I will fill it out and return it today.

[Sean Auriti]

Hi All,

I've updated the OWASP Coderbounty page - https://www.owasp.org/index.php/OWASP_Coderbounty_Project.  Please let me know the next steps.

Regards,

Sean

[johanna curiel curiel]

Hi Sean

Awesome. I just registered and we are planning to use this to kickoff one owasp project.

I have never use we pay, so I'm going to check that and see how that works

Cheers

Johanna

--

Johanna Curiel 

OWASP Volunteer

[Sean Auriti]

Awesome! We're on PayPal now and have been approved for payouts. Looking forward to accelerating the projects! Thanks so much.