[GPC] [Fwd: Re: RFC - All: Early Draft of Assessment Criteria & Agenda item for next meeting]

Thu Apr 2 10:21:03 EDT 2009

Hello Ivan,
I really appreciate your time to explain what you've been doing and how you
could help.

I believe your workflow and tool will be really useful to make easier the
process of produce, translate and keep up-to-date all OWASP articles,
documentation and books. There were some discussion regarding the
possibility to replace wikimedia platform due difficulties to keep
everything up-to-date, translasted and synced within this platform.
Currently, the only important feature I missed in this process is the
capability of convert XML/Wikimedia/XML format, once documentation project's
articles should exist into OWASP wiki and on PDF document. Do you have an
idea how we could managed this need?

And yes, I'm interested to know more details about the workflow process and
software you developed. Could you develop a first draft template based on this
document <http://www.owasp.org/images/d/da/OWASP_Top_10_2007_RC1.doc>and
then share your process/tool with us? This way we all can understand what's
all about and determine efforts to put it in place.

According the way we move and this software/process maturity, maybe we
consider the possibility to replace current document projects platform, or
even all OWASP website, to something more easy to handle as XML docs. :)

Thanks for all your help.
Best,
Leo Cavallari

On Wed, Apr 1, 2009 at 4:37 PM, Ivan Ristic <ivanr at webkreator.com> wrote:

> Hi Paulo,
>
> Before I respond to your email, one small thing: please update your
> address book to replace my @breach email address with this one,
> ivanr at webkreator.com. Since I left Breach Security in January this year,
> I no longer receive email there. My colleagues spotted your email and
> were kind to forward it to me.
>
> After talking to Dinis I wanted to put together a document where I would
> outline my ideas relating to publishing, and explain how they relate to
> OWASP, but... my writing was delayed because there are so many things to
> do in a day. (I am sure you are familiar with the problem.) Anyway, I
> will try to explain my thoughts here. It looks as if it would be both
> faster and more effective.
>
> I am currently building a single-source publishing workflow for my own
> needs. I wrote my book, Apache Security, in 2005 and didn't like the
> process. You have to write your book in Word, only to give it to some
> production people to convert it into something else for publishing. The
> process is manual and very slow. I wanted to publish updates regularly,
> but that was impossible.
>
> With single source publishing you write your book using a WYSIWYG XML
> editor and keep the book in XML (DocBook). From there you can instantly
> publish it into any of the supported formats: PDF for printing, PDF for
> on-screen reading, HTML, ePub, Kindle, etc. Publishing is essentially
> real-time.
>
> Real-time allows for continuous writing. You update your book whenever
> you feel the need, and push it instantly to your readers. Books are kept
> in a source code repository (e.g. Subversion), and usually exist in
> several versions at the same time (e.g. stable, development, etc.).
>
> What I have described so far is relatively easy to implement using
> existing tools. There isn't a free XML editor that's good enough for
> book writing, but they are inexpensive for personal/non-profit use.
>
> If you're interested in single-source publishing we can put the above
> process in place relatively easily. I would help by sharing what I know
> and giving the software I have developed free of charge. Additionally, I
> can develop a template that will be used for all OWASP books. An
> advantage of XML/DocBook is that it focuses on semantics: authors need
> not worry about layout at all.
>
> In the second phase of what I am doing, I want to go further. I want to
> design a platform for collaborative writing and translation. The idea is
> to keep the principle the same, keep XML editors for power users, but
> enable people to contribute using just their browsers.
>
> In addition, the software will support two important processes:
>
> - Continuous editing; indicate the changes between two versions to allow
> editors to only look at them.
>
> - Continuous translation; indicate the changes between two versions to
> allow translators to only translate them.
>
> To finish it off, I am planning to allow for collaborative reading,
> where multiple readers read the book at the same time, communicate in
> real time, and leave comments. I have a number of very interesting
> ideas, but this email is not long enough to mention them all.
>
> Finally, I think OWASP should publish the most interesting books
> properly, giving them ISBNs and making them available worldwide (e.g. on
> Amazon, etc.). If that's of interest, I'd be happy to discuss the
> possibilities. Did I mention that I am working on a single-source
> publishing solution because (in addition to being very passionate about
> the subject, of course) because I've started a computer security book
> publishing company? :)
>
>
> > Subject:
> > RE: [GPC] RFC - All: Early Draft of Assessment Criteria & Agenda item
> > for next meeting
> > From:
> > Paulo Coimbra <paulo.coimbra at owasp.org>
> > Date:
> > Wed, 1 Apr 2009 12:49:37 -0400
> > To:
> > Ivan Ristic <ivanr at breach.com>
> >
> > To:
> > Ivan Ristic <ivanr at breach.com>
> > CC:
> > 'Leonardo Cavallari Militelli' <leonardocavallari at gmail.com>, 'Global
> > Projects Committee' <global-projects-committee at lists.owasp.org>
> >
> >
> > Hello Ivan,
> >
> > Hope you are well.
> >
> > Please allow me to introduce you to Leonardo Militelli.
> >
> > Leonardo is an OWASP Projects Committee member and he is dealing with
> > the task of updating the documentation part of the OWASP assessment
> > criteria. In this context, in the Committee's last meeting, the question
> > of creating a template for OWASP documents has been arisen and Dinis has
> > remembered that, given the software in which you are currently working,
> > you could help.
> >
> > If you have the cycles to give us a hand, could you please talk directly
> > with Leonardo about this issue? I thank you in advance.
> >
> > Best regards,
> >
> > Paulo Coimbra,
> >
> > OWASP Project Manager <https://www.owasp.org/index.php/Main_Page>
> >
> > Block your agendas for May 11-14 and join us - *OWASP AppSec Europe 2009
> > <http://www.owasp.org/index.php/AppSecEU09>*
> >
> > *From:* Leonardo Cavallari Militelli [mailto:leonardocavallari at gmail.com
> ]
> > *Sent:* terça-feira, 31 de Março de 2009 11:56
> > *To:* Matt Tesauro
> > *Cc:* dinis cruz; jason.li at owasp.org; Pravir Chandra; Paulo Coimbra
> > *Subject:* Re: [GPC] RFC - All: Early Draft of Assessment Criteria &
> > Agenda item for next meeting
> >
> > I just like to add that I'm still working over Document Criteria. There
> > are some chunks that need to be addressed in order to complete it, e.g :
> > template for documents (Ivan Ristic has some ideas/models to share and
> > Paulo will contact him).
> >
> > []'s
> >
> > On Tue, Mar 31, 2009 at 1:23 AM, Matt Tesauro <mtesauro at gmail.com
> > <mailto:mtesauro at gmail.com>> wrote:
> >
> > == Agenda Item for next GPC meeting ==
> >  * We need to prepare the 3 slides of the committee's work for the
> > meeting on April 6th.  These will be used at the OWASP board meeting the
> > next day.
> >
> > == Assessment Criteria v 2.0 ==
> > Since I still cannot tell International time and I foolishly only read
> > the subject of Paulo's email, I missed completely our meeting today.
> > Below is a link to the material I was madly typing up as the meeting
> > happened without me:
> > http://www.owasp.org/index.php/Push_for_Quality
> >
> > NOTE:  This is a purposefully orphaned page which is not linked from
> > anywhere in the OWASP wiki.  I channeled some of Pravir's wiki foo and
> > created this page for our discussion before it "goes live".  I wanted to
> > have it in wiki format as opposed to a Google Doc.
> >
> > Please take some time to read over it and give me any feedback you may
> > have.  This is significantly more content than was announced on the
> > OWASP leaders list so that we can discuss before public posting.
> >
> > A few points to have in mind while reviewing the page:
> > * Generally speaking, it gets less accurate the further down the page
> > you go.
> > * I'm planning on making a brief "one-page" overview of this entire page
> > once the message is finalized.  I'm hoping to get some graphic design
> > help to make some sort of image/graphic of the process.
> > * Yes the page is massively too long and it will be broken into sensible
> > chunks after the draft process is over.
> > * If you see "NOTE:" in bold, that's an editorial note to the GPC, not
> > content for publication.
> >
> > Cheers!
> >
> > --
> > -- Matt Tesauro
> > OWASP Live CD Project Lead
> > http://www.owasp.org/index.php/Category:OWASP_Live_CD_2008_Project
> > http://mtesauro.com/livecd/ - Documentation Wiki
>
> --
> Ivan Ristić
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: https://lists.owasp.org/mailman/private/global-projects-committee/attachments/20090402/5ee5b365/attachment.html 