[GPC] Draft of an assessment criteria 2.0 diagram

Brad Causey bradcausey at gmail.com
Sun Oct 4 20:51:35 EDT 2009 

I love the graphic. Hell, I think even I understand it better. =)

I think this is a great idea. The word "certification" carries with it
some bad mojo, but used correctly, it can be a valuable reward. We
need to make sure we are comfortable with project leaders pimping
projects as "OWASP Certified".  I"m not against it, but just a heads
up that it _could_ cause something to reflect poorly on us. For
example, lets use W3AF. Some part of it was SoC, and now it has
morphed into something entirely different and borderline commercial.
Had we "OWASP certified" the GTK+ GUI, are we all OK with Andres going
around saying that W3AF is OWASP certified in all of its future
releases? Just trying to play devil's advocate.




-Brad Causey
CISSP, MCSE, C|EH, CIFI, CGSP

http://www.owasp.org
--
Never underestimate the time, expense, and effort an opponent will
expend to break a code. (Robert Morris)
--



On Sat, Oct 3, 2009 at 8:23 PM, Leonardo Cavallari Militelli
<leonardocavallari at gmail.com> wrote:
> Cool. I`ve been wondering about that, and I believe we should have this
> "certified" concept within OWASP.
> This could permit OWASP to certify a non-OWASP project that just joined our
> community (i.e: Joomla vulnerability Scanner).
>
> What you guys think?
>
> Leo
>
>
> On Sat, Oct 3, 2009 at 6:49 PM, Pravir Chandra <chandra at owasp.org> wrote:
>>
>> Thanks, Leo! Great suggestion for using the word 'Certified' instead.
>> I'll make that change for the next version.
>>
>> Once we're settled on edits, I can send out the originals so we can
>> get volunteers to make a bunch of translations.
>>
>> p.
>>
>> On 10/3/09, Leonardo Cavallari Militelli <leonardocavallari at gmail.com>
>> wrote:
>> > Hi Pravir,
>> > This is something very impressive and much more "intelligible" than a
>> > long
>> > document. Well done!
>> >
>> > I would say that maybe we could change the "approval" designation
>> > between
>> > levels 2 and 3 for "Certified". It seems to me that the word "approval"
>> > means that OWASP is not giving that importance to the project before it
>> > gets
>> > there, what is not true. While Certified would mean that the project
>> > reach a
>> > very good stage to a point that OWASP speaks for it.
>> >
>> > Nothing more to add up. Nice art workl!
>> > Best,
>> > Leo
>> >
>> >
>> > On Sat, Oct 3, 2009 at 1:31 PM, Pravir Chandra <chandra at owasp.org>
>> > wrote:
>> >
>> >> Hey Guys.
>> >> It took me a little longer than expected, but here's a diagram meant to
>> >> illustrate the assessment criteria process. I've got it all in layered
>> >> vector, so we can break it up into pieces for individual wiki pages,
>> >> and
>> >> do
>> >> lots of remixing pretty easily.
>> >>
>> >> Take a look and we can discuss on the Monday GPC call (though I might
>> >> have
>> >> a conflict since I'm traveling, so email feedback is good too). I took
>> >> a
>> >> few
>> >> liberties in naming and arrangement, so please let me know if I screwed
>> >> anything up.
>> >>
>> >> Thanks.
>> >>
>> >> p.
>> >>
>> >> _______________________________________________
>> >> Global-projects-committee mailing list
>> >> Global-projects-committee at lists.owasp.org
>> >> https://lists.owasp.org/mailman/listinfo/global-projects-committee
>> >>
>> >>
>> >
>
>
> _______________________________________________
> Global-projects-committee mailing list
> Global-projects-committee at lists.owasp.org
> https://lists.owasp.org/mailman/listinfo/global-projects-committee
>
>

More information about the Global-projects-committee mailing list