[GPC] Open-sourcing JXT
Jason Li
jason.li at owasp.org
Thu Oct 28 00:54:01 EDT 2010
Indeed. I don't mind having a standard form email - as you said, it
makes things look a little more professional. And I think Paulo does a
great job keeping up with these requests and managing the overall
process. And we leverage that process well for what OWASP needs.
But I think we can help make that process less intimidating for new
projects - we have certainly received, shall we say, "unpositive"
feedback on the process in the past.
Yes, we have larger, more difficult problems to tackle. But this is
something that has profound impact on the success of OWASP projects
and is something that is small and easy to accomplish.
If we only focus on the large, difficult tasks - we'll never get
anything done (see the last 10 months of the GPC).
-Jason
On Wed, Oct 27, 2010 at 1:45 PM, Jeff Williams
<jeff.williams at aspectsecurity.com> wrote:
> Perhaps we can just make it more clear that we will be helping you along the
> roadmap, and there are only a very few things that need to be done to get
> started.
>
>
>
> --Jeff
>
>
>
>
>
> From: global-projects-committee-bounces at lists.owasp.org
> [mailto:global-projects-committee-bounces at lists.owasp.org] On Behalf Of
> dinis cruz
> Sent: Wednesday, October 27, 2010 7:48 AM
> To: Jason Li
> Cc: Jeff Williams; Global Projects Committee
>
> Subject: Re: [GPC] Open-sourcing JXT
>
>
>
> Well we are not asking for 'in depth roadmaps' and in fact I think that
> email makes us look quite professional (and with good attention to detail).
>
>
>
> Not that the new process needs improvement, but I think that the GPC should
> focus on the current hard problems (like for example project's leaderships,
> project reviews and project health mappings)
>
> Dinis Cruz
>
> On 27 Oct 2010, at 03:05, Jason Li <jason.li at owasp.org> wrote:
>
> GPC,
>
>
>
> We *really* need to make it a priority on our agenda to improve the project
> startup process for Paulo.
>
>
>
> I know the level of information requested is necessary in a manner of
> speaking, but when an organization *donates* code to OWASP, we have to make
> sure that we're not scaring them away with lots of bureaucratic overhead.
> Asking someone that's donating to OWASP for things like PowerPoint
> presentations, Datasheets, and in depth roadmaps can seem like
> administrative red tape that will just discourage folks from donating
> valuable projects to OWASP.
>
>
>
> -Jason
>
> On Tue, Oct 26, 2010 at 2:47 PM, Paulo Coimbra <paulo.coimbra at owasp.org>
> wrote:
>
> Hello SuccessFactors’ Team,
>
>
>
> First of all, thank you for volunteering to lead an OWASP Project. It is
> with volunteers like yourself that OWASP continues to succeed in making
> application security visible.
>
> Second, regarding your new leadership of this project, I'd like to request
> that you send a project roadmap - basically the high level details of where
> you'd like to take the project. The OWASP Global Projects Committee (GPC)
> will look at the roadmap and provide feedback on your project: suggesting
> projects which are closely related, resources and contacts which may assist
> your efforts and any other suggestions to increase your project's success.
>
>
>
> To get your project started, here are a couple of references for your
> review:
>
> - The Guidelines for OWASP Projects provide a quick overview of items key
> to a projects success -
> http://www.owasp.org/index.php/Guidelines_for_OWASP_Projects,
>
> - OWASP's Assessment Criteria is the metric by which projects are
> evaluated. There are three categories for projects: Alpha, Beta, and
> Release. The Assessment Criteria allows project leaders to know what
> aspects of projects OWASP values -
> http://www.owasp.org/index.php/Category:OWASP_Project_Assessment,
>
>
>
> - OWASP's GPC blog - http://globalprojectscommittee.wordpress.com/,
>
> Your project will have an OWASP wiki page to inform and promote your project
> to the OWASP community. To setup your project's page, please provide the
> details below so that the GPC can establish your initial project page. The
> details provided will be used to complete OWASP's project template. Feel
> free to add any additional information to wiki page or request assistance
> about how to add to your projects wiki page.
>
> Details to create your project page:
> (0) Project Name,
>
> (1) Project purpose / overview,
> (2) Project Roadmap (as mentioned above),
> (3) Project links (if any) to external sites,
> (4) Project License
> (http://www.owasp.org/index.php/Guidelines_for_OWASP_Projects#Project_Licensing),
> (5) Project Leader name,
>
> (6) Project Leader email address,
> (7) Project Leader wiki account - the username (you'll need this to edit the
> wiki - http://www.owasp.org/index.php/Tutorial),
> (8) Project Contributor(s) (if any) - name email and wiki account (if any),
>
> As your project reaches a point that you'd like OWASP to assist in its
> promotion, the GPC will need the following to help spread the word about
> your project:
>
> * Conference style presentation describing the project in at least 3 slides
> -
> http://globalprojectscommittee.wordpress.com/2009/07/27/what-is-the-3x-slide-presentation-thing/
>
> * Project Flyer/Pamphlet (PDF file) -
> http://globalprojectscommittee.wordpress.com/2009/07/21/what-is-this-project-flyerpamphlet-thing/
>
> As work on your project progresses and you are ready to create a release,
> please let the GPC know of the change in status. The GPC can work with you
> to get your project assessed and moved up the OWASP quality ladder from
> Alpha to Beta to Stable. Every release does not require an assessment -
> feel free to email the GPC if you are unsure about your project's
> requirements. For examples of projects at various quality levels, please
> see the OWASP Project page -
> http://www.owasp.org/index.php/Category:OWASP_Project
>
> That is all for now - I wish you and your project great success. Thank you
> for supporting OWASP's mission.
>
> Should you have any questions or require any further information, please do
> not hesitate to contact me.
>
> Many thanks, best regards,
>
>
>
> Thanks,
>
> - Paulo
>
>
>
>
>
> Paulo Coimbra,
>
> OWASP Project Manager
>
>
>
> From: Jeff Williams [mailto:jeff.williams at owasp.org]
> Sent: sábado, 23 de Outubro de 2010 02:54
> To: Paulo Coimbra
> Cc: 'Jermaine Guilbeaux'; 'Jim Manico'; 'Trang Dang'; 'Tom Fisher'; 'Jeffrey
> Ichnowski'; 'Steve Dyer'
> Subject: RE: Open-sourcing JXT
>
>
>
> Paulo,
>
>
>
> The folks at SuccessFactors have generously offered to contribute their JXT
> technology to OWASP as a new open source project. Can you help them get set
> up with a wiki page, mailing list, and other information. In particular,
> let’s make sure that their logo is featured on the project home page as the
> project sponsor.
>
>
>
> Thanks,
>
>
>
> --Jeff
>
>
>
> Jeff Williams, Chair
>
> The OWASP Foundation
>
> work: 410-707-1487
>
> main: 301-604-4882
>
>
>
> From: Jim Manico [mailto:jim.manico at owasp.org]
> Sent: Tuesday, October 12, 2010 10:39 PM
> To: 'Trang Dang'; 'Tom Fisher'; 'Jeffrey Ichnowski'; 'Steve Dyer'
> Cc: 'Jeff Williams'; 'Jermaine Guilbeaux'
> Subject: RE: Open-sourcing JXT
>
>
>
> I assume this is 9am Pacific time?
>
>
>
> That would be 9:30pm Friday evening 10/15, India (Bangalore) time. Works for
> me. I’ll hold off on my Friday night glass of wine (or 2) until after we
> meet.
>
>
>
> Aloha + Namascar,
>
> - Jim
>
>
>
> From: Trang Dang [mailto:tdang at successfactors.com]
> Sent: Tuesday, October 12, 2010 11:56 PM
> To: Tom Fisher; Jim Manico; Jeffrey Ichnowski; Steve Dyer
> Cc: Jeff Williams; Jermaine Guilbeaux
> Subject: RE: Open-sourcing JXT
>
>
>
> All,
>
> Tom and Steve can be available for a call on Friday, 10/15 at 9AM. Please
> confirm and we set up a conference line or if you prefer to meet in person
> at our offices works also.
>
>
>
>
>
> Best regards,
>
> Trang Dang
> Executive Assistant
>
> SuccessFactors, the Global Leader in Business Execution Software
> Office: 650-581-6679 / Mobile: 650-776-7245
>
> HQ: 1500 Fashion Island Blvd. Suite 300, San Mateo, CA 94404
>
>
>
> Read NOW: SuccessFactors Is The Future Of Business Software
>
>
>
> Execution Is The Difference (TM)
> Follow us: http://twitter.com/SuccessFactors
> Fan us: http://facebook.com/SuccessFactors
>
> <image001.jpg>
>
>
>
>
>
>
>
> From: Tom Fisher
> Sent: Tuesday, October 12, 2010 10:57 AM
> To: Jim Manico; Jeffrey Ichnowski; Steve Dyer
> Cc: 'Jeff Williams'; Trang Dang
> Subject: RE: Open-sourcing JXT
>
>
>
> Adding Trang Dang to see if we can get this on the calendar.
>
>
>
> Thank you Jim!
>
>
>
> From: Jim Manico [mailto:jim.manico at owasp.org]
> Sent: Monday, October 11, 2010 9:50 PM
> To: Jeffrey Ichnowski; Tom Fisher; Steve Dyer
> Cc: 'Jeff Williams'
> Subject: RE: Open-sourcing JXT
>
>
>
> *bringing Jeff Williams into the conversation*
>
>
>
> I would be happy to get on a call with you, Jeff-I and Steve. Tom too, I
> guess. ;) I appreciate SuccessFactors willingness to open source this
> project – I know it’s counter to your culture. There are many projects at
> OWASP, but this auto-escaping technology is near and dear to my heart – I
> think the benefits to the Java community will be dramatic.
>
>
>
> I’m currently in India, we just need to schedule around that. This week is
> best, I’m in class teaching all next week.
>
>
>
> Perhaps Friday?
>
>
>
> Press will come naturally. I’ll offer to put you on the OWASP Podcast to
> discuss this project, we have a large audience in the WebSec community. I
> and others will be tweeting about this. Most important, I’ll use it in my
> next project. I’d like you to submit a talk to Java One and other *developer
> centric* conference to discuss this. I’ll be glad to make several other
> suggestions.
>
>
>
> Now normally, I recommend new projects take a “rogue” approach and just
> create a wiki page at OWASP.org and see if the project gets any uptake.
>
>
>
> But for this project, I highly recommend we all go the formal route. It’s an
> intense process, but will ensure maximum visibility.
>
>
>
> Please review http://www.owasp.org/index.php/How_to_Start_an_OWASP_Project
> and let me know what you think. I (and several other OWASP volunteers) will
> help guide you through the process.
>
>
>
> I’m thrilled about this. XSS is a brutally difficult problem, and a
> production quality auto-escaping technology, if done correctly, will make
> XSS defense “invisible” to the developer. It’s the only way we can all win
> “at scale”.
>
>
>
> Aloha and Namascar,
>
> Jim
>
>
>
>
>
> From: Jeffrey Ichnowski [mailto:jeffi at successfactors.com]
> Sent: Tuesday, October 12, 2010 2:02 AM
> To: James Manico; Tom Fisher; Steve Dyer
> Subject: Open-sourcing JXT
>
>
>
> Hi Jim,
>
>
>
> Would you be up for getting on a conference call with Tom, Steve and me, and
> perhaps reaching out to Jeff Williams to see if he’d be interested in
> joining as well?
>
>
>
> We’d like to go over the release strategy—including how we might be able to
> get some positive press for both SuccessFactors and OWASP with this release.
>
>
>
> Thanks,
>
> Jeff
>
> The information contained in this message may be legally privileged and
> confidential. It is intended to be read only by the individual or entity to
> whom it is addressed or by their designee. If the reader of this message is
> not the intended recipient, you are on notice that any distribution of this
> message, in any form, is strictly prohibited. If you have received this
> message in error, please immediately notify the sender and/or
> SuccessFactors, Inc. by telephone at (650) 645-2000 and delete or destroy
> any copy of this message.
>
>
>
>
>
>
>
> _______________________________________________
> Global-projects-committee mailing list
> Global-projects-committee at lists.owasp.org
> https://lists.owasp.org/mailman/listinfo/global-projects-committee
>
>
>
> _______________________________________________
> Global-projects-committee mailing list
> Global-projects-committee at lists.owasp.org
> https://lists.owasp.org/mailman/listinfo/global-projects-committee
More information about the Global-projects-committee
mailing list