[GPC] [GPC-Mailbox] Re: New Project Request for OWASP BSI IT-Grundschutz Baustein Webanwendungen Review
jason.li at owasp.org
Tue Feb 28 06:28:33 UTC 2012
You are absolutely right and the lack of response is regrettable.
However, please don't allow a lack of action to stop you from proceeding
with your project.
There's nothing that actually prevents you from working on your project
right away while we catch up with you administratively. The OWASP wiki is
open (anyone can sign up and edit) so any project content you have already
generated can be placed on the wiki.
If you need specific wiki help, please let me know.
GPC - as we discussed at our previous meeting, we really need to be better
about responding to new project requests in the queue. I can see a backlog
of at least 7 requests - including this one from Ralf.
On Mon, Feb 27, 2012 at 4:44 AM, Ralf Reinhardt <ralf.reinhardt at owasp.org>wrote:
> Am Montag, den 27.02.2012, 09:11 +0000 schrieb no-reply at owasp.org:
> > Dear Ralf Reinhardt,
> > Thank you for submitting your project idea, the "OWASP OWASP BSI
> > IT-Grundschutz Baustein Webanwendungen Review, described as:
> > Technical review of the module web application
> > ("Baustein Webanwendungen") of the IT-baseline protection catalog ("IT
> > Grundschutz Katalog") of the German Federal Office for Information
> > Security ("BSI") from the OWASP's point of view.
> > We have recorded your idea as a Documentation Project using the "Creative
> > Commons Attribution ShareAlike 3.0 License" license.
> > The deliverable for this project is "pdf"
> > Your project proposal will be presented to the community and the Global
> > Projects Committee will respond to your request within seven (7) days (5
> > Mar 2012).
> > OWASP Global Projects Committee
> > projects at owasp.org
> Question: Who is on this list? Is it active at all?
> I did sent all the info on the 13th to this very list, nothing happened.
> I wrote an email to Kate (attached) on the 17th, nothing happened.
> We cannot longer wait to launch this project. Imho it's the most
> important OWASP project in and for DACH (Germany, Austria, Switzerland)
> ever. It will have a deep impact on the visibility of OWASP for the next
> It's day 14 without any feedback. Bluntly, I'm surprised.
> Cheers, Ralf
> Betreff: Request for new project: "OWASP BSI IT-Grundschutz Baustein
> Webanwendungen Review"
> Datum: Fri, 17 Feb 2012 12:17:53 +0100
> Hi Kate,
> I did sent the attached email to "projects at owasp.org" in order to start
> a new project about 5 days ago. Unfortunately I did not receive any
> answer yet.
> Since I estimate this project to be really important and kind of time
> critical I would like to know how we could speed up the process of
> creating this very project.
> If we do that project neat and in time the impact on the visibility of
> OWASP in Germany can not be underestimated. It will just be epic.
> The "Federal Office for Information Security" (BSI) already agreed to
> set a link to the OWASP project once it is set up.
> In my personal opinion it is not possible at all to set up a more
> important and urgent project in the German-speaking OWASP world these
> days. I do hate exaggeration, but in my judgment it's now or never to
> interweave "OWASP" deeply with "web application security" in the minds
> of Germans-speaking people,
> regardless whether technician or manager. </warning pathos="exhausted">
> Cheers, Ralf
> Hi guys!
> We'd like to start a new project: "OWASP BSI IT-Grundschutz Baustein
> Webanwendungen Review"
> The German "Federal Office for Information Security" (BSI), which is
> comparable to departments focused on security in organizations like NIST
> or CCTA, offers the IT Baseline Protection ("IT-Grundschutz") for public
> usage, which is based on ISO/IEC 27001. The IT Baseline Protection
> include a catalog of approx. 80 "Bausteine" (building blocks). Those
> blocks are dealing with one particular subject of IT security. They are
> usually written in the German language and later translated to English.
> They become the de facto standard for IT security and related
> certifications in Germany after they are finally released.
> In January 2012 the draft of the block "Webanwendungen" (web
> applications) was released with a request for comments. Since this is
> the core expertise of OWASP we invited a delegate of the BSI to attend
> the last chapter meeting of the German Chapter which took place in
> Frankfurt / Main on the 3rd of February. The meeting's outcome was the
> strong wish to perform a review of that very web application block as an
> OWASP project. This project will help to expand the visibility of OWASP
> in the German IT security landscape broadly.
> Project Name: OWASP BSI IT-Grundschutz Baustein Webanwendungen Review
> Project purpose: Technical review of the module web application
> ("Baustein Webanwendungen") of the IT-baseline protection catalog ("IT
> Grundschutz Katalog") of the German Federal Office for Information
> Security ("BSI") from the OWASP's point of view.
> Project Roadmap:
> - Building a core review team
> - Review of the BSI documents
> - Review of OWASP's review itself
> - Releasing the results
> Project links to external sites:
> BSI itself:
> About "BSI":
> About "IT-Grundschutz Katalog":
> BSI main documents (German language):
> BSI "Entwurf Baustein Webanwendungen" (German language):
> Project License: CC
> Project Leader name: Ralf Reinhardt
> Project Leader email address: ralf.reinhardt at owasp.org
> Project Leader wiki account:
> Project Contributors: Soon to come.
> Project Main Links:
> (the final name of the project, isn't it?)
> Cheers, Ralf
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Global-projects-committee