[Owasp-topten] OWASP Top Ten 2006 Project Charter
ludwiga at Fortrex.com
Thu Oct 27 15:31:51 EDT 2005
Awesome idea, I am willing to give my input on such an undertaking. I
however do not have the time to take the full burden...
As for the TopTen being relevant to MC or VISA I don't think it should
have anything to do with them. We should be working on a Web
application auditing checklist. That is more along the lines of what
they need for their various audits. Not something that amounts to an
information awareness flier. (Granted that is a part of their audits as
Just my two cents...
From: Sebastien Deleersnyder [mailto:sebastien.deleersnyder at ascure.com]
Sent: Thursday, October 27, 2005 3:12 PM
To: owasp-topten at lists.sourceforge.net
Cc: Jeff Williams
Subject: [Owasp-topten] OWASP Top Ten 2006 Project Charter
I think we all mostly agree on what to do. What I propose is to go
If we are taking this project serious, we have to define the goals of
what we want to do:
clear workpackages (including timing=milestones and involved people)
Does somebody volunteer to wrap up the findings in a OWASP T10-2006
The project charter TOC would go like:
1. Management summary
2. Introduction (with business case, including reasons, costs and
5. Project Definition (including Objectives, Approach and Scope)
7. Constraints, Assumptions and Prerequisites
8. Interfaces (very important: should we include VISA/MC in project?)
10. Project Controls and Risks
12. Project Planning
If you don't want to do this, I can take this up. But it will be after
my holiday next week: I am going to sunny Turkey for a week to relax.
In between: please let the ideas flow. Any feedback on the above is
Can we find project sponsor(s) that would take up costs of:
1. Possible regular WebEx-like conference calls
2. Possible professional redaction / quality control
3. other costs?
~ If we know (and describe) what we want to achieve, there is a better
chance to get there ;-)
Full disclosure: Since achieving Prince2 Practitioner certification (you
can compare it with PMI project mgr) I drive my colleagues nuts with
this project mgmt stuff.
Belgian OWASP Chapter Leader
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Owasp-topten