[Owasp-topten] OWASP Top Ten 2006 Project Charter
Ludwig, Andre
ludwiga at Fortrex.com
Thu Oct 27 15:31:51 EDT 2005
Awesome idea, I am willing to give my input on such an undertaking. I
however do not have the time to take the full burden...
As for the TopTen being relevant to MC or VISA I don't think it should
have anything to do with them. We should be working on a Web
application auditing checklist. That is more along the lines of what
they need for their various audits. Not something that amounts to an
information awareness flier. (Granted that is a part of their audits as
well)
Just my two cents...
Andre Ludwig
_____
From: Sebastien Deleersnyder [mailto:sebastien.deleersnyder at ascure.com]
Sent: Thursday, October 27, 2005 3:12 PM
To: owasp-topten at lists.sourceforge.net
Cc: Jeff Williams
Subject: [Owasp-topten] OWASP Top Ten 2006 Project Charter
All,
I think we all mostly agree on what to do. What I propose is to go
forward.
If we are taking this project serious, we have to define the goals of
what we want to do:
clear deliverables
clear approach
clear workpackages (including timing=milestones and involved people)
Does somebody volunteer to wrap up the findings in a OWASP T10-2006
"project charter"?
The project charter TOC would go like:
1. Management summary
2. Introduction (with business case, including reasons, costs and
benefits)
3. Purpose
4. Background
5. Project Definition (including Objectives, Approach and Scope)
6. Deliverables
7. Constraints, Assumptions and Prerequisites
8. Interfaces (very important: should we include VISA/MC in project?)
9. Quality
10. Project Controls and Risks
11. Reporting
12. Project Planning
If you don't want to do this, I can take this up. But it will be after
my holiday next week: I am going to sunny Turkey for a week to relax.
In between: please let the ideas flow. Any feedback on the above is
welcome!
Can we find project sponsor(s) that would take up costs of:
1. Possible regular WebEx-like conference calls
2. Possible professional redaction / quality control
3. other costs?
~ If we know (and describe) what we want to achieve, there is a better
chance to get there ;-)
Full disclosure: Since achieving Prince2 Practitioner certification (you
can compare it with PMI project mgr) I drive my colleagues nuts with
this project mgmt stuff.
regards,
Seba
Belgian OWASP Chapter Leader
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.owasp.org/pipermail/owasp-topten/attachments/20051027/45bcf355/attachment.html
More information about the Owasp-topten
mailing list