[GPC] NEW PROJECT HAS BEEN SET UP/Security Analysis of Core J2EE Design Patterns

Sethi, Rohit rohit at securitycompass.com
Sun Aug 2 23:50:05 EDT 2009


Hi Paulo, this is now completed and links are available from the home page: http://www.owasp.org/index.php/Category:OWASP_Security_Analysis_of_Core_J2EE_Design_Patterns_Project

To Matt & Paulo, I would urge you reconsider how many docs you require from a new project. I appreciate you are adding quality standards and consistency to OWASP. Just because this is a volunteer effort doesn't mean we (project leaders) should be allowed to skimp on important processes. That said, asking for a PowerPoint, a one page word doc & PDF for the release, a one page word doc & PDF for the project, a full PDF and word doc of the release, and fully completed bios for each of the contributors, on top of completing the project itself starts to have the feel of red tape.

I might be wrong, and perhaps most project leads will have no problem completing all of these steps, but if you are finding resistance from other project leaders then I think you should re-consider the requirements for a new project. The PDF and word doc versions of the full project text before it's in release stage seem especially counterintuitive since the projects are wiki-based and are likely to change several times before they reach release.

Cheers,

Rohit Sethi
Director, Professional Services
Security Compass
http://www.securitycompass.com<http://www.securitycompass.com/>
Direct : 888-777-2211 ext. 102
Mobile: 732.546.4473

From: Paulo Coimbra [mailto:paulo.coimbra at owasp.org]
Sent: July-27-09 1:00 PM
To: Sethi, Rohit; 'Matt Tesauro'
Cc: 'Jim Manico'; 'Global Projects Committee'
Subject: RE: [GPC] NEW PROJECT HAS BEEN SET UP/Security Analysis of Core J2EE Design Patterns

Rohit,

As said in my previous email, we will need a positive response to the following pre-assessment question:
"3. Is the document available as a PDF (Portable Document Format) and an editable (.Doc) format on the project site? Please point out the link(s)."

http://www.owasp.org/index.php/Category:OWASP_Security_Analysis_of_Core_J2EE_Design_Patterns_Project_-_First_Release_-_Assessment#tab=Project_Leader_for_this_Release

Thanks,

Paulo Coimbra,
OWASP Project Manager<https://www.owasp.org/index.php/Main_Page>

From: Sethi, Rohit [mailto:rohit at securitycompass.com]
Sent: segunda-feira, 27 de Julho de 2009 03:52
To: Matt Tesauro
Cc: paulo.coimbra at owasp.org; 'Jim Manico'; 'Global Projects Committee'
Subject: RE: [GPC] NEW PROJECT HAS BEEN SET UP/Security Analysis of Core J2EE Design Patterns


Perfect! Thank you



Please see PPT attached.



Paulo I believe that completes all of the necessary tasks for the release, prior to review.



Thanks,



Rohit Sethi

Director, Professional Services

Security Compass

http://www.securitycompass.com

Direct : 888-777-2211 ext. 102

Mobile: 732.546.4473





-----Original Message-----

From: Matt Tesauro [mailto:mtesauro at gmail.com]

Sent: July-26-09 10:38 PM

To: Sethi, Rohit

Cc: paulo.coimbra at owasp.org; 'Jim Manico'; 'Global Projects Committee'

Subject: Re: [GPC] NEW PROJECT HAS BEEN SET UP/Security Analysis of Core J2EE Design Patterns



Sethi, Rohit wrote:

> Hi Paulo. In response to below:

>

> *         I've requested that the contributors add their wiki info. I

> can't really enforce this so I'm taking that off my task list

>

> *         Not sure what's required of the 3x slide. Do you have an

> example of one I can work off of?

For some examples, look at the short slide desks that were used as project overviews at the OWASP Summit 2008.  e.g below is the one for OWASP Orizon:

https://www.owasp.org/images/9/9b/OWASP_EU_Summit_2008_The_Owasp_Orizon_Project.ppt



The summit page is here:

http://www.owasp.org/index.php/OWASP_EU_Summit_2008



I'd use the OWASP Education slide template for the look/feel of the slides.  The idea was to provide the education project with slides explaining the various projects that OWASP offers.  So an OWASPer could combine several projects slides into a review of a category of OWASP offerings (like tools/docs for developers).  The template is here:

http://www.owasp.org/index.php/Category:OWASP_Presentations#Welcome_to_the_OWASP_Presentations_Program



>

> *         Project flyer is attached. I didn't know what template to use

> so I threw together a simple OWASP template; please feel free to

> replace with a more professionally designed template. I don't really

> see any value in doing a separate release flyer here since it will be

> the same as the project flyer.

I would suspect that for your project the project one would work for the releases.  The only thing to watch for is to make sure that the important changes/additions in new releases make it into the flyer in future.



-- Matt Tesauro

OWASP Live CD Project Lead

http://www.owasp.org/index.php/Category:OWASP_Live_CD_Project

http://AppSecLive.org - Community and Download site



>

> *         Link to first release:

> http://www.owasp.org/index.php/Category:OWASP_Security_Analysis_of_Cor

> e_J2EE_Design_Patterns_Project

> (same as main project link)

>

> *Rohit Sethi*

> *Director, Professional Services*

> *Security Compass*

> http://www.securitycompass.com <http://www.securitycompass.com/>

> Direct : 888-777-2211 ext. 102

> Mobile: 732.546.4473

>

[snip]
-------------- next part --------------
An HTML attachment was scrubbed...
URL: https://lists.owasp.org/mailman/private/global-projects-committee/attachments/20090802/ba251350/attachment-0001.html 


More information about the Global-projects-committee mailing list