[GPC] NEW PROJECT HAS BEEN SET UP/Security Analysis of Core J2EE Design Patterns

Jason Li jason.li at owasp.org
Mon Aug 3 10:16:52 EDT 2009


I tend to agree that we do not need a full one page pamphlet for a project
that has not yet even created its first release. The pamphlet and slides
will not have enough information details to really be useful until there has
been some implementation accomplished in the project.
I think we should consider moving #2 and #3 from
http://www.owasp.org/index.php/Assessing_Project_Health#Project_Wiki_Page_Minimal_Content
to
the Level 1 criteria.

With regards to contributors (#7), I do think we need at minimum to have any
contributor create a Wiki account for themselves and provide contact
information so that we can contact them if needed. However, full bios and
CVs can probably be at the contributors discretion.

Ultimately, a project's overall popularity and appeal to users (and
indirectly as a result, the project's overall health status) will be
influenced by how polished the project looks - which includes the home page
for the project and any links off of it (including the user account pages
for any contributors). So it will be in the best interests for any project
to have such information in their wiki account pages eventually. But I don't
think it's necessary right off the bat.

I've added the item to our agenda so we can discuss on the GPC call tonight.

-Jason

On Sun, Aug 2, 2009 at 11:50 PM, Sethi, Rohit <rohit at securitycompass.com>wrote:

>  Hi Paulo, this is now completed and links are available from the home
> page:
> http://www.owasp.org/index.php/Category:OWASP_Security_Analysis_of_Core_J2EE_Design_Patterns_Project
>
>
>
> To Matt & Paulo, I would urge you reconsider how many docs you require from
> a new project. I appreciate you are adding quality standards and consistency
> to OWASP. Just because this is a volunteer effort doesn’t mean we (project
> leaders) should be allowed to skimp on important processes. That said,
> asking for a PowerPoint, a one page word doc & PDF for the release, a one
> page word doc & PDF for the project, a full PDF and word doc of the release,
> and fully completed bios for each of the contributors, on top of completing
> the project itself starts to have the feel of red tape.
>
>
>
> I might be wrong, and perhaps most project leads will have no problem
> completing all of these steps, but if you are finding resistance from other
> project leaders then I think you should re-consider the requirements for a
> new project. The PDF and word doc versions of the full project text before
> it’s in release stage seem especially counterintuitive since the projects
> are wiki-based and are likely to change several times before they reach
> release.
>
>
>
> Cheers,
>
>
>
> *Rohit Sethi*
>
> *Director, Professional Services*
>
> *Security Compass*
>
> http://www.securitycompass.com
>
> Direct : 888-777-2211 ext. 102
>
> Mobile: 732.546.4473
>
>
>
> *From:* Paulo Coimbra [mailto:paulo.coimbra at owasp.org]
> *Sent:* July-27-09 1:00 PM
> *To:* Sethi, Rohit; 'Matt Tesauro'
> *Cc:* 'Jim Manico'; 'Global Projects Committee'
> *Subject:* RE: [GPC] NEW PROJECT HAS BEEN SET UP/Security Analysis of Core
> J2EE Design Patterns
>
>
>
> Rohit,
>
>
>
> As said in my previous email, we will need a positive response to the
> following pre-assessment question:
>
> *“3. Is the document available as a PDF (Portable Document Format) and an
> editable (.Doc) format on the project site? Please point out the link(s).”
> *
>
>
>
>
> http://www.owasp.org/index.php/Category:OWASP_Security_Analysis_of_Core_J2EE_Design_Patterns_Project_-_First_Release_-_Assessment#tab=Project_Leader_for_this_Release
>
>
>
> Thanks,
>
>
>
> Paulo Coimbra,
>
> OWASP Project Manager <https://www.owasp.org/index.php/Main_Page>
>
>
>
> *From:* Sethi, Rohit [mailto:rohit at securitycompass.com]
> *Sent:* segunda-feira, 27 de Julho de 2009 03:52
> *To:* Matt Tesauro
> *Cc:* paulo.coimbra at owasp.org; 'Jim Manico'; 'Global Projects Committee'
> *Subject:* RE: [GPC] NEW PROJECT HAS BEEN SET UP/Security Analysis of Core
> J2EE Design Patterns
>
>
>
> Perfect! Thank you
>
>
>
> Please see PPT attached.
>
>
>
> Paulo I believe that completes all of the necessary tasks for the release,
> prior to review.
>
>
>
> Thanks,
>
>
>
> Rohit Sethi
>
> Director, Professional Services
>
> Security Compass
>
> http://www.securitycompass.com
>
> Direct : 888-777-2211 ext. 102
>
> Mobile: 732.546.4473
>
>
>
>
>
> -----Original Message-----
>
> From: Matt Tesauro [mailto:mtesauro at gmail.com]
>
> Sent: July-26-09 10:38 PM
>
> To: Sethi, Rohit
>
> Cc: paulo.coimbra at owasp.org; 'Jim Manico'; 'Global Projects Committee'
>
> Subject: Re: [GPC] NEW PROJECT HAS BEEN SET UP/Security Analysis of Core
> J2EE Design Patterns
>
>
>
> Sethi, Rohit wrote:
>
> > Hi Paulo. In response to below:
>
> >
>
> > *         I've requested that the contributors add their wiki info. I
>
> > can't really enforce this so I'm taking that off my task list
>
> >
>
> > *         Not sure what's required of the 3x slide. Do you have an
>
> > example of one I can work off of?
>
> For some examples, look at the short slide desks that were used as project
> overviews at the OWASP Summit 2008.  e.g below is the one for OWASP Orizon:
>
>
> https://www.owasp.org/images/9/9b/OWASP_EU_Summit_2008_The_Owasp_Orizon_Project.ppt
>
>
>
> The summit page is here:
>
> http://www.owasp.org/index.php/OWASP_EU_Summit_2008
>
>
>
> I'd use the OWASP Education slide template for the look/feel of the
> slides.  The idea was to provide the education project with slides
> explaining the various projects that OWASP offers.  So an OWASPer could
> combine several projects slides into a review of a category of OWASP
> offerings (like tools/docs for developers).  The template is here:
>
>
> http://www.owasp.org/index.php/Category:OWASP_Presentations#Welcome_to_the_OWASP_Presentations_Program
>
>
>
> >
>
> > *         Project flyer is attached. I didn't know what template to use
>
> > so I threw together a simple OWASP template; please feel free to
>
> > replace with a more professionally designed template. I don't really
>
> > see any value in doing a separate release flyer here since it will be
>
> > the same as the project flyer.
>
> I would suspect that for your project the project one would work for the
> releases.  The only thing to watch for is to make sure that the important
> changes/additions in new releases make it into the flyer in future.
>
>
>
> -- Matt Tesauro
>
> OWASP Live CD Project Lead
>
> http://www.owasp.org/index.php/Category:OWASP_Live_CD_Project
>
> http://AppSecLive.org - Community and Download site
>
>
>
> >
>
> > *         Link to first release:
>
> > http://www.owasp.org/index.php/Category:OWASP_Security_Analysis_of_Cor
>
> > e_J2EE_Design_Patterns_Project
>
> > (same as main project link)
>
> >
>
> > *Rohit Sethi*
>
> > *Director, Professional Services*
>
> > *Security Compass*
>
> > http://www.securitycompass.com <http://www.securitycompass.com/>
>
> > Direct : 888-777-2211 ext. 102
>
> > Mobile: 732.546.4473
>
> >
>
> [snip]
>
> _______________________________________________
> Global-projects-committee mailing list
> Global-projects-committee at lists.owasp.org
> https://lists.owasp.org/mailman/listinfo/global-projects-committee
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: https://lists.owasp.org/mailman/private/global-projects-committee/attachments/20090803/3fb4359f/attachment-0001.html 


More information about the Global-projects-committee mailing list