[GPC] OWASP Logging Project

Brad Causey bradcausey at gmail.com
Thu Aug 6 16:40:33 EDT 2009


I think the project road map is great.  One thing I might suggest if you
haven't done it on your side is to prioritize a bit. They are all such
excellent ideas, where are you going to start?

I think I'm confused about what the OWASP_Logging_Guide.pdf file is if the
Owasp_Logging_Project_Roadmap.pdf file is the roadmap. They both seem to
have the same title.
I'm really digging the content though, and I think having a "case document"
or something of the like is a great way to help techies get the project into
the door at their company.

Pulling from your page:
Provide tools for software developers in order to help them define and
provide meaningful logs

*Provide code audit tools to ensure that log messages are consistent and
complete (content, format, timestamps) *

*Facilitate the integration of logs from different sources *

*Facilitate attack reconstruction *

*Facilitate information sharing around security events</quote>*
These are really big statements and have pretty far-reaching and broad
implications. Would you mind further defining them as you make progress? I
guess my thought is that your first item alone, *Provide tools for software
developers in order to help them define and provide meaningful logs, *is a
huge undertaking in itself. Are you going to provide an acutal tool? If so
what will it do? Will it be a document or guide about what/how/when to log?
That kind of stuff. I'm not asking for answers to those questions, but these
might be good things to define before getting too far along.
So if you've already done all of this, please disregard. Hopefully this is
helpful, and more of my personal opinion than anything. Thoughts?

-Brad Causey

Never underestimate the time, expense, and effort an opponent will expend to
break a code. (Robert Morris)

On Thu, Aug 6, 2009 at 9:21 AM, Marc Chisinevski <mchisinevski at yahoo.com>wrote:

>  Hello,
>  Could you please have a look at
>  http://www.owasp.org/index.php/Category:OWASP_Logging_Project
>  and tell me what you think ?
>  I've made some updates (Main, Project identification, Project Roadmap, my
> user profile).
>  I'll also try yo find/create another project logo (more related to
>  the current goals and subprojects).
>  Thanks, Marc
> _______________________________________________
> Global-projects-committee mailing list
> Global-projects-committee at lists.owasp.org
> https://lists.owasp.org/mailman/listinfo/global-projects-committee
-------------- next part --------------
An HTML attachment was scrubbed...
URL: https://lists.owasp.org/mailman/private/global-projects-committee/attachments/20090806/dcd309a3/attachment.html 

More information about the Global-projects-committee mailing list