[GPC] OWASP Logging Project - Added "tools and use cases"
Marc Chisinevski
mchisinevski at yahoo.com
Fri Aug 7 09:22:44 EDT 2009
Hello,
As suggested by Brad, I've added "Existing tools and use cases" to the main page of the Logging Project at http://www.owasp.org/index.php/Category:OWASP_Logging_Project.
I'm looking forward to receiving your comments.
Thanks and kind regards,
Marc Chisinevski
--- On Thu, 8/6/09, Brad Causey <bradcausey at gmail.com> wrote:
> From: Brad Causey <bradcausey at gmail.com>
> Subject: Re: [GPC] OWASP Logging Project
> To: "Marc Chisinevski" <mchisinevski at yahoo.com>
> Cc: global-projects-committee at lists.owasp.org
> Date: Thursday, August 6, 2009, 11:40 PM
> Marc,
>
> I think the project road map is great. One thing I might
> suggest if you haven't done it on your side is to
> prioritize a bit. They are all such excellent ideas, where
> are you going to start?
>
> I think I'm confused about what the
> OWASP_Logging_Guide.pdf file is if the
> Owasp_Logging_Project_Roadmap.pdf file is the roadmap. They
> both seem to have the same title.
>
>
> I'm really digging the content though, and I think
> having a "case document" or something of the like
> is a great way to help techies get the project into the door
> at their company.
>
> Pulling from your page:
>
>
> <quote>
> Provide tools for software developers in order to help them
> define and provide meaningful logs
> Provide code audit tools to ensure that log
> messages are consistent and complete (content, format,
> timestamps)
> Facilitate the integration of logs from
> different sources
> Facilitate attack reconstruction
> Facilitate information sharing around
> security events</quote>These are really big
> statements and have pretty far-reaching and broad
> implications. Would you mind further defining them as you
> make progress? I guess my thought is that your first item
> alone, Provide tools for software developers in order to
> help them define and provide meaningful logs, is a huge
> undertaking in itself. Are you going to provide an acutal
> tool? If so what will it do? Will it be a document or guide
> about what/how/when to log? That kind of stuff. I'm not
> asking for answers to those questions, but these might be
> good things to define before getting too far along.
>
>
> So if you've already done all of this, please
> disregard. Hopefully this is helpful, and more of my
> personal opinion than anything. Thoughts?
>
>
>
>
> -Brad Causey
> CISSP, MCSE, C|EH, CIFI, CGSP
>
>
>
> http://www.owasp.org
> --
> Never underestimate the time, expense, and effort an
> opponent will expend to break a code. (Robert Morris)
> --
>
>
>
> On Thu, Aug 6, 2009 at 9:21 AM,
> Marc Chisinevski <mchisinevski at yahoo.com>
> wrote:
>
>
>
>
> Hello,
>
>
>
>
>
> Could you please have a look at
>
> http://www.owasp.org/index.php/Category:OWASP_Logging_Project
>
> and tell me what you think ?
>
>
>
>
>
> I've made some updates (Main, Project
> identification, Project Roadmap, my user profile).
>
>
>
> I'll also try yo find/create another project logo
> (more related to
>
> the current goals and subprojects).
>
>
>
>
>
> Thanks, Marc
>
>
>
>
>
>
>
> _______________________________________________
>
> Global-projects-committee mailing list
>
> Global-projects-committee at lists.owasp.org
>
> https://lists.owasp.org/mailman/listinfo/global-projects-committee
>
>
>
>
More information about the Global-projects-committee
mailing list