[GPC] OWASP Logging Project - Added "tools and use cases"

Marc Chisinevski mchisinevski at yahoo.com
Fri Aug 7 09:22:44 EDT 2009


Hello,



As suggested by Brad, I've added "Existing tools and use cases" to the main page of the Logging Project at http://www.owasp.org/index.php/Category:OWASP_Logging_Project.


I'm looking forward to receiving your comments.



Thanks and kind regards,
Marc Chisinevski

--- On Thu, 8/6/09, Brad Causey <bradcausey at gmail.com> wrote:

> From: Brad Causey <bradcausey at gmail.com>
> Subject: Re: [GPC] OWASP Logging Project
> To: "Marc Chisinevski" <mchisinevski at yahoo.com>
> Cc: global-projects-committee at lists.owasp.org
> Date: Thursday, August 6, 2009, 11:40 PM
> Marc,
> 
> I think the project road map is great.  One thing I might
> suggest if you haven't done it on your side is to
> prioritize a bit. They are all such excellent ideas, where
> are you going to start?
> 
> I think I'm confused about what the
> OWASP_Logging_Guide.pdf file is if the
> Owasp_Logging_Project_Roadmap.pdf file is the roadmap. They
> both seem to have the same title. 
> 
> 
> I'm really digging the content though, and I think
> having a "case document" or something of the like
> is a great way to help techies get the project into the door
> at their company.
> 
> Pulling from your page:
> 
> 
> <quote>
> Provide tools for software developers in order to help them
> define and provide meaningful logs
> Provide code audit tools to ensure that log
> messages are consistent and complete (content, format,
> timestamps) 
> Facilitate the integration of logs from
> different sources 
> Facilitate attack reconstruction 
> Facilitate information sharing around
> security events</quote>These are really big
> statements and have pretty far-reaching and broad
> implications. Would you mind further defining them as you
> make progress? I guess my thought is that your first item
> alone, Provide tools for software developers in order to
> help them define and provide meaningful logs, is a huge
> undertaking in itself. Are you going to provide an acutal
> tool? If so what will it do? Will it be a document or guide
> about what/how/when to log? That kind of stuff. I'm not
> asking for answers to those questions, but these might be
> good things to define before getting too far along. 
> 
> 
> So if you've already done all of this, please
> disregard. Hopefully this is helpful, and more of my
> personal opinion than anything. Thoughts? 
> 
> 
> 
> 
> -Brad Causey
> CISSP, MCSE, C|EH, CIFI, CGSP
> 
> 
> 
> http://www.owasp.org
> --
> Never underestimate the time, expense, and effort an
> opponent will expend to break a code. (Robert Morris)
> --
> 
> 
> 
> On Thu, Aug 6, 2009 at 9:21 AM,
> Marc Chisinevski <mchisinevski at yahoo.com>
> wrote:
> 
> 
> 
> 
>   Hello,
> 
> 
> 
> 
> 
>   Could you please have a look at
> 
>   http://www.owasp.org/index.php/Category:OWASP_Logging_Project
> 
>  and tell me what you think ?
> 
> 
> 
> 
> 
>   I've made some updates (Main, Project
> identification, Project Roadmap, my user profile).
> 
> 
> 
>   I'll also try yo find/create another project logo
> (more related to
> 
>   the current goals and subprojects).
> 
> 
> 
> 
> 
>   Thanks, Marc
> 
> 
> 
> 
> 
> 
> 
> _______________________________________________
> 
> Global-projects-committee mailing list
> 
> Global-projects-committee at lists.owasp.org
> 
> https://lists.owasp.org/mailman/listinfo/global-projects-committee
> 
> 
> 
> 


      


More information about the Global-projects-committee mailing list