[GPC] FW: the OWASP PCI project

Dinis Cruz dinis.cruz at owasp.org
Tue May 5 06:49:19 EDT 2009


Paulo, please use the new Project+Release structure on this project  
and see how they react to it

I quite like the idea to push project leaders to create a roadmap for  
the project and a roadmap for the next release

Dinis Cruz

On 4 May 2009, at 19:11, "Paulo Coimbra" <paulo.coimbra at owasp.org>  
wrote:

> Hello Committee,
>
>
>
> I am setting up the project below. Do you have any guidance for me?
>
>
>
> Thanks,
>
>
>
> Paulo Coimbra,
>
> OWASP Project Manager
>
>
>
> Block your agendas for May 11-14 and join us - OWASP AppSec Europe  
> 2009
>
>
>
>
>
> From: Trey Ford [mailto:trey.ford at me.com]
> Sent: sábado, 2 de Maio de 2009 01:06
> To: paulo.coimbra at owasp.org
> Cc: 'Tom Brennan'; ed.bellis at gmail.com; 'Dinis'
> Subject: Re: the OWASP PCI project
>
>
>
> Paulo!
>
>
>
> Thank-You for getting back with us!  I appreciate what're you  
> working on- I'm glad to know you still have us in your sights!
>
>
>
> Have a great weekend!!
>
>
> Trey Ford
>
> b. http://treyford.wordpress.com
>
> c. 415.609.0300
>
>
>
> On May 1, 2009, at 1:20 PM, Paulo Coimbra wrote:
>
>
>
>
> Hello Trey,
>
>
>
> Of course you are not nagging me and on the contrary I owe you an  
> apology for my delay in setting up your project. In fact, as we are  
> currently discussing a new template for OWASP projects, I was  
> waiting to see if we could finish the task in time to use the new  
> output in your project. However, this process has taken more time  
> than initially expected and I should have already updated you.
>
>
>
> Nevertheless, the OWASP Global Projects Committee will have tonight  
> a new meeting to try and finalize the task of establishing the  
> referred new template. Thus, if we succeed I will set up your  
> project in accordance with the new rules. Otherwise the project will  
> be set up with the old frame and later on it will be updated. In any  
> case until next Monday, maximum, this will be done. I thank your  
> patience.
>
>
>
> Many thanks, best regards,
>
>
>
> Paulo Coimbra,
>
> OWASP Project Manager
>
>
>
> Block your agendas for May 11-14 and join us - OWASP AppSec Europe  
> 2009
>
>
>
>
>
> From: Trey Ford [mailto:trey.ford at me.com]
> Sent: sexta-feira, 1 de Maio de 2009 15:33
> To: paulo.coimbra at owasp.org
> Cc: Tom Brennan; ed.bellis at gmail.com; Trey Ford
> Subject: Re: the OWASP PCI project
>
>
>
> Hi Paulo!
>
>
>
> I just wanted to follow up regarding our project submission.
>
>
>
> I don't want to nag you, but I do have a team of people that are  
> working diligently on this initiative, and would very much like to  
> migrate their work into the OWASP community.
>
>
>
> Please let me know if you have had a chance to review our  
> submission, if you have any questions, or what I may do to help move  
> this forward.
>
>
>
> I look forward to hearing from you!
>
>
>
> ~trey
>
>
>
> Trey Ford
>
> b. http://treyford.wordpress.com
>
> c. 415.609.0300
>
>
>
> On Apr 17, 2009, at 12:40 PM, Trey Ford wrote:
>
>
>
> > Paulo,
>
> >    I've been talking with Tom about launching an OWASP project  
> focused
>
> > on PCI.  If at all possible, it would be GREAT to be able start
>
> > evangelizing the work we've already done during RSA next week, and  
> to
>
> > start recruiting the community to engage along the way!  Below is  
> the
>
> > required information as detailed at
>
> > <http://www.owasp.org/index.php/How_to_Start_an_OWASP_Project
>
> > >
>
> >
>
> > Please let me know if there is anything I may do to help expedite or
>
> > answer any questions!
>
> >
>
> > ~trey
>
> >
>
> > Trey Ford
>
> > b. http://treyford.wordpress.com
>
> > c. 415.609.0300
>
> >
>
> > ~*~*~*~*~*~*~*~*~*~*~*~*~*~*~*~*~*~*~*~*~*~
>
> >
>
> > Title:
>
> >    the OWASP PCI project
>
> >
>
> > Project leader(s) (name and email):
>
> >    Trey Ford <ford.trey at gmail.com>
>
> >    Ed Bellis <ed.bellis at gmail.com>
>
> >
>
> > Short Project Description:
>
> >    To build and maintain community concensus for managing regulatory
>
> > risk of web applications.  For those with existing website security
>
> > programs, to ensure their activities uniformly meet PCI
>
> > requirements, and for those getting started - to aid in building a
>
> > website security strategy that also ensures sustainable PCI
>
> > compliance.
>
> >
>
> > Detailed Project Description / Roadmap:
>
> >    Initially, by building auditor and management tools, checklists,
>
> > and leading community discussion on a industry accepted approach to
>
> > applying the PCI Application Security standards, and ensuring
>
> > security through compliance related initiatives
>
> >
>
> >    Longer term initiatives will migrate away from PCI focused
>
> > activities into broader regulatory needs.  By focusing less on
>
> > specific data sets (such as cardholder data in PCI), and more
>
> > intently managing risk to whatever information assets are stored,
>
> > processed, or transmitted by the website software- the security
>
> > strategies taking root in this program will effectively map to any
>
> > future regulatory security requirements placed upon websites.
>
> >
>
> > Chosen open-source license
>
> >    This work will be licensed under the Creative Commons  
> Attribution-
>
> > ShareAlike 2.5 license.
>
> >
>
> > Project contributors (if any)
>
> >    Project was initiated by the Application Security Working Group  
> of
>
> > the Society of Payment Security Professoinals found at https://www.paymentsecuritypros.com/
>
> >
>
> > Sponsor organizations (if any)
>
> >    WhiteHat Security
>
> >    Orbitz
>
> >    Fiserve
>
> >    The Society of Payment Security Professoinals
>
> >
>
> > Main links (existing information on the web, if any)
>
> >    To be announced
>
> >
>
> > Related OWASP Projects
>
> >    This project will be a central point for guiding the adoption of
>
> > existing OWASP initiatives.
>
> >
>
> >
>
> >
>
> >
>
>
>
>
> > Related OWASP Projects
>
> >    This project will be a central point for guiding the adoption of
>
> > existing OWASP initiatives.
>
> >
>
> >
>
> >
>
> >
>
>
>
> s=MsoNormal>
> _______________________________________________
> Global-projects-committee mailing list
> Global-projects-committee at lists.owasp.org
> https://lists.owasp.org/mailman/listinfo/global-projects-committee
-------------- next part --------------
An HTML attachment was scrubbed...
URL: https://lists.owasp.org/mailman/private/global-projects-committee/attachments/20090505/40d24c7a/attachment-0001.html 


More information about the Global-projects-committee mailing list