[GPC] FW: the OWASP PCI project

Paulo Coimbra paulo.coimbra at owasp.org
Tue May 5 10:45:23 EDT 2009


Dinis,

 

I am afraid that is not possible to do what you are asking for. As you know, the recently proposed Project + Release structure is missing a new assessment frame yet. In my opinion, there is no point in mixing the new frame with the previous assessment methodology and so, if you agree, I will set up the project using the old approach.

 

Your thoughts?

 

Thanks,

 

Paulo Coimbra,

 <https://www.owasp.org/index.php/Main_Page> OWASP Project Manager

 

Block your agendas for May 11-14 and join us -  <http://www.owasp.org/index.php/AppSecEU09> OWASP AppSec Europe 2009

 

 

From: Dinis Cruz [mailto:dinis.cruz at owasp.org] 
Sent: terça-feira, 5 de Maio de 2009 11:49
To: paulo.coimbra at owasp.org
Cc: Global Projects Committee
Subject: Re: [GPC] FW: the OWASP PCI project

 

Paulo, please use the new Project+Release structure on this project and see how they react to it

 

I quite like the idea to push project leaders to create a roadmap for the project and a roadmap for the next release


Dinis Cruz


On 4 May 2009, at 19:11, "Paulo Coimbra" <paulo.coimbra at owasp.org> wrote:

Hello Committee,

 

I am setting up the project below. Do you have any guidance for me?

 

Thanks,

 

Paulo Coimbra,

 <https://www.owasp.org/index.php/Main_Page> OWASP Project Manager

 

Block your agendas for May 11-14 and join us - OWASP AppSec Europe 2009 <http://www.owasp.org/index.php/AppSecEU09> 

 

 

From: Trey Ford [mailto:trey.ford at me.com] 
Sent: sábado, 2 de Maio de 2009 01:06
To: paulo.coimbra at owasp.org
Cc: 'Tom Brennan'; ed.bellis at gmail.com; 'Dinis'
Subject: Re: the OWASP PCI project

 

Paulo!

 

Thank-You for getting back with us!  I appreciate what're you working on- I'm glad to know you still have us in your sights!

 

Have a great weekend!!


Trey Ford

b. http://treyford.wordpress.com

c. 415.609.0300

 

On May 1, 2009, at 1:20 PM, Paulo Coimbra wrote:






Hello Trey,

 

Of course you are not nagging me and on the contrary I owe you an apology for my delay in setting up your project. In fact, as we are currently discussing a new template for OWASP projects, I was waiting to see if we could finish the task in time to use the new output in your project. However, this process has taken more time than initially expected and I should have already updated you.

 

Nevertheless, the OWASP Global Projects Committee will have tonight a new meeting to try and finalize the task of establishing the referred new template. Thus, if we succeed I will set up your project in accordance with the new rules. Otherwise the project will be set up with the old frame and later on it will be updated. In any case until next Monday, maximum, this will be done. I thank your patience.

 

Many thanks, best regards,

 

Paulo Coimbra,

 <https://www.owasp.org/index.php/Main_Page> OWASP Project Manager

 

Block your agendas for May 11-14 and join us - OWASP AppSec Europe 2009 <http://www.owasp.org/index.php/AppSecEU09> 

 

 

From: Trey Ford [mailto:trey.ford at me.com] 
Sent: sexta-feira, 1 de Maio de 2009 15:33
To: paulo.coimbra at owasp.org
Cc: Tom Brennan; ed.bellis at gmail.com; Trey Ford
Subject: Re: the OWASP PCI project

 

Hi Paulo!

 

I just wanted to follow up regarding our project submission.

 

I don't want to nag you, but I do have a team of people that are working diligently on this initiative, and would very much like to migrate their work into the OWASP community.

 

Please let me know if you have had a chance to review our submission, if you have any questions, or what I may do to help move this forward.

 

I look forward to hearing from you!

 

~trey

 

Trey Ford

b. http://treyford.wordpress.com

c. 415.609.0300

 

On Apr 17, 2009, at 12:40 PM, Trey Ford wrote:

 

> Paulo,

>    I've been talking with Tom about launching an OWASP project focused

> on PCI.  If at all possible, it would be GREAT to be able start

> evangelizing the work we've already done during RSA next week, and to

> start recruiting the community to engage along the way!  Below is the

> required information as detailed at

> <http://www.owasp.org/index.php/How_to_Start_an_OWASP_Project

> >

> 

> Please let me know if there is anything I may do to help expedite or 

> answer any questions!

> 

> ~trey

> 

> Trey Ford

> b. http://treyford.wordpress.com

> c. 415.609.0300

> 

> ~*~*~*~*~*~*~*~*~*~*~*~*~*~*~*~*~*~*~*~*~*~

> 

> Title:

>    the OWASP PCI project

> 

> Project leader(s) (name and email):

>    Trey Ford <ford.trey at gmail.com>

>    Ed Bellis <ed.bellis at gmail.com>

> 

> Short Project Description:

>    To build and maintain community concensus for managing regulatory 

> risk of web applications.  For those with existing website security 

> programs, to ensure their activities uniformly meet PCI 

> requirements, and for those getting started - to aid in building a 

> website security strategy that also ensures sustainable PCI 

> compliance.

> 

> Detailed Project Description / Roadmap:

>    Initially, by building auditor and management tools, checklists, 

> and leading community discussion on a industry accepted approach to 

> applying the PCI Application Security standards, and ensuring 

> security through compliance related initiatives

>   

>    Longer term initiatives will migrate away from PCI focused 

> activities into broader regulatory needs.  By focusing less on 

> specific data sets (such as cardholder data in PCI), and more 

> intently managing risk to whatever information assets are stored, 

> processed, or transmitted by the website software- the security 

> strategies taking root in this program will effectively map to any 

> future regulatory security requirements placed upon websites.

> 

> Chosen open-source license

>    This work will be licensed under the Creative Commons Attribution-

> ShareAlike 2.5 license.

>   

> Project contributors (if any)

>    Project was initiated by the Application Security Working Group of 

> the Society of Payment Security Professoinals found at https://www.paymentsecuritypros.com/

>   

> Sponsor organizations (if any)

>    WhiteHat Security

>    Orbitz

>    Fiserve

>    The Society of Payment Security Professoinals

> 

> Main links (existing information on the web, if any)

>    To be announced

>   

> Related OWASP Projects

>    This project will be a central point for guiding the adoption of 

> existing OWASP initiatives.

> 

> 

> 

> 

 

  

> Related OWASP Projects

>    This project will be a central point for guiding the adoption of 

> existing OWASP initiatives.

> 

> 

> 

> 

 

s=MsoNormal> 

_______________________________________________
Global-projects-committee mailing list
Global-projects-committee at lists.owasp.org
https://lists.owasp.org/mailman/listinfo/global-projects-committee

-------------- next part --------------
An HTML attachment was scrubbed...
URL: https://lists.owasp.org/mailman/private/global-projects-committee/attachments/20090505/b47be828/attachment-0001.html 


More information about the Global-projects-committee mailing list