[GPC] the OWASP PCI project

Paulo Coimbra paulo.coimbra at owasp.org
Fri May 15 10:06:45 EDT 2009


Hello Ed and Trey,

 

The new mailing list administrator password is “EdBellistochange145”.

 

Thanks,

 

Paulo Coimbra,

 <https://www.owasp.org/index.php/Main_Page> OWASP Project Manager

 

From: Ed Bellis [mailto:ed.bellis at gmail.com] 
Sent: sexta-feira, 15 de Maio de 2009 14:37
To: paulo.coimbra at owasp.org
Cc: Trey Ford; Global Projects Committee; OWASP Foundation Board List
Subject: Re: the OWASP PCI project

 

Hi Paulo,

I just realized I never received the automated email with the mailing list
password. Can this be resent to me?

Thanks,

Ed



On Tue, May 5, 2009 at 12:11 PM, Paulo Coimbra <paulo.coimbra at owasp.org>
wrote:

Hello Trey and Ed,

 

I have set up the OWASP PCI project’s page -
http://www.owasp.org/index.php/Category:OWASP_PCI_Project. Please feel free
to change it as you find best. 

 

I’ve also created a mailing list and, by now, the admin password must have
been sent automatically to you. 

 

If I may, I suggest contacting OWASP project leaders
(owasp-leaders at lists.owasp.org) to publicize the project and seek out for
ideas, contributors and reviewers.

 

I wish you good work.

 

Should you have any further questions, please do not hesitate and get back
to me.

 

Many thanks, best regards,

 

Paulo Coimbra,

 <https://www.owasp.org/index.php/Main_Page> OWASP Project Manager

 

Block your agendas for May 11-14 and join us - OWASP AppSec Europe 2009
<http://www.owasp.org/index.php/AppSecEU09> 

 

 

From: Trey Ford [mailto:trey.ford at me.com] 
Sent: sábado, 2 de Maio de 2009 01:06


To: paulo.coimbra at owasp.org

Cc: 'Tom Brennan'; ed.bellis at gmail.com; 'Dinis'


Subject: Re: the OWASP PCI project

 

Paulo!

 

Thank-You for getting back with us!  I appreciate what're you working on-
I'm glad to know you still have us in your sights!

 

Have a great weekend!!


Trey Ford

b. http://treyford.wordpress.com

c. 415.609.0300

 

On May 1, 2009, at 1:20 PM, Paulo Coimbra wrote:

 

Hello Trey,

 

Of course you are not nagging me and on the contrary I owe you an apology
for my delay in setting up your project. In fact, as we are currently
discussing a new template for OWASP projects, I was waiting to see if we
could finish the task in time to use the new output in your project.
However, this process has taken more time than initially expected and I
should have already updated you.

 

Nevertheless, the OWASP Global Projects Committee will have tonight a new
meeting to try and finalize the task of establishing the referred new
template. Thus, if we succeed I will set up your project in accordance with
the new rules. Otherwise the project will be set up with the old frame and
later on it will be updated. In any case until next Monday, maximum, this
will be done. I thank your patience.

 

Many thanks, best regards,

 

Paulo Coimbra,

 <https://www.owasp.org/index.php/Main_Page> OWASP Project Manager

 

Block your agendas for May 11-14 and join us - OWASP AppSec Europe 2009
<http://www.owasp.org/index.php/AppSecEU09> 

 

 

From: Trey Ford [mailto:trey.ford at me.com] 
Sent: sexta-feira, 1 de Maio de 2009 15:33
To: paulo.coimbra at owasp.org
Cc: Tom Brennan; ed.bellis at gmail.com; Trey Ford
Subject: Re: the OWASP PCI project

 

Hi Paulo!

 

I just wanted to follow up regarding our project submission.

 

I don't want to nag you, but I do have a team of people that are working
diligently on this initiative, and would very much like to migrate their
work into the OWASP community.

 

Please let me know if you have had a chance to review our submission, if you
have any questions, or what I may do to help move this forward.

 

I look forward to hearing from you!

 

~trey

 

Trey Ford

b. http://treyford.wordpress.com

c. 415.609.0300

 

On Apr 17, 2009, at 12:40 PM, Trey Ford wrote:

 

> Paulo,

>    I've been talking with Tom about launching an OWASP project focused

> on PCI.  If at all possible, it would be GREAT to be able start

> evangelizing the work we've already done during RSA next week, and to

> start recruiting the community to engage along the way!  Below is the

> required information as detailed at

> <http://www.owasp.org/index.php/How_to_Start_an_OWASP_Project

> >

> 

> Please let me know if there is anything I may do to help expedite or 

> answer any questions!

> 

> ~trey

> 

> Trey Ford

> b. http://treyford.wordpress.com

> c. 415.609.0300

> 

> ~*~*~*~*~*~*~*~*~*~*~*~*~*~*~*~*~*~*~*~*~*~

> 

> Title:

>    the OWASP PCI project

> 

> Project leader(s) (name and email):

>    Trey Ford <ford.trey at gmail.com>

>    Ed Bellis <ed.bellis at gmail.com>

> 

> Short Project Description:

>    To build and maintain community concensus for managing regulatory 

> risk of web applications.  For those with existing website security 

> programs, to ensure their activities uniformly meet PCI 

> requirements, and for those getting started - to aid in building a 

> website security strategy that also ensures sustainable PCI 

> compliance.

> 

> Detailed Project Description / Roadmap:

>    Initially, by building auditor and management tools, checklists, 

> and leading community discussion on a industry accepted approach to 

> applying the PCI Application Security standards, and ensuring 

> security through compliance related initiatives

>   

>    Longer term initiatives will migrate away from PCI focused 

> activities into broader regulatory needs.  By focusing less on 

> specific data sets (such as cardholder data in PCI), and more 

> intently managing risk to whatever information assets are stored, 

> processed, or transmitted by the website software- the security 

> strategies taking root in this program will effectively map to any 

> future regulatory security requirements placed upon websites.

> 

> Chosen open-source license

>    This work will be licensed under the Creative Commons Attribution-

> ShareAlike 2.5 license.

>   

> Project contributors (if any)

>    Project was initiated by the Application Security Working Group of 

> the Society of Payment Security Professoinals found at
https://www.paymentsecuritypros.com/

>   

> Sponsor organizations (if any)

>    WhiteHat Security

>    Orbitz

>    Fiserve

>    The Society of Payment Security Professoinals

> 

> Main links (existing information on the web, if any)

>    To be announced

>   

> Related OWASP Projects

>    This project will be a central point for guiding the adoption of 

> existing OWASP initiatives.

> 

> 

> 

> 

 

 

-------------- next part --------------
An HTML attachment was scrubbed...
URL: https://lists.owasp.org/mailman/private/global-projects-committee/attachments/20090515/061f54e9/attachment-0001.html 


More information about the Global-projects-committee mailing list