[GPC] OWASP Ajax Security project

Jason Li jason.li at owasp.org
Fri May 22 14:06:43 EDT 2009


Based on the recent Board decision regarding the use of OWASP money
for SoC this time around, SoC money will be used solely for expenses
and not to "pay" project contributors. It seems to me that under that
philosophy, we will be able to accept many proposals without needing
to award any monetary grant. In effect, we're just using SoC as a
vehicle to solicit proposals and establish a framework to choose the
best proposals.

In fact, I see the "new" SoC mentality to essentially be a large
series of Requests for Proposals (RFPs).

So I don't think there is a danger that someone submits a proposal to
take over a project and we are unable to "award" them project
leadership. But in routing the proposals through SoC, we get to see
their proposed vision for the project (especially if we end up in a
situation with more than one volunteer) rather than just simply
handing off the project to someone who's spoken up first.

-Jason


On Fri, May 22, 2009 at 2:01 PM, Paulo Coimbra <paulo.coimbra at owasp.org> wrote:
> My answers are below inline.
>
>
>
> Thanks,
>
>
>
> Paulo
>
>
>
> From: li.jason.c at gmail.com [mailto:li.jason.c at gmail.com] On Behalf Of Jason
> Li
> Sent: sexta-feira, 22 de Maio de 2009 18:26
> To: paulo.coimbra at owasp.org
> Cc: global-projects-committee at lists.owasp.org
> Subject: Re: [GPC] OWASP Ajax Security project
>
>
>
> I admit I haven't been tracking very carefully, but have we gotten any
> conflicting volunteers for projects?
>
>
>
> [pc] I have been trying and keeping this spreadsheet
> https://spreadsheets.google.com/a/owasp.org/ccc?key=rHFvhU15v3S3myFqSWQVXyg&hl=en
> permanently updated. Of course, something can have failed me but otherwise
> we just have Anurag’s proposal to assume the Ajax leadership.
>
>
>
> In other words, is there a project out there that appears abandoned that
> more than one person has volunteered to take over?
>
>
>
> [pc] As above, I think not - at least until now.
>
>
>
> Either way, I think our best course of action is to have anyone interested
> in taking over a project submit a proposal to SoC to become the new project
> leader. That allows us to objectively determine whether they should be
> handed the project.
>
>
>
> [pc]  I am not sure. What would happen if a proposal was refused in terms of
> SoC for monetary reasons and we needed a leadership for the project in
> question?
>
>
>
> Thoughts?
>
> --
>
> -Jason Li-
>
> -jason.li at owasp.org-
>
>
>
>
>
>
>
> On Fri, May 22, 2009 at 1:20 PM, Paulo Coimbra <paulo.coimbra at owasp.org>
> wrote:
>
>> Dear Anurag Agarwal,
>
>>
>
>>
>
>>
>
>> Thanks for volunteering to assume the OWASP Ajax Security project
>
>> leadership. The decision belongs to the Global Projects Committee as a
>
>> whole and so I am copying carbon them. I am sure your due answer won’t
>> take long.
>
>>
>
>>
>
>>
>
>> I take the opportunity to inform you that I am dealing with the
>
>> proposal that you have kindly sent off and very soon I will get back
>
>> to you with more information and details.
>
>>
>
>>
>
>>
>
>> Many thanks, regards,
>
>>
>
>> Paulo Coimbra,
>
>>
>
>> OWASP Project Manager
>
>>
>
>>
>
>>
>
>>
>
>>
>
>> Committee,
>
>>
>
>>
>
>>
>
>> For your information please below Anurag Agarwal’s background:
>
>>
>
>>
>
>>
>
>> Anurag Agarwal is a web application security evangelist and Director
>
>> of Education Services at WhiteHat Security. He has 14 years of
>
>> experience designing, developing, managing and (5+ years) securing web
>
>> applications and has worked for companies like Citigroup, Cisco, HSBC
>
>> Bank, GE Medical Systems, etc. He is CISSP certified and a Sun
>
>> Certified Java Developer. He is an active contributor to the web
>
>> application security field and has written several articles on secure
>
>> design and coding, spoken at various conferences and maintains a
>
>> website (http://www.attacklabs.com), where he has published several
>
>> proof of concepts on various attacks. He is associated with WASC and
>
>> OWASP and has a blog on web application security at
>
>> http://myappsecurity.blogspot.com
>
>>
>
>>
>
>>
>
>> Technical Architect : Chander Singh (chander.singh at myappsecurity.com)
>
>>
>
>>
>
>>
>
>> Specific activities and roles:
>
>>
>
>>
>
>>
>
>> Project Management and external interface – Anurag Agarwal Design and
>
>> Development – Anurag Agarwal and Chander Singh Maintenance – Chander
>
>> Singh
>
>>
>
>>
>
>>
>
>>
>
>>
>
>> Thanks,
>
>>
>
>>
>
>>
>
>> Paulo Coimbra,
>
>>
>
>> OWASP Project Manager
>
>>
>
>>
>
>>
>
>> From: Anurag Agarwal [mailto:anurag.agarwal at yahoo.com]
>
>> Sent: segunda-feira, 18 de Maio de 2009 16:57
>
>> To: Paulo Coimbra (OWASP)
>
>> Subject: OWASP Ajax Security project
>
>>
>
>>
>
>>
>
>> Hi Paulo - I would be interested in leading OWASP Ajax Security
>
>> project in case the current leader is not interested. Let me know
>
>>
>
>>
>
>>
>
>> Cheers,
>
>>
>
>>
>
>>
>
>> Anurag Agarwal
>
>>
>
>>
>
>>
>
>> Web: www.attacklabs.com , www.myappsecurity.com
>
>>
>
>> Email : anurag.agarwal at yahoo.com
>
>>
>
>> Blog : http://myappsecurity.blogspot.com
>
>>
>
>>
>
>>
>
>>
>
>>
>
>> _______________________________________________
>
>> Global-projects-committee mailing list
>
>> Global-projects-committee at lists.owasp.org
>
>> https://lists.owasp.org/mailman/listinfo/global-projects-committee
>
>>
>
>>


More information about the Global-projects-committee mailing list