[GPC] [Owasp-guide] Welcome to OWASP Foundation

Paulo Coimbra paulo.coimbra at owasp.org
Tue Jul 20 07:08:52 EDT 2010


Hello Andrew et al,

 

As for the question you have asked me, I would say that the terms of GPC's
typical intervention are defined in here
http://docs.google.com/View?id=dcn8962c_82g9sr6nck 

 

Thanks,

 

Paulo Coimbra,

 <https://www.owasp.org/index.php/Main_Page> OWASP Project Manager

 

From: Andrew van der Stock [mailto:vanderaj at owasp.org] 
Sent: segunda-feira, 19 de Julho de 2010 22:46
To: Anurag Agarwal
Cc: 'Vishal Garg'; 'Paulo Coimbra'
Subject: Re: [Owasp-guide] Welcome to OWASP Foundation

 

I had a view that we should be updating the Development Guide to be relevant
document in 2010, but then the ASVS came out, and it made sense to align and
update the content. 

 

In my view, 

 

*	The headings should be aligned with ASVS, so that there's at least a
1:1 mapping between the ASVS and the Development Guide. There will be more
entries in the Guide, but I would like it if section 7.3 in both ASVS and
Guide were on the same topic (Master secrets are protected). That's my view,
and I'm sure that this is what Mike was aiming for. 
*	When I wrote the 2.0 update, my goal was to be comprehensive,
because at the time, there was no Testing or Code Review Guides. It's been
my view since around 2007 that (pen) testing and code review content in the
existing materials is removed to those other guides, and *building*
materials only to be left in its place. 
*	The content when we finalize / publish must be bang up to date and
best of breed for 2010 - 2012. It takes a long time for updates, so giving
advice suitable for 2005 era is not useful nor in keeping with the OWASP
mission. 

 

However, as the new leaders, the Development Guide's path is for you to work
out, but the above was my plan, and I think Mike's. Once you have a plan,
please update the Wiki. :)

 

@Paolo - what notifications does the GPC need from each project?

 

No matter what, good luck, and don't hesitate to ask me questions. I don't
have a lot of time but I will try to answer them as best I can. 

 

thanks,

Andrew

 

On 19/07/2010, at 2:36 PM, Anurag Agarwal wrote:





Will do.

 

On a different note, I was talking to Vishal and it appears there is no
clearly defined goal for this initiative. So my question to both of you is

 

Are we just looking at ASVS alignment or are we looking at revising the
content to adding new stuff as well?

 

P.S. - Should I send this mail to GPC?

 

Thanks

Anurag

 

 

From: Andrew van der Stock [mailto:vanderaj at owasp.org] 
Sent: Monday, July 19, 2010 5:30 PM
To: Anurag Agarwal; Vishal Garg
Cc: Paulo Coimbra
Subject: Re: [Owasp-guide] Welcome to OWASP Foundation

 

Done - and Vishal is also admin.

 

I'm okay if you make me a contributor for the OWASP Guide project as I'm not
likely to be back in the short to medium term. 

 

Can you please add Paulo as a project admin - the GPC should be able to do
this for every OWASP project. 

 

thanks,

Andrew

 

On 19/07/2010, at 2:26 PM, Anurag Agarwal wrote:






anuraag.agarwwal at gmail.com

 

No virus found in this incoming message.
Checked by AVG - www.avg.com
Version: 9.0.839 / Virus Database: 271.1.1/3014 - Release Date: 07/19/10
14:36:00

 

-------------- next part --------------
An HTML attachment was scrubbed...
URL: https://lists.owasp.org/mailman/private/global-projects-committee/attachments/20100720/f958cd90/attachment-0001.html 


More information about the Global-projects-committee mailing list