[GPC] New OWASP Project: OWASP Application Security Program for Manager

Paulo Coimbra paulo.coimbra at owasp.org
Thu Jun 17 10:00:46 EDT 2010


Hello Matteo,

 

As requested, I’ve created the OWASP Application Security Program for
Manager’s Project Wiki Page and its Project About tab.

 

http://www.owasp.org/index.php/OWASP_Application_Security_Program_for_Manage
r

 

http://www.owasp.org/index.php/Projects/OWASP_Application_Security_Program_f
or_Manager 

 

Please check it out and let me know if you find any problems or mistakes. 

 

Feel free to add any additional information to the project’s wiki page or to
request assistance regarding its edition.

 

As your project reaches a point that you'd like OWASP to assist in its
promotion, the GPC will need the following to help spread the word about
your project:


 * Project Flyer/Pamphlet (PDF file):
http://globalprojectscommittee.wordpress.com/2009/07/21/what-is-this-project
-flyerpamphlet-thing/. 

 

 * Conference style presentation describing the project in at least 3 slides
-
http://globalprojectscommittee.wordpress.com/2009/07/27/what-is-the-3x-slide
-presentation-thing/

 

As work on your project progresses and you are ready to create a new
release, please let the GPC know of the change in status.  

 

The GPC can work with you to get your project assessed and moved up the
OWASP quality ladder from Alpha to Beta to Stable.  Not every release
requires an assessment - feel free to email the GPC if you are unsure about
your project's requirements.  For examples of projects at various quality
levels, please see the OWASP Project page
http://www.owasp.org/index.php/Category:OWASP_Project. 

That is all for now - I wish you and your project great success.  Thank you
for supporting OWASP's mission.

Should you have any questions or require any further information, please do
not hesitate to contact me. 

Many thanks, best regards,

 

Paulo Coimbra,

 <https://www.owasp.org/index.php/Main_Page> OWASP Project Manager

 

From: Matteo Meucci [mailto:matteo.meucci at owasp.org] 
Sent: sábado, 22 de Maio de 2010 15:01
To: Paulo Coimbra
Cc: Global Projects Committee
Subject: Re: New OWASP Project: OWASP Application Security Program for
Manager

 

Thank you Paulo!

I answer you inline.

Thanks,

Mat

 

On Fri, May 21, 2010 at 5:48 PM, Paulo Coimbra <paulo.coimbra at owasp.org>
wrote:

> Hello Matteo,

> 

> 

> 

> It makes all sense to me – let us see whether or not the OWASP Global 

> Project Committee has any suggestion or recommendation for us.

> 

> 

> 

> Meanwhile, could you please send me the following info over?

> 

> 

> 

> (0) Project Name, (done)

> 

> (1) Project purpose / overview, (done) (done)

> (2) Project Roadmap (as mentioned above), (done)

> (3) Project links (if any) to external sites,

Not at the moment

 

> (4) Project License

> (http://www.owasp.org/index.php/Guidelines_for_OWASP_Projects#Project_

> Licensing),

Creative Commons Attribution ShareAlike 3.0 license

 

> (5) Project Leader name, (done)

> 

> (6) Project Leader email address, (done)

> (7) Project Leader wiki account - the username (you'll need this to 

> edit the wiki), (done)

> (8) Project Maintainer (if any)  - name, email and wiki account (if 

> any),

Matteo Meucci

> (9) Project Contributor(s) (if any) - name email and wiki account (if 

> any),

- Marco Morana - marco.morana at owasp.org

- Giorgio Fedon - giorgio.fedon at gmail.com

- Stefano di Paola - stefano.dipaola at gmail.com

 

> As your project reaches a point that you'd like OWASP to assist in its 

> promotion, the GPC will need the following to help spread the word 

> about your project:

>  * Conference style presentation describing the project in at least 3 

> slides

> -

> http://globalprojectscommittee.wordpress.com/2009/07/27/what-is-the-3x

> -slide-presentation-thing/

> 

>  * Project Flyer/Pamphlet (PDF file) - 

> http://globalprojectscommittee.wordpress.com/2009/07/21/what-is-this-p

> roject-flyerpamphlet-thing/

> 

> As work on your project progresses and you are ready to create a 

> release, please let the GPC know of the change in status.  The GPC can 

> work with you to get your project assessed and moved up the OWASP 

> quality ladder from Alpha to Beta to Stable.  Every release does not 

> require an assessment - feel free to email the GPC if you are unsure 

> about your project's requirements.  For examples of projects at 

> various quality levels, please see the OWASP Project page - 

> http://www.owasp.org/index.php/Category:OWASP_Project

> 

> That is all for now - I wish you and your project great success.  

> Thank you for supporting OWASP's mission.

> 

> Should you have any questions or require any further information, 

> please do not hesitate to contact me.

> 

> Paulo Coimbra,

> 

> OWASP Project Manager

> 

> 

> 

> From: Matteo Meucci [mailto:matteo.meucci at owasp.org]

> Sent: sexta-feira, 21 de Maio de 2010 16:30

> To: Paulo Coimbra

> Subject: New OWASP Project: OWASP Application Security Program for 

> Manager

> 

> 

> 

> Hi Paulo,

> 

> here is my idea for a new OWASP Project.

> 

> 

> 

> DRAFT TITLE: "OWASP Application Security Program for Manager"

> 

> Objective: Create an OWASP Roadmap for the world wide Companies Type 

> of

> project: Awareness

> 

> 

> 

> Why: in 9 years of activities OWASP has become the standard for Web 

> Application Security. We are full of projects that are fantastic 

> resources for developers and testers.

> 

> OWASP SAMM and ASVS address many security managment issues.

> 

> What I see is missing now is a kind of guideline the managers should 

> follow to adhere to the OWASP standards. I see that every security 

> manager has different idea about the secure dev and testing (when and 

> how to perform it).

> 

> This project wants to address the Security Manager point of view and 

> tell him what he should do to implement an efficient Application 

> Security Program.

> 

> In this project we will show all the OWASP Guides and tools and will 

> tell why,how and when to use that. We can do that in function of the 

> size of the organization, management roles and objectives. The idea is 

> for example for a Bank Company,OWASP says to perform a OWASP SAMM 

> assessment every year, to per perform Code Review and WAPT to all 

> critical new software, testing every

> 3 months, ecc... Every activities is linked to an OWASP resource to use.

> 

> 

> 

> Project Leader: Matteo Meucci

> 

> Project Roadmap:

> 

> - 1st June start: create the wiki page, create the mailing list, 

> spread the world this new project to find a set of contributors from 

> the owasp leaders and the main companies that adopt OWASP resources.

> 

> We need all the OWASP experience and the main final users to create a 

> usable and interesting document.

> 

> - 20th june: once create the team, do brainstorming about the document 

> output

> 

> - 15th July: begin to write the guide

> 

> - 15th September :RC1

> 

> - 15th October 2010: FIRST RELEASE

> 

> 

> 

> What do yout think about that?

> 

> Thanks,

> 

> Mat

 

 

 

--

Matteo Meucci

OWASP-Italy Chair, CISSP, CISA

http://www.owasp.org/index.php/Italy

OWASP Testing Guide lead

http://www.owasp.org/index.php/Testing_Guide

Cell: +393283019559

-------------- next part --------------
An HTML attachment was scrubbed...
URL: https://lists.owasp.org/mailman/private/global-projects-committee/attachments/20100617/c088a7d4/attachment-0001.html 


More information about the Global-projects-committee mailing list