Paulo Coimbra paulo.coimbra at owasp.org
Thu Apr 14 09:05:40 EDT 2011

Hello David,


Thank you for getting back to me. As for your question regarding the level
of roadmap's detail, I would say that we haven't a closed prescriptive
measure to deal with this question. In my view, in general terms, a roadmap
serves essentially to set up a possible sub-set of operations and needed
resources, including time, to achieve an ultimate, previously determined,
objective. More concretely in terms of OWASP culture, I would say that a
roadmap as detailed as possible, in principle, facilitates the engagement,
the potential contribution, of our comprehensive community of volunteers. It
also allows the OWASP Projects Committee (GPC) to step in and provide


However, having said that, please note that we also have projects with
roadmaps extremely open and minimally detailed.  Sometimes it is a strategic
decision that envisages keeping the research scope as open as possible. In
other circumstances, to be honest, it seems to me that it is just the result
of the amount of time a project leader has to donate to OWASP.


In a nutshell, I would also say that being OWASP a community of volunteers
it is very open to all kind of approaches, styles and levels of effort and
we always count on cross collaboration to limit any possible shortage that a
project or initiative may momentarily have.


I hope that this may help but please feel free to get back to me whenever
you feel we can be of any help.


Nevertheless, the GPC is being carbon copied. Let us see if they provide us
other perspective.



- Paulo


Paulo Coimbra,

 <http://www.owasp.org/index.php/User:Paulo_Coimbra> OWASP Project Manager


From: David Rajchenbach-Teller [mailto:David.Teller at mlstate.com] 
Sent: quinta-feira, 14 de Abril de 2011 10:16
To: Paulo Coimbra
Cc: 'Dave Wichers'; 'Global Projects Committee'
Subject: Re: OWASP OPA


          Hi Paulo,

 Thanks for the details. I'll provide all of this as soon as possible. How
much detail do you need for the roadmap?


Best regards,




  David Rajchenbach-Teller

  CSO, MLstate


On Apr 11, 2011, at 7:20 PM, Paulo Coimbra wrote:

Hi David,


First of all, thank you for volunteering to lead an OWASP Project.  It is
with volunteers like yourself that OWASP continues to succeed in making
application security visible.

Second, regarding your new leadership of this project, I'd like to request
that you send a project roadmap - basically the high level details of where
you'd like to take the project.  The OWASP Global Projects Committee (GPC)
will look at the roadmap and provide feedback on your project:  suggesting
projects which are closely related, resources and contacts which may assist
your efforts and any other suggestions to increase your project's success.


To get your project started, here are a couple of references for your

 - The Guidelines for OWASP Projects provide a quick overview of items key
to a projects success

 - OWASP's Assessment Criteria is the metric by which projects are
evaluated.  There are three categories for projects: Alpha, Beta, and Stable
(former Release).  The Assessment Criteria allows project leaders to know
what aspects of projects OWASP values


 - OWASP's GPC blog - http://globalprojectscommittee.wordpress.com/,

Your project will have an OWASP wiki page to inform and promote your project
to the OWASP community.  To setup your project's page, please provide the
details below so that the GPC can establish your initial project page.  The
details provided will be used to complete OWASP's project template.  Feel
free to add any additional information to wiki page or request assistance
about how to add to your projects wiki page.

Details to create your project page:
(0) Project Name,

(1) Project purpose / overview,
(2) Project Roadmap (as mentioned above),
(3) Project links (if any) to external sites,
(4) Project License
(5) Project Leader name,

(6) Project Leader email address,
(7) Project Leader wiki account - the username* (you'll need this to edit
the wiki - http://www.owasp.org/index.php/Tutorial),
(8) Project Contributor(s) (if any) - name email and wiki account (if any),

As your project reaches a point that you'd like OWASP to assist in its
promotion, the GPC will need the following to help spread the word about
your project:

 * Conference style presentation describing the project in at least 3 slides

 * Project Flyer/Pamphlet (PDF file) -

As work on your project progresses and you are ready to create a release,
please let the GPC know of the change in status.  The GPC can work with you
to get your project assessed and moved up the OWASP quality ladder from
Alpha to Beta to Stable.  Every release does not require an assessment -
feel free to email the GPC if you are unsure about your project's
requirements.  For examples of projects at various quality levels, please
see the OWASP Project page

That is all for now - I wish you and your project great success.  Thank you
for supporting OWASP's mission.

Should you have any questions or require any further information, please do
not hesitate to contact me. 

Many thanks, best regards,


- Paulo


* I suggest that, meanwhile, if you still do not have one, you create an
OWASP wiki username so that you can edit our wiki pages.

- <https://www.owasp.org/index.php?title=Special:UserLogin&type=signup>

- Please fill in your OWASP wiki username page with your above referred
Bio/Curriculum, Wiki Contributions and Email Address. Those elements will
help us with building a proper idea of your technical profile and will
facilitate the contact within OWASP contributors.
Seehttp://www.owasp.org/index.php/User:Mtesauro for an example.


Paulo Coimbra,

 <http://www.owasp.org/index.php/User:Paulo_Coimbra> OWASP Project Manager


-------------- next part --------------
An HTML attachment was scrubbed...
URL: https://lists.owasp.org/pipermail/global-projects-committee/attachments/20110414/1cd41458/attachment.html 

More information about the Global-projects-committee mailing list