[Global_chapter_committee] [Owasp-pci-project] Draft Project Plan - May 2011

Tom Brennan tomb at owasp.org
Thu May 12 00:14:27 EDT 2011


Like that you have a project plan seems it involved every committee.  Perhaps what I am missing here is what would you like to achieve with this effort?  

End Game - How do you know when the project is completed - what is the goal?

When Trey Ford and I talked about him starting this project is was about pointing out shortcomings to PCI and application security.. the project never got off the ground after he left WhiteHat.   Clarification can help crowd source on the effort.  As you are well aware PCI is to protect the card brands that is pushed to the processors and the merchants to limit liability to the..... card brands.  


On May 11, 2011, at 11:36 PM, Christian Heinrich wrote:

> I have uploaded a revised Project Plan to
> https://files.me.com/cmlh/4hbutu (link valid for 30 days) with the
> following amendments:
> 
> 1. 3-D Secure will be an independent OWASP Project from this OWASP
> (PCI) Project.
> 2. Visa have formed a relationship with SANS related to PA-DSS
> Training i.e. http://www.sans.org/visatop10/
> 
> If there are no further comments, suggestions, flames, etc then I will
> commence the negotiations with resources listed after AusCERT 2011
> i.e. from 17 May hence why I haven't included other OWASP Mailing
> Lists yet.
> 
> On Mon, Apr 25, 2011 at 7:50 PM, Christian Heinrich
> <christian.heinrich at owasp.org> wrote:
>> ... and 3DSecure possibly encapsulated under PCI-DSS?
>> 
>> On Mon, Apr 25, 2011 at 7:47 PM, Christian Heinrich
>> <christian.heinrich at owasp.org> wrote:
>>> Another task would be PBAP which could be encapsulated under PA-DSS
>>> 
>>> On Sun, Apr 24, 2011 at 10:17 AM, Christian Heinrich
>>> <christian.heinrich at owasp.org> wrote:
>>>> I have uploaded the draft project plan to
>>>> https://files.me.com/cmlh/7ase5d (link valid for 30 days) based on our
>>>> thread from March i.e.
>>>> https://lists.owasp.org/pipermail/owasp-pci-project/2011-March/thread.html
>>>> 
>>>> To view the .pod requires http://openproj.org/ and I have also
>>>> included a screenshot within the .tar.gz also.
>>>> 
>>>> Background information on the notes within the .pod is available from
>>>> https://lists.owasp.org/pipermail/owasp-pci-project/2011-March/thread.html.
>>>> 
>>>> Please note that while the dates for the PCI SCC Community Meeting are
>>>> correct the effort of each task has not been estimated so the value of
>>>> "1 Day" will be incorrect.
>>>> 
>>>> I have also attempted to document the various interactions with other
>>>> OWASP Committees, the PCI SSC and a PA-QSA.
>>>> 
>>>> Please let me know if there are any errors, tasks which I may have
>>>> unintentionally left out, etc?
>>>> 
>>>> Also, please expect a delay in my reply until 11 May as I will be
>>>> travelling i.e. http://www.dopplr.com/traveller/cmlh and I intent to
>>>> commence the negotiations with resources listed after AusCERT 2011
>>>> i.e. from 17 May hence why I haven't included other OWASP Mailing
>>>> Lists yet.
> 
> -- 
> Regards,
> Christian Heinrich
> http://www.owasp.org/index.php/user:cmlh
> _______________________________________________
> Owasp-pci-project mailing list
> Owasp-pci-project at lists.owasp.org
> https://lists.owasp.org/mailman/listinfo/owasp-pci-project



More information about the Global_chapter_committee mailing list