[Global_education_committee] is there an Esapi gem for RoR?

Paulo Coimbra paulo.coimbra at owasp.org
Sat May 29 08:31:02 EDT 2010

Hello Paolo,


As requested, I’ve created the
http://www.owasp.org/index.php/Projects/Owasp_Esapi_Ruby wiki page and
placed it here


Please check it out and let me know if you find any problems or mistakes. 


Feel free to add any additional information to the project’s wiki page or to
request assistance regarding its edition.


As your project reaches a point that you'd like OWASP to assist in its
promotion, the GPC will need the following to help spread the word about
your project:

 * Project Flyer/Pamphlet (PDF file):


 * Conference style presentation describing the project in at least 3 slides


As work on your project progresses and you are ready to create a new
release, please let the GPC know of the change in status.  


The GPC can work with you to get your project assessed and moved up the
OWASP quality ladder from Alpha to Beta to Stable.  Not every release
requires an assessment - feel free to email the GPC if you are unsure about
your project's requirements.  For examples of projects at various quality
levels, please see the OWASP Project page

That is all for now - I wish you and your project great success.  Thank you
for supporting OWASP's mission.

Should you have any questions or require any further information, please do
not hesitate to contact me. 

Many thanks, best regards,


Paulo Coimbra,

 <https://www.owasp.org/index.php/Main_Page> OWASP Project Manager


From: Paolo Perego [mailto:thesp0nge at owasp.org] 
Sent: terça-feira, 25 de Maio de 2010 10:39
To: Paulo Coimbra
Cc: Jeff Williams; Global Projects Committee; owasp-esapi at lists.owasp.org
Subject: Re: is there an Esapi gem for RoR?


On Fri, May 21, 2010 at 5:36 PM, Paulo Coimbra <paulo.coimbra at owasp.org>

> Hello Paolo,

Hi Paulo, what's going on?


> Hope you are well. First of all, thank you for volunteering to lead 

> another OWASP Project.  It is with volunteers like yourself that OWASP 

> continues to succeed in making application security visible.

I'm very well and thanks a lot for you kind words. I like being port of the
Owasp project, so it's a pleasure to me to helping spread the voice.


> Second, regarding your new leadership of this project, I'd like to 

> request that you send (if possible) a project roadmap - basically the 

> high level

I'm scared about writing down a formal roadmap, due the lessons learned from
the Owasp Orizon project. I learnt that external issues can slow down or can
request some directions change so you have to correct the roadmap very
often. However I'll try building it.


> To get your project started, here are a couple of references for your

> review:

I got it.


> Details to create your project page:

> (0) Project Name,

Owasp Esapi Ruby

> (1) Project purpose / overview,

The Owasp Esapi Ruby is a port for outstanding release quality Owasp Esapi
project to the Ruby programming language.

The idea is to build a Ruby gem (the standard ruby library archive

format) containing the Esapi concepts implemented in Ruby classes so people
using Ruby in their Rails application can have security into them.


> (2) Project Roadmap (as mentioned above),

Reference guides first for this project.


* Now to October 2010 - Project documentation. The idea is to start looking
at the concepts behind ESAPI and matching to Ruby classes, design the
overall library architecture, the class public methods and stuff like that.

Ideally, 31st October deliverables will be:

1) "The Owasp Esapi Ruby development guide" (a book containing the behind
the scenes of the library)

2) "The Owasp Esapi Ruby user guide" (a book containing how to use it and
some examples)


* November 2010 - May 2011 - Project implemenation. All the interfaces, all
the classes mentioned in the guides must be created and filled up with
(working :-)) code.

During those months, we will follow the release early, release often mantra
so we'll periodically release intermediate gem versions.

My idea is to release monthly.

Owasp Esapi Ruby 1.0.0 will start Release Candidate the 31st May 2011.

GPC will be prompted to assess the Project as Beta quality.



* June 2011 - July 2011 - Project consolidation. Community will be pushed
for comments, feature requests, "must have" that we must put in the first
major version.

Apis Freeze will be 31st July 2011


* August 2011 - Let's fix the bug!


* September 2011 - The date of Owasp AppSec '11 (you'll say :-)) Owasp Esapi
Ruby 1.0.0 final release.

GPC will pe prompted to assess the project as Release quality.


I hope this roadmap is loose enough to compensate "external issues" / other
projects live.


> (3) Project links (if any) to external sites,


I love using git and github for all my opensource projects, I also moved
orizon there. So github will host the source code and the web page that will
be accessible from owasp-esapi-ruby.github.com.

Links aren't there yet. I still have to start the repository.

All the releases will be available both on github than http://rubygems.org/
that is a ruby gems distribution site making available the gems for every
ruby developers.


> (4) Project License

> (http://www.owasp.org/index.php/Guidelines_for_OWASP_Projects#Project_

> Licensing),

BSD - the same as Owasp Esapi friends


> (5) Project Leader name,

Paolo Perego


> (6) Project Leader email address,

thesp0nge at owasp.org


> (7) Project Leader wiki account - the username (you'll need this to 

> edit the wiki),



> (8) Project Maintainer (if any)  - name, email and wiki account (if 

> any),

Paolo Perego, thesp0nge at owasp.org,


> (9) Project Contributor(s) (if any) - name email and wiki account (if 

> any),

kuai hinojosa - kuai.hinojosa at owasp.org -


> That is all for now - I wish you and your project great success.  

> Thank you for supporting OWASP's mission.

I hope so :-)





"... static analysis is fun, again!"


OWASP Orizon project leader, http://orizon.sourceforge.net Owasp Italy R&D

-------------- next part --------------
An HTML attachment was scrubbed...
URL: https://lists.owasp.org/pipermail/global_education_committee/attachments/20100529/3fa0c0ca/attachment.html 

More information about the Global_education_committee mailing list