[Global_education_committee] [GPC] OWASP Project Proposal

Paulo Coimbra paulo.coimbra at owasp.org
Sun Oct 24 19:55:21 EDT 2010

Martin, GEC,


Please see below Jason's reference to the GEC with regards a new project we
have just set up - the OWASP Application Security Skills Assessment Project
- and its educational interest.  



- Paulo



Paulo Coimbra,

 <http://www.owasp.org/index.php/User:Paulo_Coimbra> OWASP Project Manager


From: li.jason.c at gmail.com [mailto:li.jason.c at gmail.com] On Behalf Of Jason
Sent: segunda-feira, 25 de Outubro de 2010 00:53
To: Paulo Coimbra
Cc: Neil Smithline; Global Projects Committee
Subject: Re: [GPC] OWASP Project Proposal




My apologies for not responding to this sooner.


I think this is a great idea and you should collaborate with folks from the
OWASP Education project to leverage some of their work.


The only thing I would caution you about is that this project idea walks a
very close line to the idea of an OWASP certification project.

The idea of an OWASP Certification - to denote individuals that possess some
minimal set of application security skills - has been brought up on many
occasions at OWASP and has repeatedly met with adverse reaction from the


While I don't think this project is pushing in that direction yet, I imagine
that there will be some people that will view it as such. As a result, you
will probably want to be careful about how you present the project so as not
to provoke the negative connotation that is associated with an OWASP




On Thu, Oct 14, 2010 at 10:11 AM, Paulo Coimbra <paulo.coimbra at owasp.org>

> Hello Neil,




> First of all, thank you for volunteering to lead an OWASP Project.  It 

> is with volunteers like yourself that OWASP continues to succeed in 

> making application security visible.


> Second, regarding your new leadership of this project, please give us 

> a few days to allow the OWASP Global Projects Committee (GPC) to look 

> at the roadmap you have sent and to provide feedback.




> I will get back to you soon with more info and details.




> Many thanks, best regards,




> Paulo Coimbra,


> OWASP Project Manager




> From: Neil Smithline [mailto:Neil.Smithline at owasp.org]

> Sent: quinta-feira, 14 de Outubro de 2010 05:41

> To: paulo.coimbra at owasp.org

> Subject: OWASP Project Proposal




> Paolo,


> The information on the OWASP wiki for proposing an OWASP project 

> seemed to be at least a year old. A pointer to your email was the most
recent I found.

> Please let me know if I should have sent this elsewhere.


> Thank you,

> Neil Smithline


> Project Name: OWASP Application Security Skills Assessment (OWASP 

> ASSA) Project Purpose: Help individuals understand their strengths and 

> weaknesses in specific application security skills with the aim of 

> enabling them to focus their training in the most efficient and
appropriate manner.

> Project Overview: An online, multiple-choice quiz. Upon completion of 

> the quiz, for each question, it will tell the quiz taker whether they 

> had the correct or incorrect answer, a discussion of the question, the 

> specific application security areas the question focused on, a 

> discussion about the correct an incorrect answers, and links to further

> Project Roadmap: All times are given from date project approval is given.

> Some tasks will occur concurrently.


> Start+2 weeks: (hopefully) recruit team members. I think that it would 

> Start+work

> best as a 3-4 person team. This ensures that there is a sufficient 

> breadth of knowledge to write and review the questions and answers.

> Start+6 weeks: Identify quiz hosting solution and get approval from 

> Start+OWASP

> leadership and IT that the technology solution is acceptable.

> Start+8 weeks: Produce beta version of quiz. I have approximately 10

> questions that can be used as the foundation

> Start+12 weeks: Release initial version.

> Assuming the project is successful, there can be additional ASSA's

> You can view the 1.0 ASSA described in this proposal as a "General" ASSA.

> Subsequent ASSAs could include "Expert" ASSAs covering more difficult 

> topics as well as "Subject" ASSAs focusing on a specific topic.


> Project links (if any) to external sites: None yet but this would 

> likely be hosted on another site and embedded into OWASP's site as the 

> wiki does not facilitate quiz taking and grading.

> Project License: CC Attribution ShareAlike 3.0 with myself and OWASP 

> as the authors Project Leader name: Neil Smithline Project Leader 

> email address: Neil.Smithline at owasp.org Project Leader wiki account: 

> Neil Smithline Project Contributor(s) (if any): TBD Project Main Links 

> (if any): TBD


> _______________________________________________

> Global-projects-committee mailing list 

> Global-projects-committee at lists.owasp.org

> https://lists.owasp.org/mailman/listinfo/global-projects-committee



-------------- next part --------------
An HTML attachment was scrubbed...
URL: https://lists.owasp.org/pipermail/global_education_committee/attachments/20101025/0ac461ae/attachment.html 

More information about the Global_education_committee mailing list