[Global_education_committee] [GPC] OWASP Project Proposal

Paulo Coimbra paulo.coimbra at owasp.org
Sun Oct 24 19:55:21 EDT 2010


Martin, GEC,

 

Please see below Jason's reference to the GEC with regards a new project we
have just set up - the OWASP Application Security Skills Assessment Project
- and its educational interest.  

 

Thanks,

- Paulo

 

 

Paulo Coimbra,

 <http://www.owasp.org/index.php/User:Paulo_Coimbra> OWASP Project Manager

 

From: li.jason.c at gmail.com [mailto:li.jason.c at gmail.com] On Behalf Of Jason
Li
Sent: segunda-feira, 25 de Outubro de 2010 00:53
To: Paulo Coimbra
Cc: Neil Smithline; Global Projects Committee
Subject: Re: [GPC] OWASP Project Proposal

 

All,

 

My apologies for not responding to this sooner.

 

I think this is a great idea and you should collaborate with folks from the
OWASP Education project to leverage some of their work.

 

The only thing I would caution you about is that this project idea walks a
very close line to the idea of an OWASP certification project.

The idea of an OWASP Certification - to denote individuals that possess some
minimal set of application security skills - has been brought up on many
occasions at OWASP and has repeatedly met with adverse reaction from the
community.

 

While I don't think this project is pushing in that direction yet, I imagine
that there will be some people that will view it as such. As a result, you
will probably want to be careful about how you present the project so as not
to provoke the negative connotation that is associated with an OWASP
certification.

 

-Jason

 

On Thu, Oct 14, 2010 at 10:11 AM, Paulo Coimbra <paulo.coimbra at owasp.org>
wrote:

> Hello Neil,

> 

> 

> 

> First of all, thank you for volunteering to lead an OWASP Project.  It 

> is with volunteers like yourself that OWASP continues to succeed in 

> making application security visible.

> 

> Second, regarding your new leadership of this project, please give us 

> a few days to allow the OWASP Global Projects Committee (GPC) to look 

> at the roadmap you have sent and to provide feedback.

> 

> 

> 

> I will get back to you soon with more info and details.

> 

> 

> 

> Many thanks, best regards,

> 

> 

> 

> Paulo Coimbra,

> 

> OWASP Project Manager

> 

> 

> 

> From: Neil Smithline [mailto:Neil.Smithline at owasp.org]

> Sent: quinta-feira, 14 de Outubro de 2010 05:41

> To: paulo.coimbra at owasp.org

> Subject: OWASP Project Proposal

> 

> 

> 

> Paolo,

> 

> The information on the OWASP wiki for proposing an OWASP project 

> seemed to be at least a year old. A pointer to your email was the most
recent I found.

> Please let me know if I should have sent this elsewhere.

> 

> Thank you,

> Neil Smithline

> 

> Project Name: OWASP Application Security Skills Assessment (OWASP 

> ASSA) Project Purpose: Help individuals understand their strengths and 

> weaknesses in specific application security skills with the aim of 

> enabling them to focus their training in the most efficient and
appropriate manner.

> Project Overview: An online, multiple-choice quiz. Upon completion of 

> the quiz, for each question, it will tell the quiz taker whether they 

> had the correct or incorrect answer, a discussion of the question, the 

> specific application security areas the question focused on, a 

> discussion about the correct an incorrect answers, and links to further
references.

> Project Roadmap: All times are given from date project approval is given.

> Some tasks will occur concurrently.

> 

> Start+2 weeks: (hopefully) recruit team members. I think that it would 

> Start+work

> best as a 3-4 person team. This ensures that there is a sufficient 

> breadth of knowledge to write and review the questions and answers.

> Start+6 weeks: Identify quiz hosting solution and get approval from 

> Start+OWASP

> leadership and IT that the technology solution is acceptable.

> Start+8 weeks: Produce beta version of quiz. I have approximately 10

> questions that can be used as the foundation

> Start+12 weeks: Release initial version.

> Assuming the project is successful, there can be additional ASSA's
written.

> You can view the 1.0 ASSA described in this proposal as a "General" ASSA.

> Subsequent ASSAs could include "Expert" ASSAs covering more difficult 

> topics as well as "Subject" ASSAs focusing on a specific topic.

> 

> Project links (if any) to external sites: None yet but this would 

> likely be hosted on another site and embedded into OWASP's site as the 

> wiki does not facilitate quiz taking and grading.

> Project License: CC Attribution ShareAlike 3.0 with myself and OWASP 

> as the authors Project Leader name: Neil Smithline Project Leader 

> email address: Neil.Smithline at owasp.org Project Leader wiki account: 

> Neil Smithline Project Contributor(s) (if any): TBD Project Main Links 

> (if any): TBD

> 

> _______________________________________________

> Global-projects-committee mailing list 

> Global-projects-committee at lists.owasp.org

> https://lists.owasp.org/mailman/listinfo/global-projects-committee

> 

> 

-------------- next part --------------
An HTML attachment was scrubbed...
URL: https://lists.owasp.org/pipermail/global_education_committee/attachments/20101025/0ac461ae/attachment.html 


More information about the Global_education_committee mailing list