[Owasp-board] Spring Of Code

Dinis Cruz dinis at ddplus.net
Wed Jan 24 19:03:05 UTC 2007


Well the 'Aspect' ratio could be an issue in the future, but I don't
think that it is now (and nobody can question the amount time and
effort that they put into OWASP)

That said, I have heard that comment before, and it might be good to
add a paragraph of two to that page about this issue (maybe with an
official statement from Aspect).

In fact Aspect is a very good example of a company that puts a lot
into OWASP and also gets alot, so it wouldn't hurt to write a case
study about it (it also would be very good to expose to everybody how
much Aspect puts into OWASP (I (Dinis) know about it, but most don't))
.

Jeff, Dave, Andrew, what do you think about this two ideas (paragraph
in How_OWASP_Works page and case study on Aspect's OWASP
relationship)?

Dinis

On 1/24/07, Eoin <eoinkeary at gmail.com> wrote:
> Soz about that. Did not get to read that newsletter.
>
> Just one thing  I'd say you might hear in the future, and may of heard
> before from begrudgers/other security groups:
> "Hey look, most of the  board members are in the same company (Aspect)".
>
> Dont get me wrong, as you know I've been working for you guys for a number
> of years now but do you see what I mean? or is it me just being paranoid? :)
>
>
>
>
> On 24/01/07, Dinis Cruz <dinis at ddplus.net> wrote:
> > You should be reading more carefully the last newsletter :)
> >
> > Here are details about the current OWASP board:
> > http://www.owasp.org/index.php/How_OWASP_Works
> >
> > The reason you (and everybody else) need to compete is to make sure
> > that SpoC is a fair and open exercise.
> >
> > That said, if you look at the selection criteria for the AoC (and SpoC
> > should be very similar if not the same)
> >
> http://www.owasp.org/index.php/OWASP_Autumn_of_Code_2006_-_Selection
> > you will see that you (and any active OWASP project leader) have a
> > very high probability to have your proposal(s) accepted
> >
> > Dinis
> >
> > On 1/24/07, Eoin <eoinkeary at gmail.com > wrote:
> > > Thanks Dinis,
> > > Funny that I have to compete with other people to get sponsorship for a
> > > guide i started.
> > > But i will submit to the SpoC for the Code review guide.
> > >
> > > May I ask who is currently on the OWASP board and who selects them?
> > >
> > > Thanks again,
> > > cheers,
> > > Eoin
> > >
> > >
> > >
> > >
> > >
> > >
> > > On 24/01/07, Dinis Cruz <dinis at ddplus.net> wrote:
> > > > Hi Eoin,
> > > >
> > > > Of course that the Code Review can apply to the SpoC (Spring of Code),
> > > > in fact I would be surprised if if didn't receive 1, 2 or even 3
> > > > sponshorships :)   . It will all depend on the quality of the
> > > > proposals. As project leader you should be thinking on how you want
> > > > that to work
> > > >
> > > > I also would like to have a proposal on the 'very discussed'
> > > code-auditing-tool.
> > > >
> > > > If I was you, this is how I would aproach it:
> > > >
> > > > 1) ask the question 'in an ideal world what resources I would like
> > > > to have in this project for the next 3 months'
> > > > 2) send that plan to the mailing list with your ideas projects and
> > > > ask for participants (you can also hand pick them if you know who you
> > > > want). I'm assuming that one proposal will be comming from you
> > > > 3) appy to the SpoC
> > > >
> > > > Yesterday, we had a Owasp board conference call where we decided to
> > > > allocate $100,000 USD to the SpoC (final details still to be defined)
> > > > so we will be able to increase substancially the number of
> > > > sponshorships given.
> > > >
> > > > In principle I will be the one organizing the SpoC and the current
> > > > plan is to make the first anoucement in the 1st of Feb.
> > > >
> > > > Dinis Cruz
> > > > Chief OWASP Evangelist
> > > > http://www.owasp.org
> > > >
> > > >
> > > >
> > > >
> > > > On 1/24/07, Eoin < eoinkeary at gmail.com> wrote:
> > > > > Hi,
> > > > > Can the Code review guide be considered for the  Spring of Code or
> seen
> > > as
> > > > > there is momentum behind it already it is too "far-gone"?
> > > > > I shall apply for it through the usual channels. I don't know who
> will
> > > be
> > > > > the coordinator as this time I wish to be tech lead (I regret not
> being
> > > tech
> > > > > lead for the Testing guide), maybe Dave Witchers or Jeff (Dinis has
> too
> > > > > much to do :0) ).
> > > > > what you guys think?
> > > > >
> > > > > Also
> > > > >
> > > > > We need to think about integration into the  Metrics project. (or is
> > > this
> > > > > dead, not much activity on the site).
> > > > >
> > > > >
> > > > >
> > > > > --
> > > > > Eoin Keary OWASP - Ireland
> > > > > http://www.owasp.org/local/ireland.html
> > > > >
> http://www.owasp.org/index.php/OWASP_Testing_Project
> > > > >
> > >
> http://www.owasp.org/index.php/OWASP_Code_Review_Project
> > > >
> > > >
> > > > --
> > > >
> > >
> > >
> > >
> > > --
> > >
> > > Eoin Keary OWASP - Ireland
> > > http://www.owasp.org/local/ireland.html
> > > http://www.owasp.org/index.php/OWASP_Testing_Project
> > >
> http://www.owasp.org/index.php/OWASP_Code_Review_Project
> >
> >
> > --
> > Dinis Cruz
> > Chief OWASP Evangelist, Are you a member yet?
> > http://www.owasp.org
> >
>
>
>
> --
>
> Eoin Keary OWASP - Ireland
> http://www.owasp.org/local/ireland.html
> http://www.owasp.org/index.php/OWASP_Testing_Project
> http://www.owasp.org/index.php/OWASP_Code_Review_Project


-- 
Dinis Cruz
Chief OWASP Evangelist, Are you a member yet?
http://www.owasp.org



More information about the Owasp-board mailing list