[Owasp-board] Spring Of Code

Andrew van der Stock vanderaj at owasp.org
Wed Jan 24 21:34:16 UTC 2007


I can't speak for Aspect (that's Jeff and Dave's realm), but one of the main
reasons I wanted to join Aspect and not IOActive or @stake or any of the
other firms is that Aspect really contributed to OWASP in a huge and
concrete way. 

As Dave and Jeff know I'm very hard core about Aspect / home life
separation. Until my latest trip away from home, I didn't have any OWASP
mail or my full OWASP folder on my work laptop. As soon as it's practical to
make it separate again, my work laptop will be devoid of any OWASP stuff
unrelated to my day to day work.

That said, I really appreciate the way Aspect supports my out of hours
endeavors with OWASP. There are few consulting firms that would do that. I
know if I worked for MS or Google, it'd be really hard.

In other news...

We prioritized the list of things to be done this year last night, and due
to the number of things on various folks plates (including mine), it may be
a while before we get the Foundation bylaws into place. We have not
forgotten it - Dinis is talking to Mozilla today for instance. Once the
Foundation stuff happens though, board will become elected, and at that
stage any member in good  standing can nominate for a position to be
directly elected by the membership.

Thanks,
Andrew


On 1/24/07 2:03 PM, "Dinis Cruz" <dinis at ddplus.net> wrote:

> Well the 'Aspect' ratio could be an issue in the future, but I don't
> think that it is now (and nobody can question the amount time and
> effort that they put into OWASP)
> 
> That said, I have heard that comment before, and it might be good to
> add a paragraph of two to that page about this issue (maybe with an
> official statement from Aspect).
> 
> In fact Aspect is a very good example of a company that puts a lot
> into OWASP and also gets alot, so it wouldn't hurt to write a case
> study about it (it also would be very good to expose to everybody how
> much Aspect puts into OWASP (I (Dinis) know about it, but most don't))
> .
> 
> Jeff, Dave, Andrew, what do you think about this two ideas (paragraph
> in How_OWASP_Works page and case study on Aspect's OWASP
> relationship)?
> 
> Dinis
> 
> On 1/24/07, Eoin <eoinkeary at gmail.com> wrote:
>> Soz about that. Did not get to read that newsletter.
>> 
>> Just one thing  I'd say you might hear in the future, and may of heard
>> before from begrudgers/other security groups:
>> "Hey look, most of the  board members are in the same company (Aspect)".
>> 
>> Dont get me wrong, as you know I've been working for you guys for a number
>> of years now but do you see what I mean? or is it me just being paranoid? :)
>> 
>> 
>> 
>> 
>> On 24/01/07, Dinis Cruz <dinis at ddplus.net> wrote:
>>> You should be reading more carefully the last newsletter :)
>>> 
>>> Here are details about the current OWASP board:
>>> http://www.owasp.org/index.php/How_OWASP_Works
>>> 
>>> The reason you (and everybody else) need to compete is to make sure
>>> that SpoC is a fair and open exercise.
>>> 
>>> That said, if you look at the selection criteria for the AoC (and SpoC
>>> should be very similar if not the same)
>>> 
>> http://www.owasp.org/index.php/OWASP_Autumn_of_Code_2006_-_Selection
>>> you will see that you (and any active OWASP project leader) have a
>>> very high probability to have your proposal(s) accepted
>>> 
>>> Dinis
>>> 
>>> On 1/24/07, Eoin <eoinkeary at gmail.com > wrote:
>>>> Thanks Dinis,
>>>> Funny that I have to compete with other people to get sponsorship for a
>>>> guide i started.
>>>> But i will submit to the SpoC for the Code review guide.
>>>> 
>>>> May I ask who is currently on the OWASP board and who selects them?
>>>> 
>>>> Thanks again,
>>>> cheers,
>>>> Eoin
>>>> 
>>>> 
>>>> 
>>>> 
>>>> 
>>>> 
>>>> On 24/01/07, Dinis Cruz <dinis at ddplus.net> wrote:
>>>>> Hi Eoin,
>>>>> 
>>>>> Of course that the Code Review can apply to the SpoC (Spring of Code),
>>>>> in fact I would be surprised if if didn't receive 1, 2 or even 3
>>>>> sponshorships :)   . It will all depend on the quality of the
>>>>> proposals. As project leader you should be thinking on how you want
>>>>> that to work
>>>>> 
>>>>> I also would like to have a proposal on the 'very discussed'
>>>> code-auditing-tool.
>>>>> 
>>>>> If I was you, this is how I would aproach it:
>>>>> 
>>>>> 1) ask the question 'in an ideal world what resources I would like
>>>>> to have in this project for the next 3 months'
>>>>> 2) send that plan to the mailing list with your ideas projects and
>>>>> ask for participants (you can also hand pick them if you know who you
>>>>> want). I'm assuming that one proposal will be comming from you
>>>>> 3) appy to the SpoC
>>>>> 
>>>>> Yesterday, we had a Owasp board conference call where we decided to
>>>>> allocate $100,000 USD to the SpoC (final details still to be defined)
>>>>> so we will be able to increase substancially the number of
>>>>> sponshorships given.
>>>>> 
>>>>> In principle I will be the one organizing the SpoC and the current
>>>>> plan is to make the first anoucement in the 1st of Feb.
>>>>> 
>>>>> Dinis Cruz
>>>>> Chief OWASP Evangelist
>>>>> http://www.owasp.org
>>>>> 
>>>>> 
>>>>> 
>>>>> 
>>>>> On 1/24/07, Eoin < eoinkeary at gmail.com> wrote:
>>>>>> Hi,
>>>>>> Can the Code review guide be considered for the  Spring of Code or
>> seen
>>>> as
>>>>>> there is momentum behind it already it is too "far-gone"?
>>>>>> I shall apply for it through the usual channels. I don't know who
>> will
>>>> be
>>>>>> the coordinator as this time I wish to be tech lead (I regret not
>> being
>>>> tech
>>>>>> lead for the Testing guide), maybe Dave Witchers or Jeff (Dinis has
>> too
>>>>>> much to do :0) ).
>>>>>> what you guys think?
>>>>>> 
>>>>>> Also
>>>>>> 
>>>>>> We need to think about integration into the  Metrics project. (or is
>>>> this
>>>>>> dead, not much activity on the site).
>>>>>> 
>>>>>> 
>>>>>> 
>>>>>> --
>>>>>> Eoin Keary OWASP - Ireland
>>>>>> http://www.owasp.org/local/ireland.html
>>>>>> 
>> http://www.owasp.org/index.php/OWASP_Testing_Project
>>>>>> 
>>>> 
>> http://www.owasp.org/index.php/OWASP_Code_Review_Project
>>>>> 
>>>>> 
>>>>> --
>>>>> 
>>>> 
>>>> 
>>>> 
>>>> --
>>>> 
>>>> Eoin Keary OWASP - Ireland
>>>> http://www.owasp.org/local/ireland.html
>>>> http://www.owasp.org/index.php/OWASP_Testing_Project
>>>> 
>> http://www.owasp.org/index.php/OWASP_Code_Review_Project
>>> 
>>> 
>>> --
>>> Dinis Cruz
>>> Chief OWASP Evangelist, Are you a member yet?
>>> http://www.owasp.org
>>> 
>> 
>> 
>> 
>> --
>> 
>> Eoin Keary OWASP - Ireland
>> http://www.owasp.org/local/ireland.html
>> http://www.owasp.org/index.php/OWASP_Testing_Project
>> http://www.owasp.org/index.php/OWASP_Code_Review_Project
> 





More information about the Owasp-board mailing list