[Owasp-board] OWASP BOARD - REQUEST FOR COMMENTS/RE: Call for OWASPSummer of Code's 2008 reviewers

dinis cruz dinis.cruz at owasp.org
Sun Jun 1 14:32:06 UTC 2008


I agree with Sebastien, the first focus is to create a framework with the
'People Process & Technology' required to make it happen (this applies to
ASVS project
https://www.owasp.org/index.php/OWASP_Summer_of_Code_2008_Applications#OWASP_Application_Security_Verification_Standardas
to others like
https://www.owasp.org/index.php/OWASP_Summer_of_Code_2008_Applications#Online_code_signing_and_integrity_verification_service_for_open_source_community_.28OpenSign_Server.29
)

The issue of certification is one that will have to be addressed in the
future. When that happens, this 'certification world' will have to be
created in harmony with the other OWASP projects that also point to a
certification route.

Actually, on of my favorite side-consequences of these projects is that they
will 'force' the creation of a solution for the 'OWASP certification'
problem.

But, one problem at the time.

First we need to have these standards or services working using OWASP's
projects as the test targets.

Remember that there is very healthy demand on the industry for these type of
certification, so I am not really worry about the next phases, since when we
hit on a 'working model' the momentum will appear.

Dinis



On Sun, Jun 1, 2008 at 10:57 AM, Sebastien Deleersnyder
<seba at deleersnyder.eu> wrote:

>  Pierre, Mike (e-mail?),
>
>
>
> >Still a project specific question: Mike proposes in the ASVS project to
>
> >have an 'Owasp certificate', that would be issued by the Owasp (without
>
> >guarantee) against a fee. Is this compatible with the Owasp status ? and
>
> >with Owasp available man power ?
>
>
>
> I think it is too early for this project to consider 'owasp
> certifications'.
>
>
>
> I understand you first goal is to set out a standard framework? It is a big
> leap to go to certification from there.
>
>
>
> For me it does not make sense to have the same organisation layout
> standards and 'certifying' subjects (people/organisations?) against this
> standard (based on what criteria?)
>
>
>
> Regards
>
>
>
> Seba
>
>
>
>
>
>
>  ------------------------------
>
> *From:* owasp-board-bounces at lists.owasp.org [mailto:
> owasp-board-bounces at lists.owasp.org] *On Behalf Of *Paulo Coimbra
> *Sent:* vrijdag 30 mei 2008 17:05
> *To:* 'Pierre Parrend'
> *Cc:* 'OWASP Foundation Board List'
> *Subject:* [Owasp-board] OWASP BOARD - REQUEST FOR COMMENTS/RE: Call for
> OWASPSummer of Code's 2008 reviewers
>
>
>
> Pierre,
>
>
>
> I hope you are well.
>
>
>
> I am glad to hear that you are already working with Mike Boberski. WRT the
> Board confirmation, I will get back to you soon with more information and
> details
>
>
>
> Regarding the Phil Potisk & Richard Conway's project, as you know, I have
> asked them to confirm you as Second Reviewer but I am still waiting for
> answer. I'll keep you updated.
>
>
>
> Concerning the reviewer role, I confirm your point of view.
>
>
>
> Additionally, on the one hand and on the top of what was said in the first
> email about this issue (Subject: Call for OWASP Summer of Code's 2008
> reviewers), I would say that is preferable to keep a clear distinction
> between author(s)/contributors and reviewers. I believe that clear and
> distinctive roles create the scientific/technical conditions to have final
> improved deliveries. However, to me, to be a reviewer means, at least, to
> point out scientific/technical and methodological mistakes, to propose paths
> to follow, to propose tools and documentation/bibliography to be studied and
> consulted.
>
>
>
> On the other hand, we don't want to over define everything - keeping in
> mind that our proposed main goal is to deliver the best results possible
> within the given timetable, we encourage teamwork. Still, we will always
> be here if you find advantage in consulting us for anything you think we can
> help with.
>
>
>
> *With respect to the 'project specific question', I am redirecting you to
> OWASP Board. I am sure that your question will be answered as soon as
> possible. *
>
>
>
> Keep up with the good work. Thank you.
>
>
>
> Paulo Coimbra
>
> OWASP Project Manager
>
>
>
>
>
>
>
> -----Original Message-----
> From: Pierre Parrend [mailto:pierre.parrend at insa-lyon.fr]
> Sent: 26 May 2008 20:46
> To: Paulo Coimbra
> Subject: Re: Call for OWASP Summer of Code's 2008 reviewers
>
>
>
> Dear Paulo,
>
>
>
>  I have begun working with Mike Boberski for the review of the ASVS
>
> project. I have read I thus need official agreement from the owasp, how
>
> is it processed ?
>
>
>
> I also have a couple of questions:
>
>
>
> - I also would be interested in reviewing the online code signing
>
> project. Is there still some need for reviewer ? can you please confirm
>
> me the mail of the project leaders ? I think it to be
>
> techierebel at yahoo.co.uk, but would like to be sure before spamming,
>
>
>
> - is the expected role of reviewer detailed somewhere ? The obvious part
>
> is the 50%/100% assessment. I assume that regular feedback on the
>
> project, and maybe additional input can be of great help to improve the
>
> quality of the documentation. Can you just confirm me that this is in
>
> the frame of the Owasp reviews ?
>
>
>
> Still a project specific question: Mike proposes in the ASVS project to
>
> have an 'Owasp certificate', that would be issued by the Owasp (without
>
> guarantee) against a fee. Is this compatible with the Owasp status ? and
>
> with Owasp available man power ?
>
>
>
> thanks for this information,
>
>
>
> cheers,
>
>
>
> Pierre
>
> No virus found in this incoming message.
> Checked by AVG.
> Version: 8.0.100 / Virus Database: 269.24.4/1474 - Release Date: 30/05/2008
> 7:44
>
>
> _______________________________________________
> Owasp-board mailing list
> Owasp-board at lists.owasp.org
> https://lists.owasp.org/mailman/listinfo/owasp-board
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/owasp-board/attachments/20080601/54faa750/attachment-0002.html>


More information about the Owasp-board mailing list