[Owasp-board] ESAPI Project's assessment

dinis cruz dinis.cruz at owasp.org
Mon Feb 2 23:58:07 UTC 2009


Ok, I'll take the 2nd reviewer role

Dave, I'm assuming you take the role of of the Board Reviewer, right?

Dinis

2009/2/2 Dave Wichers <dave.wichers at owasp.org>

>  I'll be one. I've already reviewed almost all of it so I just need to
> document my results on the wiki.
>
>
>
> -Dave
>
>
>
> *From:* paulo coimbra [mailto:pcoimbra at owasp.org] *On Behalf Of *Paulo
> Coimbra
> *Sent:* Monday, February 02, 2009 1:44 PM
> *To:* 'Dave Wichers'; tomb at owasp.org; 'Sebastien Deleersnyder'; 'dinis
> cruz'
>
> *Cc:* 'OWASP Foundation Board List'
> *Subject:* RE: ESAPI Project's assessment
>
>
>
> Hi Dave, Tom, Sebastien and Dinis,
>
>
>
> As you already know the ESAPI assessment process has been triggered.
>
>
>
> Please check out the following two links:
>
>
> https://www.owasp.org/index.php/Project_Information:_OWASP_Enterprise_Security_API_Project
>
>
> https://www.owasp.org/index.php/OWASP_Enterprise_Security_API_Project_-_Assessment_Frame.
>
>
>
>
> Therefore, so as to evaluate the current ESAPI quality status, we are
> looking for three reviewers to assume the First, Second and Board Member
> reviewer roles. Can we count on *three* of you to do so? I thank you in
> advance.
>
>
>
> Regards,
>
>
>
> Paulo Coimbra,
>
> OWASP Project Manager <https://www.owasp.org/index.php/Main_Page>
>
>
>
> *From:* Jeff Williams [mailto:jeff.williams at owasp.org]
> *Sent:* sábado, 31 de Janeiro de 2009 13:55
> *To:* paulo.coimbra at owasp.org; 'Dave Wichers'
> *Cc:* 'OWASP Foundation Board List'
> *Subject:* RE: ESAPI Project's assessment
>
>
>
> Hi Paulo,
>
>
>
> We can do that no problem.  Thanks!
>
>
>
> --Jeff
>
>
>
> Jeff Williams, Chair
>
> The OWASP Foundation <http://www.owasp.org/>
>
> work: 410-707-1487
>
> main: 301-604-4882
>
>
>
> *From:* paulo coimbra [mailto:pcoimbra at owasp.org] *On Behalf Of *Paulo
> Coimbra
> *Sent:* Friday, January 30, 2009 12:10 PM
> *To:* 'Dave Wichers'; jeff.williams at owasp.org
> *Cc:* 'OWASP Foundation Board List'
> *Subject:* RE: EASPI Project's assessment
>
>
>
> Dave,
>
>
>
> I thank you response and will be waiting for Jeff's say.
>
>
>
> Regarding the review question, we will do as you decide. However, to me,
> since we have established the assessment criteria and it is in force, every
> project should be formally checked against it to make sure that all the
> criteria have been accomplished.
>
>
>
> I also see advantages in having the reviewers' assessment easily and
> publicly accessible - as we have here
> https://www.owasp.org/index.php/Category:OWASP_Live_CD_Project, for
> example.
>
>
>
> Furthermore, given the EASPI prestige, if we followed clearly the rules to
> upgrade its quality status, it would help us to set up an example worth
> respecting.
>
>
>
> Thanks,
>
>
>
> Paulo Coimbra,
>
> OWASP Project Manager <https://www.owasp.org/index.php/Main_Page>
>
>
>
> *From:* Dave Wichers [mailto:dave.wichers at owasp.org]
> *Sent:* sexta-feira, 30 de Janeiro de 2009 16:14
> *To:* paulo.coimbra at owasp.org; jeff.williams at owasp.org
> *Cc:* 'OWASP Foundation Board List'
> *Subject:* RE: EASPI Project's assessment
>
>
>
> Please ask the other board members to review if necessary. However, ESAPI
> has been one of the most heavily reviewed projects at OWASP, so this may not
> be absolutely necessary.
>
>
>
> Jeff will  have to answer your first question.
>
>
>
> -Dave
>
>
>
> *From:* paulo coimbra [mailto:pcoimbra at owasp.org] *On Behalf Of *Paulo
> Coimbra
> *Sent:* Friday, January 30, 2009 7:38 AM
> *To:* 'Dave Wichers'; jeff.williams at owasp.org
> *Cc:* 'OWASP Foundation Board List'
> *Subject:* RE: EASPI Project's assessment
>
>
>
> Hi Jeff, Dave,
>
>
>
> As my email, below, hasn't been answered yet, allow me please, I must
> repeat the two main questions that I still have, namely:
>
>
>
> -          Would you both agree with the upload of a frame like this one
> https://www.owasp.org/index.php/Category:OWASP_Wapiti_Project into the
> EASPI project's page so as to support the reviewers' evaluation?
>
> -          Can I invite two of the three remaining OWASP Board members to
> perform the ESAPI reviewers' role?
>
>
>
> Thanks, regards,
>
>
>
> Paulo Coimbra,
>
> OWASP Project Manager <https://www.owasp.org/index.php/Main_Page>
>
>
>
> *From:* Paulo Coimbra [mailto:paulo.coimbra at owasp.org]
> *Sent:* sexta-feira, 16 de Janeiro de 2009 15:46
> *To:* 'Dave Wichers'; 'jeff.williams at owasp.org'
> *Cc:* 'OWASP Foundation Board List'
> *Subject:* EASPI Project's assessment
>
>
>
> Dave,
>
>
>
> Last Wednesday we've Google chatted and you asked "When you get a moment,
> can you also review the ESAPI project to see what 'release' quality criteria
> it is missing (if any)?"-
>
>
>
> However, as can be inferred from the Curriculum that I sent out when I was
> offered the project manager job and as I told before, I don't have the
> needed technical qualification to evaluate the projects' quality. As my only
> adequate tool to deal with my current OWASP duties is my management
> background, my actions and understanding are limited to process procedures.
> For example, I can't even accurately answer the very first criterion -
> "Solves a core application security documentation/process need" - of our assessment
> process<https://www.owasp.org/index.php/Category:OWASP_Project_Assessment#Release_Quality_Documentation_Criteria>.
>
>
>
>
> Nevertheless, as you had asked for it, even thinking as previously said, I
> took a stab and did the assessment that can be seen here
> http://spreadsheets.google.com/ccc?key=pAX6n7m2zaTWJtelVmV_oMQ.
>
>
>
> Anyway, to me, in accordance with our assessment criteria and as we have
> been made since we first established it, so as to classify properly the
> EASPI project, we should select two reviewers and, after that, ask them to
> review the project and evaluate it accordingly with their own judgment.
>
>
>
> If you agree with my previous assertion, would you, and Jeff, agree as well
> with the upload of a frame like this one
> https://www.owasp.org/index.php/Category:OWASP_Wapiti_Project into the
> EASPI page so as to support the reviewers' evaluation?
>
>
>
> Thanks, regards,
>
>
>
> Paulo Coimbra,
>
> OWASP Project Manager <https://www.owasp.org/index.php/Main_Page>
>
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/owasp-board/attachments/20090202/fdb6366e/attachment-0002.html>


More information about the Owasp-board mailing list