[Owasp-board] Proposal for a new OWASP Project - ModSecurity Core Rule Set

Jeff Williams jeff.williams at owasp.org
Thu Feb 5 16:25:43 UTC 2009

Hi Ryan,


Just wanted to say thanks and I think this is great idea.




Jeff Williams, Chair

 <http://www.owasp.org/> The OWASP Foundation

work: 410-707-1487

main: 301-604-4882


From: owasp-board-bounces at lists.owasp.org
[mailto:owasp-board-bounces at lists.owasp.org] On Behalf Of Paulo Coimbra
Sent: Thursday, February 05, 2009 11:14 AM
To: 'Ryan Barnett'
Cc: 'OWASP Foundation Board List';
global_tools_and_project_committee at lists.owasp.org
Subject: Re: [Owasp-board] Proposal for a new OWASP Project - ModSecurity
Core Rule Set


Dear Ryan,


I am very glad to hear about your proposal, which we undoubtedly welcome.
Thank you for continuously supporting OWASP Foundation. 


Regarding your question, I am carbon copying both the OWASP Board and the
OWASP Project's Committee to find out whether they have suggestions or
recommendations for you.


Meanwhile, for your reference, please read the OWASP
Assessment Criteria and take a look at an example of an OWASP
oject>  Project skeleton/main frame.


In addition, as I am sure none opposition to your proposed project will
arise, so as to set up the project page, I ask you to be kind enough to send
me off the following information.


1.      Project Name,

2.      Short Project Description,

3.      Main link(s) - if any,

4.      Detailed roadmap for future developments,

5.      License - see here <http://www.owasp.org/index.php/OWASP_Licenses> ,

6.      Sponsor(s) - if any,

7.      Project Leader*,

8.      Project Contributors* - if any,

9.      First Reviewer - *,

10.   Second Reviewer*,


Please have into account that, in result of what is established in the OWASP
Assessment Criteria, if possible, the project's lead should suggest two
Project Reviewers. One of them should be an OWASP Project or Chapter Leader.
However, if you find impossible to track them down, please let me know and I
will try and help.


* For Project Leader, Contributors and Reviewers please create a wiki
account <https://www.owasp.org/index.php/Special:Userlogin>  and send me off
the link. See here <https://www.owasp.org/index.php/Tutorial>  how to do it
and here
ation_Standard_Project>  and here
<https://www.owasp.org/index.php/User:Mike.boberski>  an example of how it
will be used.


Should you have any further questions, please do not hesitate and get back
to me.


Please give my best to Ivan Ristic.


Many thanks, best regards,


Paulo Coimbra,

OWASP Project Manager <https://www.owasp.org/index.php/Main_Page> 


From: Ryan Barnett [mailto:Ryan.Barnett at Breach.com] 
Sent: segunda-feira, 2 de Fevereiro de 2009 15:20
To: paulo.coimbra at owasp.org
Subject: Proposal for a new OWASP Project - ModSecurity Core Rule Set


Hello Paulo,

As you may know, Breach Security has been the driving force behind the open
source ModSecurity application and its Core Rule Set (CRS) -
http://www.modsecurity.org/projects/rules/index.html.  While the CRS is an
extremely valuable resource for the community, its growth has been hampered
by the fact that it is not truly a "community" project.  The ModSecurity
site is a static site and thus does not allow for community collaboration
(wiki, etc.).  People can only download the rules and then use the
ModSecurity Users Mail-list to discuss issues.  We would like to propose
that the CRS become an OWASP Project so that the community may provide
updates (such as new rules, documentation, false positive fixes).  


Please let me know the proper process for getting this up and running.



Ryan Barnett
Director of Application Security Research
Phone: (703) 794-2248
Cell:     (703) 269-8998  
Breach Security, Inc. 
2141 Palomar Airport Road, Suite 200
Carlsbad, CA 92011
 <http://www.breach.com/> www.breach.com


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/owasp-board/attachments/20090205/3bdf7be6/attachment-0002.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image001.jpg
Type: image/jpeg
Size: 2133 bytes
Desc: not available
URL: <http://lists.owasp.org/pipermail/owasp-board/attachments/20090205/3bdf7be6/attachment.jpg>

More information about the Owasp-board mailing list