[Owasp-board] REQUEST FOR COMMENTS/RE: ASDR SoC Final Review

Paulo Coimbra paulo.coimbra at owasp.org
Thu Feb 19 15:46:41 UTC 2009

Hello Leonardo,


I thank your clear feedback regarding the ASDR status and I am glad to hear
that important progress have been made. I am also pleased to know that you
are thinking in pushing the project up the ladder in the next season of code
- as you know the guide's integration is an issue currently at stake and
maybe some efforts towards this direction can to this point be made.


As for the circumstances in which you have worked, I understand the
difficulty you have faced to find volunteers. The path we have followed,
under which we have allocated four reviewers to this project instead of the
usual two, definitely didn't work. We did so to get additional help because
we had anticipated the task's grandiosity but it seems now clear that we
have mixed reviewer's and contributor's roles.  I would say we need to learn
this lesson.


Regarding the SoC's payment, even if none review has been done except yours,
IMHO it could be evaluated given that 80% of the approved roadmap has been
accomplished and two extra-planned tasks have been performed, i.e. the
identification of the most important subclasses for each category and the
articles' cleaning. 


Therefore, I am carbon copying both the Board and the Project's Committee to
have their say on the issue. I am sure very soon we will receive the
appropriate response.


Many thanks, best regards,


Paulo Coimbra,

 <https://www.owasp.org/index.php/Main_Page> OWASP Project Manager


From: Leonardo Cavallari Militelli [mailto:leonardocavallari at gmail.com] 
Sent: segunda-feira, 16 de Fevereiro de 2009 19:22
To: paulo.coimbra at owasp.org; dinis cruz; Jeff Williams; Dave Wichers; Tom
Brennan; seba at owasp.org
Subject: ASDR SoC Final Review


Hello Paulo and Board,

I'm writing to inform that SoC final review of ASDR was just made. Here's
the part
_Final_Review_-_Self_Evaluation_-_B>  B of my evaluation.
As you might know, many things didn't worked out as I expected thus making
really difficult to reach all the goals I had proposed.
The major problem was on get volunteers to develop articles.

However, two other important activities that were raised during SoC have
been done. The first was to identify the most important subclasses for each
category. This will help on articles classification and head to a taxonomy
model. CWE, Fortify, McGraws models were investigated and I believe we could
identify the most suitable for OWASP contents.
The second activity was clean up the articles. Kirsten and I had identified
around 300 not proper articles to be deleted, which were much more on
Quality assurance than application security or were duplicated. Lots of
those were donated by Fortify and many others were created exaclty as they
appear on Mitre's CWE/CAPEC, just to let you know.

Also, as you can see on project
assessment frame, no review from reviewers was done, once not much contents
were developed to be reviewed. They help me mainly on discussing
categories/subclasses and sharing their visions about project mid-long

I believe that from now on it's possible to succed and proper coordinate
volunteers on ASDR articles development, as project structure is much more
cleaner and easier to people understand what it's all about. I presume that
we can have a Release quality version for the current articles on next
season of code/quality.

Let me know your thoughts about all the work that was done, feedbacks and
improvements for the project

Leo Cavallari

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/owasp-board/attachments/20090219/05e41a3b/attachment-0002.html>

More information about the Owasp-board mailing list