[Owasp-board] Follow up re: ORG2

Paulo Coimbra paulo.coimbra at owasp.org
Fri Jul 24 17:01:16 UTC 2009


Mark,

 

It's my pleasure to inform you that the Project Information tab has been set
up. 

 

Please check it out
http://www.owasp.org/index.php/ORG_(OWASP_Report_Generator)#tab=Project_Iden
tification.  

 

To fill in with the missing data, if you want, you can edit the following
links:

 

-
http://www.owasp.org/index.php/Template:OWASP_Report_Generator_Project_-_GPC
_Tab_-_Project_Information

-
http://www.owasp.org/index.php/Template:OWASP_Report_Generator_Project_-_GPC
_Tab_-_Releases_Information

-
http://www.owasp.org/index.php/Category:OWASP_Report_Generator_Project_-_ORG
_v.088_Release

 

Nevertheless, if you prefer, I can complete the tab - in this case, whenever
you have it ready, please send me off all the data "To Do" marked.

 

I wish you good work. Should you have any further inquires please do not
hesitate and get back to me.

 

Many thanks, best regards,

 

Paulo Coimbra,

 <https://www.owasp.org/index.php/Main_Page> OWASP Project Manager

 

From: Paulo Coimbra [mailto:paulo.coimbra at owasp.org] 
Sent: sexta-feira, 24 de Julho de 2009 15:31
To: 'Mark Roxberry'
Cc: 'global-projects-committee at lists.owasp.org'
Subject: RE: Follow up re: ORG2

 

Matt,

 

I thank the information you have sent. I am currently setting up the project
identification tab. About this issue I will get back to you very soon. 

 

WRT your questions I have nothing to add to what Matt has said.

 

Regarding your two projects, recently launched, could you please send me off
data similar to the one you have sent about the ORG?

 

http://www.owasp.org/index.php/Category:OWASP_Cryttr_-_Encrypted_Twitter_Pro
ject

http://www.owasp.org/index.php/Category:OWASP_Encrypted_Syndication_Project

 

 

Many thanks,

 

Paulo Coimbra,

 <https://www.owasp.org/index.php/Main_Page> OWASP Project Manager

 

From: Mark Roxberry [mailto:mark.roxberry at owasp.org] 
Sent: quinta-feira, 23 de Julho de 2009 04:11
To: paulo.coimbra at owasp.org
Cc: global-projects-committee at lists.owasp.org; Dinis Cruz
Subject: Re: Follow up re: ORG2

 

Paulo,

 

A few things - 

 

We will have a Pamphlet and Flyer ready when v2 is ready to go.  We do not
plan right now to submit this work for SoC 2009 as I think our timeline will
not fit within the SoC 2009 timeline and want an enterprise high quality
tool.  I see at least 5-6 months of development to get to a quality
framework tool and then we will need to port the existing work, which could
take a few months.  We do see the additional work as potential for SoC 2010
or later projects if we are successful.

 

I am substantially changing the application for release 2, so the Project
Purpose right now is for what will be and not what it is.  I will be
incorporating everything from the original version, but want to go a bit
beyond it for version 2.

 

Roadmap: Link is active, but we're not finished yet - it will be ready in a
week or 2.

 

Release Information: I don't have all the information for the v.088 release,
specifically Reviewer, Mentor.  I have added Mike and Dinis to the Release
Leader section, in addition to my name.  I expect this will change when v2
is good to go, but this will fill out the details.

 

Sorry for the length of this e-mail.  Please let me know if you need
anything right now.

 

 

ORG Project Assessment Details

  

Project Name

OWASP Report Generator

 

Project Purpose

The ORG (OWASP Report Generator) is a multi-purpose reporting tool designed
to be extensible for various reporting needs.   By using what is known as a
provider model, report providers can be plugged in to ORG.  OWASP Report
Providers will include Penetration Testing and SDL.  The Penetration Testing
Report Provider supports the documentation and reporting of security
vulnerabilities discovered during security audits.  The SDL Report Provider
supports the documentation and reporting requirements of the Secure
Development Lifecycle.  Beyond OWASP Report Providers, the community can
leverage the ORG for their own reporting needs.

 

Project License

LGPL

 

Project Leader

Mark Roxberry

http://www.owasp.org/index.php/User:Mroxberr

 

Project Maintainer 

Mark Roxberry

 

Project Contributor(s)

Gary Burns

http://www.owasp.org/index.php/User:Gary.m.burns

 

Conference style presentation that describes the tool in at least 3 slides

Project Flyer/Pamphlet (PDF file)

 

Project Roadmap

The ORG2 Roadmap can be found here:

http://code.google.com/p/org2/wiki/RoadMap

 

Project main links

Code:  http://code.google.com/p/org2/

Blog: http://owasprepgen.blogspot.com/

 

Release Name

ORG v.088

 

Release main features

Multiple Pen Testing Project Reporting

Comprehensive Project information collection tool

Target and tasks information collection

Assessment findings recording

Report PDF Generation

Lookup data customization

 

Release downloadable file link 

http://sourceforge.net/project/downloading.php?group_id=64424
<http://sourceforge.net/project/downloading.php?group_id=64424&use_mirror=os
dn&filename=ORG_v0.88.msi> &use_mirror=osdn&filename=ORG_v0.88.msi

 

Release Leader

Dinis Cruz/Mike de Libero (Mark Roxberry for support)

 

Release Contributor(s)

Mike de Libero

 

Release Reviewer

 

Release Mentor (if any)

 

Release Sponsor(s) (if any)

 

Release Flyer/Pamphlet

 

Release Roadmap

http://www.owasp.org/index.php/OWASP_Autumn_of_Code_2006_-_Projects:_SiteGen
erator_and_ORG

 

Release Main Links

http://www.owasp.org/index.php/OWASP_Autumn_of_Code_2006_-_Projects:_SiteGen
erator_and_ORG

 

 

 

 

On Wed, Jul 22, 2009 at 2:25 PM, Mark Roxberry <mark.roxberry at owasp.org>
wrote:

Good deal.  I'm moving forward now. 

 

Dinis, get well soon.

 

Mark 

 

On Wed, Jul 22, 2009 at 12:18 PM, Paulo Coimbra <paulo.coimbra at owasp.org>
wrote:

Hello Mark,

 

Yes, as you know the Report Generator has mentioned in the last GPC meeting
but, to be frank, the only outcome was Dinis' agreement on answering you
back as soon as possible.

 

However, I know that Dinis has been and is tremendously busy and, on top of
that, he just got infected with flu.  That being said, if you allow me, I
propose you take full ownership of the project without more delays and
develop it as you find best. I won't forget this issue and will continue
tracking down Dinis - eventually, I am sure, he will send you off his
insight.

 

So, if you agree with my proposal, to push this project up to the ladder, I
recommend you glance again at OWASP's Assessment Criteria -
https://www.owasp.org/index.php/Category:OWASP_Project_Assessment. As you
know, this set of rules will be used both to push the project up the ladder
and to assess it. In addition, I also recommend you check out this link
http://www.owasp.org/index.php/Guidelines_for_OWASP_Projects.

 

To conclude and so as to set up the project's information tab, I ask you to
please send me off the following data:

 

A - PROJECT

 

1.	Project Name, 
2.	Project Purpose,
3.	Project License,
4.	Project Leader, 
5.	Project Maintainer, 
6.	Project Contributor(s),
7.	Conference style presentation that describes the tool in at least 3
slides,
8.	Project Flyer/Pamphlet (PDF file),
9.	Project Roadmap,
10.	Project main links, 

 

B - FIRST RELEASE

 

11.	Release Name,
12.	Release main features,
13.	Release downloadable file link 
14.	Release Leader,
15.	Release Contributor(s),
16.	Release Reviewer,
17.	Release Mentor (if any),
18.	Release Sponsor(s) (if any),
19.	Release Flyer/Pamphlet,
20.	Release Roadmap,
21.	Release Main Links,

 

Note: For Project Leader and Contributors please create a wiki account
<https://www.owasp.org/index.php/Special:Userlogin> s and please send me off
the links. See here <https://www.owasp.org/index.php/Tutorial>  and here
<http://www.owasp.org/index.php/User:Mtesauro>  how to do it and here
<http://www.owasp.org/index.php/Category:OWASP_Live_CD_Project#tab=Project_I
dentification>  an example of how it will be used.

 

As for now it's all - I wish you good work and thank you for continuously
supporting OWASP mission.

 

Should you have any queries or require any further information please do not
hesitate to contact me. 

 

Best regards,

 

Paulo Coimbra,

 <https://www.owasp.org/index.php/Main_Page> OWASP Project Manager

 

From: Mark Roxberry [mailto:mark.roxberry at owasp.org] 
Sent: quarta-feira, 22 de Julho de 2009 16:40
To: Coimbra, Paulo
Subject: Follow up re: ORG2

 

Hey Paulo,

 

Just checking with you on the Report Generator issue that was up for
discussion at your GPC call.  I'd like to know what the other ideas and if
there are any issues that I should know about.  Any problems or issues that
I can help with?

 

Mark

 

 

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/owasp-board/attachments/20090724/d1f97b0b/attachment-0002.html>


More information about the Owasp-board mailing list