[Owasp-board] Follow up re: ORG2

Paulo Coimbra paulo.coimbra at owasp.org
Fri Jul 24 17:01:16 UTC 2009



It's my pleasure to inform you that the Project Information tab has been set


Please check it out


To fill in with the missing data, if you want, you can edit the following






Nevertheless, if you prefer, I can complete the tab - in this case, whenever
you have it ready, please send me off all the data "To Do" marked.


I wish you good work. Should you have any further inquires please do not
hesitate and get back to me.


Many thanks, best regards,


Paulo Coimbra,

 <https://www.owasp.org/index.php/Main_Page> OWASP Project Manager


From: Paulo Coimbra [mailto:paulo.coimbra at owasp.org] 
Sent: sexta-feira, 24 de Julho de 2009 15:31
To: 'Mark Roxberry'
Cc: 'global-projects-committee at lists.owasp.org'
Subject: RE: Follow up re: ORG2




I thank the information you have sent. I am currently setting up the project
identification tab. About this issue I will get back to you very soon. 


WRT your questions I have nothing to add to what Matt has said.


Regarding your two projects, recently launched, could you please send me off
data similar to the one you have sent about the ORG?






Many thanks,


Paulo Coimbra,

 <https://www.owasp.org/index.php/Main_Page> OWASP Project Manager


From: Mark Roxberry [mailto:mark.roxberry at owasp.org] 
Sent: quinta-feira, 23 de Julho de 2009 04:11
To: paulo.coimbra at owasp.org
Cc: global-projects-committee at lists.owasp.org; Dinis Cruz
Subject: Re: Follow up re: ORG2




A few things - 


We will have a Pamphlet and Flyer ready when v2 is ready to go.  We do not
plan right now to submit this work for SoC 2009 as I think our timeline will
not fit within the SoC 2009 timeline and want an enterprise high quality
tool.  I see at least 5-6 months of development to get to a quality
framework tool and then we will need to port the existing work, which could
take a few months.  We do see the additional work as potential for SoC 2010
or later projects if we are successful.


I am substantially changing the application for release 2, so the Project
Purpose right now is for what will be and not what it is.  I will be
incorporating everything from the original version, but want to go a bit
beyond it for version 2.


Roadmap: Link is active, but we're not finished yet - it will be ready in a
week or 2.


Release Information: I don't have all the information for the v.088 release,
specifically Reviewer, Mentor.  I have added Mike and Dinis to the Release
Leader section, in addition to my name.  I expect this will change when v2
is good to go, but this will fill out the details.


Sorry for the length of this e-mail.  Please let me know if you need
anything right now.



ORG Project Assessment Details


Project Name

OWASP Report Generator


Project Purpose

The ORG (OWASP Report Generator) is a multi-purpose reporting tool designed
to be extensible for various reporting needs.   By using what is known as a
provider model, report providers can be plugged in to ORG.  OWASP Report
Providers will include Penetration Testing and SDL.  The Penetration Testing
Report Provider supports the documentation and reporting of security
vulnerabilities discovered during security audits.  The SDL Report Provider
supports the documentation and reporting requirements of the Secure
Development Lifecycle.  Beyond OWASP Report Providers, the community can
leverage the ORG for their own reporting needs.


Project License



Project Leader

Mark Roxberry



Project Maintainer 

Mark Roxberry


Project Contributor(s)

Gary Burns



Conference style presentation that describes the tool in at least 3 slides

Project Flyer/Pamphlet (PDF file)


Project Roadmap

The ORG2 Roadmap can be found here:



Project main links

Code:  http://code.google.com/p/org2/

Blog: http://owasprepgen.blogspot.com/


Release Name

ORG v.088


Release main features

Multiple Pen Testing Project Reporting

Comprehensive Project information collection tool

Target and tasks information collection

Assessment findings recording

Report PDF Generation

Lookup data customization


Release downloadable file link 

dn&filename=ORG_v0.88.msi> &use_mirror=osdn&filename=ORG_v0.88.msi


Release Leader

Dinis Cruz/Mike de Libero (Mark Roxberry for support)


Release Contributor(s)

Mike de Libero


Release Reviewer


Release Mentor (if any)


Release Sponsor(s) (if any)


Release Flyer/Pamphlet


Release Roadmap



Release Main Links






On Wed, Jul 22, 2009 at 2:25 PM, Mark Roxberry <mark.roxberry at owasp.org>

Good deal.  I'm moving forward now. 


Dinis, get well soon.




On Wed, Jul 22, 2009 at 12:18 PM, Paulo Coimbra <paulo.coimbra at owasp.org>

Hello Mark,


Yes, as you know the Report Generator has mentioned in the last GPC meeting
but, to be frank, the only outcome was Dinis' agreement on answering you
back as soon as possible.


However, I know that Dinis has been and is tremendously busy and, on top of
that, he just got infected with flu.  That being said, if you allow me, I
propose you take full ownership of the project without more delays and
develop it as you find best. I won't forget this issue and will continue
tracking down Dinis - eventually, I am sure, he will send you off his


So, if you agree with my proposal, to push this project up to the ladder, I
recommend you glance again at OWASP's Assessment Criteria -
https://www.owasp.org/index.php/Category:OWASP_Project_Assessment. As you
know, this set of rules will be used both to push the project up the ladder
and to assess it. In addition, I also recommend you check out this link


To conclude and so as to set up the project's information tab, I ask you to
please send me off the following data:




1.	Project Name, 
2.	Project Purpose,
3.	Project License,
4.	Project Leader, 
5.	Project Maintainer, 
6.	Project Contributor(s),
7.	Conference style presentation that describes the tool in at least 3
8.	Project Flyer/Pamphlet (PDF file),
9.	Project Roadmap,
10.	Project main links, 




11.	Release Name,
12.	Release main features,
13.	Release downloadable file link 
14.	Release Leader,
15.	Release Contributor(s),
16.	Release Reviewer,
17.	Release Mentor (if any),
18.	Release Sponsor(s) (if any),
19.	Release Flyer/Pamphlet,
20.	Release Roadmap,
21.	Release Main Links,


Note: For Project Leader and Contributors please create a wiki account
<https://www.owasp.org/index.php/Special:Userlogin> s and please send me off
the links. See here <https://www.owasp.org/index.php/Tutorial>  and here
<http://www.owasp.org/index.php/User:Mtesauro>  how to do it and here
dentification>  an example of how it will be used.


As for now it's all - I wish you good work and thank you for continuously
supporting OWASP mission.


Should you have any queries or require any further information please do not
hesitate to contact me. 


Best regards,


Paulo Coimbra,

 <https://www.owasp.org/index.php/Main_Page> OWASP Project Manager


From: Mark Roxberry [mailto:mark.roxberry at owasp.org] 
Sent: quarta-feira, 22 de Julho de 2009 16:40
To: Coimbra, Paulo
Subject: Follow up re: ORG2


Hey Paulo,


Just checking with you on the Report Generator issue that was up for
discussion at your GPC call.  I'd like to know what the other ideas and if
there are any issues that I should know about.  Any problems or issues that
I can help with?





-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/owasp-board/attachments/20090724/d1f97b0b/attachment-0002.html>

More information about the Owasp-board mailing list