[Owasp-board] FW: REQUEST FOR DECISION/CALL FOR CONTRIBUTIONS TO UPDATE THE ASSESSMENT CRITERIA
dave.wichers at owasp.org
Wed Mar 4 22:34:18 UTC 2009
I'm OK with this, although I'm not a big fan of many of the suggestions
below. But that's OK. Lets get the ideas out there and we can then make some
From: owasp-board-bounces at lists.owasp.org
[mailto:owasp-board-bounces at lists.owasp.org] On Behalf Of Paulo Coimbra
Sent: Wednesday, March 04, 2009 11:25 AM
To: 'OWASP Foundation Board List';
global_tools_and_project_committee at lists.owasp.org
Subject: [Owasp-board] FW: REQUEST FOR DECISION/CALL FOR CONTRIBUTIONS TO
UPDATE THE ASSESSMENT CRITERIA
Board, Project's Committee,
In consequence of the comments received in the last Committee meeting, I've
introduced the changes yellow underlined. Please let me know if this email
can be sent off.
Many thanks, regards,
I hope you are well.
You better than anyone else know that OWASP as an organization has been
built by your continuous open contributions both by defining its mission,
organizational structure, rules and procedures and by leading the
application security projects that are its core of activity.
In my today's call for contributions, procedures regarding projects
development's stage assessment are the main issue.
As you may know, a system to evaluate OWASP projects is already in use and
actually consists in both a set of criteria
http://www.owasp.org/index.php/Category:OWASP_Project_Assessment and a
skeleton/frame to implement it
With other few subsequent modifications, this set of criteria has mainly
resulted of a vigorous discussion held through this mailing list almost a
year ago and since then it has been used in all newly set up projects.
Since then this issue has been discussed consecutively in several different
contexts. In our Summit, for example, even if we haven't committed a
specific slot of time to deal with this matter, it has collaterally arisen
throughout many project's presentations. In addition, I regularly receive
from OWASP Board requests to make modifications, a systemic reflection is
being held within the Project's Committee and, as result of my daily
handling of projects under review, I am obtaining some feedback from project
leaders and reviewers.
Overall, the people with whom I've discussed this issue usually say that the
procedure can be improved and IMHO, even if I think the Assessment Criteria
is working and actually has been of great help, they are right.
>From these discussions, I've retained that a handful of criteria have been
proposed but haven't been implemented yet as forthcoming:
- OWASP writing style (Tool projects/Release Quality),
- Translation (Tools and Documentation/Release Quality),
- Bi-monthly periodic news (Tools and Documentation/non specified
- 5 slide deck for OWASP Boot Camp project (Tools and
- Attribution rules (Tools and Documentation/non specified Quality
- Compulsory Project Skeleton/Frame (Tools and Documentation/all
- Reviewer role - addition and clarification,
- Mentor role addition and definition.
In addition, as far as I am concerned, a few more structural comments have
also been made. Even without pointing out alternative technical solutions,
at least a couple of them have questioned the rationale of working with
tables in wiki text and others have pointed out the willingness of having a
project's page similar to, for example, this one http://www.hdiv.org/.
Having said all the above with the intention of giving you a picture of the
current situation, I ask for your contribution so as to update the OWASP
In operational terms, I've replicated the Assessment Criteria page
and propose you introduce your changes directly on it. As soon as we finish
the discussion phase, all the contributions will be moved to the original
wiki page. With the goal of enhancing the discussion, I also propose you use
this mailing list to inform which changes are being proposed and the reason
or goal for doing so. We are also building a Google questionnaire to collect
your opinions and contributions and, as soon as it is finished, it will be
Please do have into account that you proposals can have implications in the
assessment frame that we are currently using and, if it happens, please
present a compatible solution.
To conclude, I would like to inform you that the Project's Committee propose
that, as soon as we finish this discussion, we establish as a rule to apply
to all OWASP Projects that the quality categorization must respect the
revised assessment criteria which eventually will mean that all projects not
assessed under these rules will be placed under Alpha Quality status.
I thank you all in anticipation and look forward to having your
OWASP Project Manager <https://www.owasp.org/index.php/Main_Page>
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Owasp-board