[Owasp-board] [Global_tools_and_project_committee] (just GPC) Re: FW: great chatting with you + research proposal

dinis cruz dinis.cruz at owasp.org
Thu Mar 12 06:22:10 UTC 2009


Guys we need to have an official GPC comment on this one (to Jefferey, OWASP
board and OWASP Leaders) .
In addition to my comments bellow (and see the email I am going to send
again to Jeffery (CCing you)), this is the kind of situation that we need to
be on top (as GPC) or we risk the Board (like it is currently doing) making
decisions about this kind of stuff when the lead should come from us

Dinis

(CCing OWASP Board)

2009/3/7 Pravir Chandra <pravir.chandra at gmail.com>

> Oh yeah. I actually have know and worked with Jeff Payne for a few
> years. He's a good guy. He wants to actually put together the survey
> project around SAMM. I was actually thinking of writing a proposal to
> OWASP about it myself, but he beat me to it and asked if I would help
> :)
>
> Also, I need to get an OWASP SAMM project stood up really quickly
> (next couple days) since the next release is ready to drop next week.
>
> This is going to get a little dicey since I'm on this committee and I
> will need to recuse myself from some responsibilities just to make
> sure everything is objective. Let's discuss this on our monday call at
> 2pm PST.
>
> p.
>
> On Thu, Mar 5, 2009 at 11:23 PM, dinis cruz <dinis.cruz at owasp.org> wrote:
> > (just us (GPC) now)
> > Here is a very good example of the need for that classification of OWASP
> > projects. In this case, I am very sure that we have at least two (if not
> > more projects) that have tried to do this in the past and never completed
> > (here is a example of one of those
> > attempts
> https://www.owasp.org/index.php/Category:OWASP_Positive_Security_Project
>  and https://www.owasp.org/index.php/Positive_Security_Project )
> > Leonardo, so that you have more focus on your research into OWASP
> projects
> > (following the update email you sent yesterday), why don't you first do a
> > 'first-pass' of mapping all projects into top level metadata items. The
> idea
> > is that this metadata quickly allows you/us to handle cases like this,
> and
> > provide them with an answer in the lines of:
> >  " ... Hey Jeferry, thanks for you offer, before you go to far on your
> path,
> > could you please review the current OWASP projects X,Y,Z and talk to the
> > their current/past projects leaders A,B,C so that you can leverage their
> > work and see where are the possible synergies and material reuse..."
> > I don't have a problem (in principle) with us sponsoring this type of
> > research, BUT:
> >  a) we need to make sure all relevant past OWASP projects work is taken
> into
> > account (and if required we should merge them into the new initiative)
> >  b) the investment is proportional to OWASP's other grant requests
> >  c) the investment fits within the rules of engagement of our Seasons of
> > Code
> > Btw, I don't know personally the guys involved, but it is a great sign of
> > OWASP maturity that we are starting to attract this type of talent. In
> fact,
> > given the amount requested (15k) and our limited budget, this is actually
> a
> > PERFECT project to try to get corporate sponsors for.
> > So, Pravir, we really need asap your 'project sponsorship' rules of
> > engagement :)
> > Dinis
> > 2009/3/6 dinis cruz <dinis.cruz at owasp.org>
> >>
> >> Thanks Jeffery
> >> I'm also forwarding this to the OWASP Global Projects Committee which is
> >> the group organizing the next Season Of Code (the OWASP grant program).
> >> Guys let's talk about this on our call next monday
> >> Dinis
> >>
> >> 2009/3/6 Jeff Williams <jeff.williams at owasp.org>
> >>>
> >>> Hi Board,
> >>>
> >>>
> >>>
> >>> I’m forwarding a proposal from Jeff Payne (formerly of Cigital) who is
> >>> proposing to lead a survey to gather data about how real companies are
> >>> dealing with application security.  Could you all please review and be
> >>> prepared to discuss at the board meeting next week?
> >>>
> >>>
> >>>
> >>> Thanks,
> >>>
> >>>
> >>>
> >>> --Jeff
> >>>
> >>>
> >>>
> >>>
> >>>
> >>> From: Jeffery Payne [mailto:jeff.payne at coveros.com]
> >>> Sent: Thursday, March 05, 2009 1:51 PM
> >>> To: Jeff Williams
> >>> Subject: great chatting with you + research proposal
> >>>
> >>>
> >>>
> >>> Hi Jeff,
> >>>
> >>>
> >>>
> >>> It was great catching up with you last week!  It sounds like things are
> >>> great and I'd love to figure out how we can work together on training
> and
> >>> other activities going forward.  Will you be at the upcoming DHS
> Software
> >>> Assurance Forum?  I'm speaking on Wed and will be there then as well as
> >>> attending the DHS / OWASP event on Friday.
> >>>
> >>>
> >>>
> >>> Also, I've enclosed a grant proposal for the application security
> survey
> >>> that I mentioned to you.  I think this is a GREAT initiative that can
> not
> >>> only continue to position OWASP as the go to place for application
> security
> >>> resources but also raise the visibility of the entire app sec
> community.  I
> >>> could not tell from the web site who I was supposed to send this to so
> I
> >>> thought I'd send it to you directly.  A couple of questions: 1) how
> long
> >>> does it take to get a decision on grant proposals?  2) when can we
> start
> >>> ;-)  Seriously, the person I want to work with me on this comes off her
> >>> previous project March 30 and I'd love to get her engaged before she is
> >>> sucked into something else.  Not sure if your turnaround time on a
> decision
> >>> is that quick or not.
> >>>
> >>>
> >>>
> >>> Best regards,
> >>>
> >>>
> >>>
> >>> jeff
> >>>
> >>> --
> >>> Jeffery Payne
> >>> Chief Executive Officer
> >>> Coveros, Inc.
> >>>
> >>> jeff.payne at coveros.com
> >>> 703-431-2920
> >>>
> >>> _______________________________________________
> >>> Owasp-board mailing list
> >>> Owasp-board at lists.owasp.org
> >>> https://lists.owasp.org/mailman/listinfo/owasp-board
> >>>
> >>
> >
> >
> > _______________________________________________
> > Global_tools_and_project_committee mailing list
> > Global_tools_and_project_committee at lists.owasp.org
> >
> https://lists.owasp.org/mailman/listinfo/global_tools_and_project_committee
> >
> >
>
>
>
> --
> ~~~~~~~~~~~~~~~~~~~~~ ~~~~~~~~~~~~~ ~~~~~~~~ ~~~~~ ~~~ ~~ ~
> Pravir Chandra                      chandra<at>list<dot>org
> PGP:    CE60 0E10 9207 7290 06EB   5107 4032 63FC 338E 16E4
> ~ ~~ ~~~ ~~~~~ ~~~~~~~~ ~~~~~~~~~~~~~ ~~~~~~~~~~~~~~~~~~~~~
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/owasp-board/attachments/20090312/339dd965/attachment-0002.html>


More information about the Owasp-board mailing list