[Owasp-board] FW: great chatting with you + research proposal

Jeff Williams jeff.williams at owasp.org
Wed Mar 18 03:19:33 UTC 2009


Thanks Jeffery,

 

Apologize for the confusion. Dinis is right, the standard process is the way
to go on this.  Also, have you reviewed the Security Spending Benchmarks
project to be completed this Thursday?  How does this effort compare to the
survey you're proposing?

 

http://www.owasp.org/index.php/Category:OWASP_Security_Spending_Benchmarks 

 

Thanks!

 

--Jeff

 

From: owasp-board-bounces at lists.owasp.org
[mailto:owasp-board-bounces at lists.owasp.org] On Behalf Of dinis cruz
Sent: Tuesday, March 17, 2009 2:01 PM
To: Jeffery Payne
Cc: OWASP Foundation Board List;
global_tools_and_project_committee at lists.owasp.org
Subject: Re: [Owasp-board] FW: great chatting with you + research proposal

 

Hi Jeffery, 

Thanks for your answer. I'm sorry to be a pain, but until you deal with the
items I outlined on my initial email, we can't really move forward. For your
convenience here they are again:

"...in order to quick start this process could you please: 

*	Post your proposal online on the OWASP website (ideally on a WIKI
page). As you can see here
(https://www.owasp.org/index.php/OWASP_Summer_of_Code_2008_Applications )
all OWASP grant sponsorships are first publicly posted for review and
comment by our community and Season of Code Project (SoC) selection group
*	Please review the rules of engagement of the last SoC (here
https://www.owasp.org/index.php/OWASP_Summer_of_Code_2008#Operational_Rules
) and how they were managed and documented (see links from here
https://www.owasp.org/index.php/OWASP_Summer_of_Code_2008_Projects_Authors_S
tatus_Target_and_Reviewers )
*	We also have an Project Assessment Criteria which your project will
need to comply with (see
https://www.owasp.org/index.php/Category:OWASP_Project_Assessment#Assessment
_Scale_for_OWASP_DOCUMENTATION_Projects ) . And given the quality of your
proposal your deliverables should be at RELEASE QUALITY 
*	Do you have any ideas about who could be interested in sponsoring
this project and what should be the rules of engagement? In fact it would be
great if you could include in your proposal a 'business case' for sponsoring
this project (at OWASP we have a very wide access to most of the AppSec
community and its corporate users, so if we can make a strong case, it
should be possible to get the 15k (or more) you need).

..."

The reason we have to go down this path, is because we already have an well
established sponsorship program at OWASP (see
http://www.owasp.org/index.php/Category:OWASP_Season_of_Code) and we have to
make sure that our community is OK with this allocation of their funds
(specially on relative large sponsorships items like yours). 

I also want to make sure you (and the other participants):

    a) are happy with our current project management structure and 
    b) fully understand our delivery expectations.

Thanks

Dinis



2009/3/17 Jeffery Payne <jeff.payne at coveros.com>

Hi Dinas,

 

Great to hear from you.  I ran into Jeff Williams last week and he said you
guys were still trying to figure out what to do with my proposal but that he
didn't think it made sense to put it under the Summer of Code program and
that I should sit tight until you guys discussed this further.  I haven't
heard anything since then so I assumed you all were still discussing this.

 

Regardless, I apologize for not getting back to you sooner as I meant to
send you a note but wrongly assumed you were aware of this conversation with
Jeff.  Please chat with Jeff and let me know collectively how you want me to
proceed.

 

Best regards,

 

jeff

On Tue, Mar 17, 2009 at 11:38 AM, dinis cruz <dinis.cruz at owasp.org> wrote:

Hi Jeffery

Given your lack of reply to my questions below, shall we assume that you NO
logger want to apply this grant from OWASP to perform this project? 

We are having a call tonight for the Global Projects Committee, and (unless
I receive an update from you) will report to them (and later this month to
the OWASP board) that I received no comments from you and recommend that we
remove this item from tonight's agenda.

Dinis Cruz
Owasp Board Member
Owasp Global Projects Committee

2009/3/12 dinis cruz <dinis.cruz at owasp.org> 

 

Hi Jeffery 

 

Did you reply to my questions below?

 

We need to come back ASAP to you with our comments, but until you answer
these we can't really move forward.

 

Thanks

 

Dinis Cruz

2009/3/6 dinis cruz <dinis.cruz at owasp.org>

Jeffery, in order to quick start this process could you please: 

*	Post your proposal online on the OWASP website (ideally on a WIKI
page). As you can see here
(https://www.owasp.org/index.php/OWASP_Summer_of_Code_2008_Applications )
all OWASP grant sponsorships are first publicly posted for review and
comment by our community and Season of Code Project (SoC) selection group
*	Please review the rules of engagement of the last SoC (here
https://www.owasp.org/index.php/OWASP_Summer_of_Code_2008#Operational_Rules
) and how they were managed and documented (see links from here
https://www.owasp.org/index.php/OWASP_Summer_of_Code_2008_Projects_Authors_S
tatus_Target_and_Reviewers )
*	We also have an Project Assessment Criteria which your project will
need to comply with (see
https://www.owasp.org/index.php/Category:OWASP_Project_Assessment#Assessment
_Scale_for_OWASP_DOCUMENTATION_Projects ) . And given the quality of your
proposal your deliverables should be at RELEASE QUALITY 
*	Do you have any ideas about who could be interested in sponsoring
this project and what should be the rules of engagement? In fact it would be
great if you could include in your proposal a 'business case' for sponsoring
this project (at OWASP we have a very wide access to most of the AppSec
community and its corporate users, so if we can make a strong case, it
should be possible to get the 15k (or more) you need).

I'm also forwarding this email to  the Membership and Industry Committees
since they should also be involved in this project.

 

Dinis

 

2009/3/6 Jeff Williams <jeff.williams at owasp.org>

Hi Board,

 

I'm forwarding a proposal from Jeff Payne (formerly of Cigital) who is
proposing to lead a survey to gather data about how real companies are
dealing with application security.  Could you all please review and be
prepared to discuss at the board meeting next week?

 

Thanks,

 

--Jeff

 

 

From: Jeffery Payne [mailto:jeff.payne at coveros.com] 
Sent: Thursday, March 05, 2009 1:51 PM
To: Jeff Williams
Subject: great chatting with you + research proposal

 

Hi Jeff,

 

It was great catching up with you last week!  It sounds like things are
great and I'd love to figure out how we can work together on training and
other activities going forward.  Will you be at the upcoming DHS Software
Assurance Forum?  I'm speaking on Wed and will be there then as well as
attending the DHS / OWASP event on Friday.

 

Also, I've enclosed a grant proposal for the application security survey
that I mentioned to you.  I think this is a GREAT initiative that can not
only continue to position OWASP as the go to place for application security
resources but also raise the visibility of the entire app sec community.  I
could not tell from the web site who I was supposed to send this to so I
thought I'd send it to you directly.  A couple of questions: 1) how long
does it take to get a decision on grant proposals?  2) when can we start ;-)
Seriously, the person I want to work with me on this comes off her previous
project March 30 and I'd love to get her engaged before she is sucked into
something else.  Not sure if your turnaround time on a decision is that
quick or not.

 

Best regards,

 

jeff

-- 
Jeffery Payne
Chief Executive Officer
Coveros, Inc.

jeff.payne at coveros.com
703-431-2920

 

_______________________________________________
Owasp-board mailing list
Owasp-board at lists.owasp.org
https://lists.owasp.org/mailman/listinfo/owasp-board

 

 

 




-- 
Jeffery Payne
Chief Executive Officer
Coveros, Inc.

jeff.payne at coveros.com
703-431-2920

 

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/owasp-board/attachments/20090317/3ebd1fba/attachment-0002.html>


More information about the Owasp-board mailing list