[Owasp-board] ModSecurity Core Rule Set Project Status

Paulo Coimbra paulo.coimbra at owasp.org
Wed Nov 11 18:41:20 UTC 2009


Hello Ryan,

 

I thank you for getting back to me and congratulate you on the progresses
the ModSecurity has already made.

 

Regarding the release assessment, in accordance with the assessment 2.0
http://www.owasp.org/index.php/Assessing_Project_Releases, a Stable Release
requires 2 reviewers and it is recommended that an OWASP board member or
Global Projects Committee (GPC) member be the second reviewer. Also, it says
that ideally, reviewers should be an existing OWASP project leader or
chapter leader. 

 

That being said, if you agree, I will contact both the GPC and the Board to
find out if any of them can assume the review task.

 

As for the second reviewer, given that the assessment prerequisites use the
word 'ideally', and having into account the relevant OWASP past
contributions of both Ivan Ristic and Ofer Shezaf, I believe you could pick
one of them without GPC (being carbon copied) opposition. Please let me know
your thoughts on this.

 

As for the operational process, I have already set up and filled in the new
project details page
http://www.owasp.org/index.php/GPC_Project_Details/OWASP_ModSecurity_Core_Ru
le_Set_Project and linked it with your project page. Please let me know if
you agree and, of course, feel free to change it as you find best.

 

To conclude, I have to inform you that currently the GPC is working to
improve the template that supports the assessment process itself (once done
it will be set up under the link 'Release details: Main
<http://www.owasp.org/index.php/Category:OWASP_Best_Practices:_Web_Applicati
on_Firewalls_-_Release_1.0.4>  links, release roadmap and assessment'). I
believe this process will be completed very soon and thereafter we can
re-trigger the evaluation process. I apologise for any inconvenience this
may cause.

 

Many thanks, best regards,

 

Paulo Coimbra,

 <https://www.owasp.org/index.php/Main_Page> OWASP Project Manager

 

From: Ryan Barnett [mailto:Ryan.Barnett at breach.com] 
Sent: quarta-feira, 11 de Novembro de 2009 16:11
To: paulo.coimbra at owasp.org
Subject: ModSecurity Core Rule Set Project Status

 

Hey Paulo,

I just wanted to touch base with you to get some guidance on next steps for
promoting the CRS project from Alpha onto Beta or Release Quality.  

 

http://www.owasp.org/index.php/Category:OWASP_ModSecurity_Core_Rule_Set_Proj
ect

 

Our project already has stable releases and I have just uploaded the project
overview PPT (same one I will be presenting tomorrow at AppSec DC) but I
know that I need to get some Project Reviewers.  I originally had both Ivan
Ristic and Ofer Shezaf slated for these purposes but they have both stepped
down as OWASP Local Chapter Leaders...

 

Should I put a call out tho the OWASP leaders list asking for help?

 

Thanks,

Ryan

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/owasp-board/attachments/20091111/b0fedf87/attachment-0002.html>


More information about the Owasp-board mailing list