[Owasp-board] Assessment of: Secure Coding Quick Reference

Paulo Coimbra paulo.coimbra at owasp.org
Sun Sep 5 19:16:04 UTC 2010


GPC and Board,

 

Please let us know whether or not you confirm Ludovic Petit and Brad Causey
as OWASP Secure Coding Practices - Quick Reference Guide’s reviewers. 

 

http://www.owasp.org/index.php/OWASP_Secure_Coding_Practices_-_Quick_Referen
ce_Guide#tab=Project_About 

 

http://www.owasp.org/index.php/User:Ludovic_Petit 

 

http://www.owasp.org/index.php/User:Bradcausey 

 

Thanks,

 

Paulo Coimbra,

 <https://www.owasp.org/index.php/Main_Page> OWASP Project Manager

 

From: Turpin, Keith N [mailto:keith.n.turpin at boeing.com] 
Sent: sexta-feira, 3 de Setembro de 2010 20:49
To: Paulo Coimbra
Subject: RE: Assessment of: Secure Coding Quick Reference

 

Okay lets go with Ludovic then since his is done.

 

I have reviewed his feedback and am planning to accept most of his
recommendations and get an updated version put together.

 

How does the update process work, especially at this stage. I assume I
should wait to do an update until all reviews are in. After that, how is
updates/versioning managed.

 

 

Keith Turpin CISSP, CSSLP
The Boeing Company
Information Security
(206) 683-9667 

Email Notice: This communication may contain sensitive information. If you
are not the intended recipient, or believe that you have received this
communication in error, do not print, copy, retransmit, disseminate or
otherwise use the information. Respond to the sender that you have received
this e-mail in error, and delete the copy you received.

 

 

  _____  

From: Paulo Coimbra [mailto:paulo.coimbra at owasp.org] 
Sent: Friday, September 03, 2010 12:26 PM
To: Turpin, Keith N
Cc: global-projects-committee at lists.owasp.org; 'Matt Tesauro'
Subject: RE: Assessment of: Secure Coding Quick Reference

Keith,

 

As you can only have a ‘formal’ reviewer, I recommend you chose between
Sherif and Ludovic. Thereafter I will ask to the GPC to confirm one of them
and Brad Causey as ‘official’ project reviewers.

 

Many thanks,

 

Paulo Coimbra,

 <https://www.owasp.org/index.php/Main_Page> OWASP Project Manager

 

From: Turpin, Keith N [mailto:keith.n.turpin at boeing.com] 
Sent: sexta-feira, 3 de Setembro de 2010 20:23
To: Paulo Coimbra
Subject: Assessment of: Secure Coding Quick Reference

 

I have reviewed the list of current volunteers from the reviewer database.

 

I am grateful for everyone who volunteered and they all look more than
capable. However if I have to down select, then the following two seem to be
a good choice.


First Reviewer Candidates: (either is okay with me)
- Sherif Koussa 
- Ludovic Petit (has already submitted an assessment, very proactive)

 

Second Reviewer: 
- Brad Causey

 

Please let me know if there are any questions or additional steps I need to
take. Thank you all for your patients as I try to get all this process stuff
figured out.

 

 

Keith Turpin CISSP, CSSLP
The Boeing Company
Information Security
(206) 683-9667 

Email Notice: This communication may contain sensitive information. If you
are not the intended recipient, or believe that you have received this
communication in error, do not print, copy, retransmit, disseminate or
otherwise use the information. Respond to the sender that you have received
this e-mail in error, and delete the copy you received.

 

 

  _____  

From: Paulo Coimbra [mailto:paulo.coimbra at owasp.org] 
Sent: Friday, September 03, 2010 8:27 AM
To: Turpin, Keith N
Cc: global-projects-committee at lists.owasp.org; 'OWASP Foundation Board List'
Subject: RE: [GPC] Secure Coding Quick Reference

Hello Keith,

 

As for your first question I suggest you glance at the following links.

 

http://www.owasp.org/index.php/Assessing_Project_Releases

 

http://www.owasp.org/index.php/Documents_Assessment_Criteria

 

As for the second one, everyone on this
http://www.owasp.org/index.php/OWASP_Project_Reviewers_Database#tab=Project_
Reviewers.2FVolunteers data base are either a Project or a Chapter Leader
and consequently all of them meet the criterion ‘Ideally, reviewers should
be an existing OWASP project leader or chapter leader’.

 

Being so, when you consider that there is a pool sufficiently large of
options, I suggest you make a first selection of a First Reviewer by
selecting the volunteers that have shown interest in reviewing projects in
fields of expertise that include your own. Thereafter, so as to help you
with picking up a reviewer, having already selected a set of potential ones,
I suggest you review the profile/curriculum vitae of each one of them. Then,
once you have made your mind up, please let us know what your decision is
and I will ask the Global Projects Committee to confirm it.

 

Hope this helps. Should you any other questions, please get back to me.

 

Thanks,

 

Paulo Coimbra,

OWASP <https://www.owasp.org/index.php/Main_Page>  Project Manager

 

From: Turpin, Keith N [mailto:keith.n.turpin at boeing.com] 
Sent: quinta-feira, 2 de Setembro de 2010 17:15
To: Paulo Coimbra
Subject: RE: [GPC] Secure Coding Quick Reference

 

How does the project assessment process work. 

 

When there are sufficient volunteers for the review committee do you let me
know or is it posted on the site somewhere?

 

I don't have any real criteria, per say, for a reviewer as long as they meet
the OWASP requirements to move the project forward pending their thumbs up.

 

 

Keith Turpin CISSP, CSSLP
The Boeing Company
Information Security
(206) 683-9667 

Email Notice: This communication may contain sensitive information. If you
are not the intended recipient, or believe that you have received this
communication in error, do not print, copy, retransmit, disseminate or
otherwise use the information. Respond to the sender that you have received
this e-mail in error, and delete the copy you received.

 

 

  _____  

From: Paulo Coimbra [mailto:paulo.coimbra at owasp.org] 
Sent: Thursday, September 02, 2010 9:00 AM
To: bradcausey at owasp.org
Cc: Turpin, Keith N; global-projects-committee at lists.owasp.org; 'Matt
Tesauro'
Subject: RE: [GPC] Secure Coding Quick Reference

Brad,

 

I thank you interest and support. To register as volunteer and hypothetical
reviewer, please fill in the following link using one of the available
positions, volunteers [1-10]. 

 

http://www.owasp.org/index.php/OWASP_Project_Reviewers_Database#tab=Project_
Reviewers.2FVolunteers

 

As soon as the Project Leader and OWASP Global Projects Committee pick one
reviewer within the various candidates, I will let you know. In the
circumstance of other candidate is chosen, I suggest you consider contacting
the Project Leader and becoming a Project Contributor. 

 

Also, if you agree, I will be counting on you to review other OWASP Projects
and will contact you to check your availability whenever we have other
projects to review within your field of expertise.  

 

Thanks much, regards, 

 

Paulo Coimbra,

OWASP <https://www.owasp.org/index.php/Main_Page>  Project Manager

 

From: bradcausey at gmail.com [mailto:bradcausey at gmail.com] On Behalf Of Brad
Causey
Sent: quinta-feira, 2 de Setembro de 2010 16:18
To: Paulo Coimbra
Cc: Turpin, Keith N; global_education_committee at lists.owasp.org;
global-projects-committee at lists.owasp.org; Matt Tesauro
Subject: Re: [GPC] Secure Coding Quick Reference

 

I'll be a reviewer, if you fellas need me.


-Brad Causey
CISSP, MCSE, C|EH, CIFI, CGSP

http://www.owasp.org
--
"Si vis pacem, para bellum"
--

On Thu, Sep 2, 2010 at 6:10 AM, Paulo Coimbra <paulo.coimbra at owasp.org>
wrote:

Keith,

 

The reviewed version of the project presentation has been uploaded. I’ve
quickly glanced at it and, if you allow my comment, it seemed very well
structured to me. I hope and anticipate you will be clapped at AppSec USA
next week.

 

As for the Word version of the guide, it had already been uploaded on the
release page
http://www.owasp.org/index.php/Projects/OWASP_Secure_Coding_Practices_-_Quic
k_Reference_Guide/Releases/Current which appears to me to be the best place
to make it available. Please let me know if you want it uploaded also on the
‘project about’ tab.   

 

Many thanks, best regards,

 

Paulo Coimbra,

 <https://www.owasp.org/index.php/Main_Page> OWASP Project Manager

 

From: Turpin, Keith N [mailto:keith.n.turpin at boeing.com] 
Sent: quarta-feira, 1 de Setembro de 2010 19:58


To: Paulo Coimbra
Subject: RE: Secure Coding Quick Reference

 

Thanks so much for your help. 

 

I am working and getting the content together for the main tab now and have
reviewed some other project's pages.

 

Please upload the updated presentation for me, if you would. This is the
presentation I will be giving at AppSec USA next week.

 

Also I had originally sent the Word version of the guide, but did not see it
on the "project about" tab. Did I miss it or does it not get posted there. I
can resend if needed.

 

 

Keith Turpin CISSP, CSSLP
The Boeing Company
Information Security
(206) 683-9667 

Email Notice: This communication may contain sensitive information. If you
are not the intended recipient, or believe that you have received this
communication in error, do not print, copy, retransmit, disseminate or
otherwise use the information. Respond to the sender that you have received
this e-mail in error, and delete the copy you received.

 

 

  _____  

From: Paulo Coimbra [mailto:paulo.coimbra at owasp.org] 
Sent: Wednesday, September 01, 2010 10:56 AM
To: Turpin, Keith N
Cc: global-projects-committee at lists.owasp.org; 'OWASP Foundation Board List'


Subject: RE: Secure Coding Quick Reference

Keith,

 

There is no problem at all with your difficulties which are perfectly
understandable given your limited wiki edition experience. 

 

As for your questions, I would say that, even though they were thought to
serve different purposes, you can edit both ‘tabs’. In my perspective the
‘Project About’ tab can be edited either by the Project Leader and the OWASP
Global Projects Committee (GPC) but the ultimate responsible is the latter.
The ‘Project About’ tab was thought to create a certain level of
standardization within OWASP Projects, to make sure that basic info as
project contributors’ contacts and downloadable files etc are constantly
accessible and, the last but not the least, to assure that the GPC has
control over the project assessment/rating.

 

As for the ‘Main’ tab (and others possibly created under the project
leader’s criterion), as long as the OWASP principles & code of ethics are
respected, it can/should be used by the project leader with total freedom. I
suggest you browse through a few OWASP Projects to building an idea about
what the other project leaders’ options were. 

 

In more operational terms, the ‘Project About’ tab is supported by a
template created by the GPC and can be accessed here
http://www.owasp.org/index.php/Projects/OWASP_Secure_Coding_Practices_-_Quic
k_Reference_Guide.

 

I believe the GPC’s documentation, regarding the set of templates currently
in use, will soon be considerably ameliorated but, meanwhile, the info
available can be accessed here
http://www.owasp.org/index.php/Category:GPC_Templates.

 

In addition, to understand how the templates work, I suggest, if I may,
skimming over the Wikimedia ‘Help:Template’ link as follows
http://meta.wikimedia.org/wiki/Help:Template.

 

However, while you don’t feel sufficiently familiarized with the Wiki I will
always be here to assist you. 

 

Being so, regarding the need to upload an updated version of the
presentation it´s up to you and you can try and do it yourself or send it
over.

 

I hope this helps, many thanks, best regards,

 

Paulo Coimbra,

 <https://www.owasp.org/index.php/Main_Page> OWASP Project Manager

 

From: Turpin, Keith N [mailto:keith.n.turpin at boeing.com] 
Sent: quarta-feira, 1 de Setembro de 2010 16:46
To: Paulo Coimbra
Subject: RE: Secure Coding Quick Reference

 

I am taking a look at the wiki pages and had a couple questions.

 

There are currently two tabs "Main" and "Project About".

 

If I log in and go to the project page it appears that I can edit the "Main"
tab, but can I edit the "Project About" tab? I have an updated version of
the presentation to upload.

 

I have seen that some projects have multiple tabs. I don't see a need for
this at the moment, but I was wondering if this is something I do myself or
ask to have created for me.

 

Sorry if these are silly questions, but this is my first time working on the
site or using this wiki system.

 

 

Keith Turpin CISSP, CSSLP
The Boeing Company
Information Security
(206) 683-9667 

Email Notice: This communication may contain sensitive information. If you
are not the intended recipient, or believe that you have received this
communication in error, do not print, copy, retransmit, disseminate or
otherwise use the information. Respond to the sender that you have received
this e-mail in error, and delete the copy you received.

 

 

  _____  

From: Paulo Coimbra [mailto:paulo.coimbra at owasp.org] 
Sent: Tuesday, August 31, 2010 12:29 PM
To: Turpin, Keith N; 'Matt Tesauro'
Cc: 'OWASP Foundation Board List'; global-projects-committee at lists.owasp.org
Subject: RE: Secure Coding Quick Reference

Hello Keith,

 

First of all I apologise for my delayed response. Not deferrable personal
issues have kept me out of work for a considerable period of time and
consequently I haven’t been able to seasonably deal with my OWASP duties. I
thank in advance your understanding.

 

Secondly, thank you for volunteering to lead an OWASP Project.  It is with
volunteers like yourselves that OWASP continues to succeed in making
application security visible. 

 

Thirdly, as requested, I’ve created
http://www.owasp.org/index.php/OWASP_Secure_Coding_Practices_-_Quick_Referen
ce_Guide wiki page and placed it amongst all the other OWASP Projects
http://www.owasp.org/index.php/Category:OWASP_Project#tab=Alpha_Status_Proje
cts 

 

Please check it out and let me know if you find any problems or mistakes. 

 

Feel free to add any additional information to the project’s wiki page or to
request assistance regarding its edition.

 

Fourthly, the OWASP Global Projects Committee (GPC) will look at the roadmap
and provide feedback on your project:  suggesting projects which are closely
related, resources and contacts which may assist your efforts and any other
suggestions to increase your project's success.

 

Fifthly, the GPC will announce your project to the OWASP community and will
seek a First Reviewer to hopefully assess the Stable Quality Status of your
Release V1.0.

 

I will keep you updated and let you know whenever we have one or a pool of
volunteers ready for you to pick up. 

 

You can follow this recruitment process here
http://www.owasp.org/index.php/OWASP_Project_Reviewers_Database#tab=Project_
Reviewers.2FVolunteers 

 

Meanwhile, I suggest you make your self-assessment.

 

http://www.owasp.org/index.php/Projects/OWASP_Secure_Coding_Practices_-_Quic
k_Reference_Guide/Releases/SCP_v1/Assessment 


That is all for now - I wish you and your project great success.  Thank you
for supporting OWASP's mission.

Should you have any questions or require any further information, please do
not hesitate to contact me. 

Many thanks, best regards,

 

PS. Please let me know whether or not you wish an OWASP email address. 

 

Paulo Coimbra,

OWASP Project <https://www.owasp.org/index.php/Main_Page>  Manager

 

From: Turpin, Keith N [mailto:keith.n.turpin at boeing.com] 
Sent: segunda-feira, 30 de Agosto de 2010 18:29
To: Matt Tesauro; Paulo Coimbra
Subject: Secure Coding Quick Reference

 

I have not heard anything back since sending in the various project
documents. I just want to check status and verify that this will be up on
the site before AppSec USA, since I am planning to do a talk introducing it
there.

 

 

 

Keith Turpin CISSP, CSSLP 

The Boeing Company 

Information Security 

(206) 683-9667 

 

Email Notice: This communication may contain sensitive information. If you
are not the intended recipient, or believe that you have received this
communication in error, do not print, copy, retransmit, disseminate or
otherwise use the information. Respond to the sender that you have received
this e-mail in error, and delete the copy you received.


_______________________________________________
Global-projects-committee mailing list
Global-projects-committee at lists.owasp.org
https://lists.owasp.org/mailman/listinfo/global-projects-committee

 

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/owasp-board/attachments/20100905/9acd7d23/attachment-0002.html>


More information about the Owasp-board mailing list