[Owasp-board] Assessment of: Secure Coding Quick Reference

Eoin eoin.keary at owasp.org
Sun Sep 5 20:23:59 UTC 2010


Happy for them to review, do they have appropriate skill sets?

regarding the secure coding practices guide what is this in relation to
the development guide or is it "yet another guide"?
where does guide fit in apart from it was donated by a
global corporation like Boeing?

-ek
On 5 September 2010 20:16, Paulo Coimbra <paulo.coimbra at owasp.org> wrote:

>  GPC and Board,
>
>
>
> Please let us know whether or not you confirm Ludovic Petit and Brad Causey
> as OWASP Secure Coding Practices - Quick Reference Guide’s reviewers.
>
>
>
>
> http://www.owasp.org/index.php/OWASP_Secure_Coding_Practices_-_Quick_Reference_Guide#tab=Project_About
>
>
>
> http://www.owasp.org/index.php/User:Ludovic_Petit
>
>
>
> http://www.owasp.org/index.php/User:Bradcausey
>
>
>
> Thanks,
>
>
>
> Paulo Coimbra,
>
> OWASP Project Manager <https://www.owasp.org/index.php/Main_Page>
>
>
>
> *From:* Turpin, Keith N [mailto:keith.n.turpin at boeing.com]
> *Sent:* sexta-feira, 3 de Setembro de 2010 20:49
> *To:* Paulo Coimbra
> *Subject:* RE: Assessment of: Secure Coding Quick Reference
>
>
>
> Okay lets go with Ludovic then since his is done.
>
>
>
> I have reviewed his feedback and am planning to accept most of
> his recommendations and get an updated version put together.
>
>
>
> How does the update process work, especially at this stage. I assume I
> should wait to do an update until all reviews are in. After that, how is
> updates/versioning managed.
>
>
>
>
>
> *Keith Turpin** **CISSP, CSSLP*
> *The Boeing Company*
> *Information Security*
> *(206) 683-9667*
>
> Email Notice: This communication may contain sensitive information. If you
> are not the intended recipient, or believe that you have received this
> communication in error, do not print, copy, retransmit, disseminate or
> otherwise use the information. Respond to the sender that you have received
> this e-mail in error, and delete the copy you received.
>
>
>
>
>  ------------------------------
>
> *From:* Paulo Coimbra [mailto:paulo.coimbra at owasp.org]
> *Sent:* Friday, September 03, 2010 12:26 PM
> *To:* Turpin, Keith N
> *Cc:* global-projects-committee at lists.owasp.org; 'Matt Tesauro'
> *Subject:* RE: Assessment of: Secure Coding Quick Reference
>
> Keith,
>
>
>
> As you can only have a ‘formal’ reviewer, I recommend you chose between
> Sherif and Ludovic. Thereafter I will ask to the GPC to confirm one of them
> and Brad Causey as ‘official’ project reviewers.
>
>
>
> Many thanks,
>
>
>
> Paulo Coimbra,
>
> OWASP Project Manager <https://www.owasp.org/index.php/Main_Page>
>
>
>
> *From:* Turpin, Keith N [mailto:keith.n.turpin at boeing.com]
> *Sent:* sexta-feira, 3 de Setembro de 2010 20:23
> *To:* Paulo Coimbra
> *Subject:* Assessment of: Secure Coding Quick Reference
>
>
>
> I have reviewed the list of current volunteers from the reviewer database.
>
>
>
> I am grateful for everyone who volunteered and they all look more than
> capable. However if I have to down select, then the following two seem to be
> a good choice.
>
>
> First Reviewer Candidates: (*either is okay with me*)
> - Sherif Koussa
> - Ludovic Petit (*has already submitted an assessment, very proactive*)
>
>
>
> Second Reviewer:
> - Brad Causey
>
>
>
> Please let me know if there are any questions or additional steps I need to
> take. Thank you all for your patients as I try to get all this process stuff
> figured out.
>
>
>
>
>
> *Keith Turpin** **CISSP, CSSLP*
> *The Boeing Company*
> *Information Security*
> *(206) 683-9667*
>
> Email Notice: This communication may contain sensitive information. If you
> are not the intended recipient, or believe that you have received this
> communication in error, do not print, copy, retransmit, disseminate or
> otherwise use the information. Respond to the sender that you have received
> this e-mail in error, and delete the copy you received.
>
>
>
>
>  ------------------------------
>
> *From:* Paulo Coimbra [mailto:paulo.coimbra at owasp.org]
> *Sent:* Friday, September 03, 2010 8:27 AM
> *To:* Turpin, Keith N
> *Cc:* global-projects-committee at lists.owasp.org; 'OWASP Foundation Board
> List'
> *Subject:* RE: [GPC] Secure Coding Quick Reference
>
> Hello Keith,
>
>
>
> As for your first question I suggest you glance at the following links.
>
>
>
> http://www.owasp.org/index.php/Assessing_Project_Releases
>
>
>
> http://www.owasp.org/index.php/Documents_Assessment_Criteria
>
>
>
> As for the second one, everyone on this
> http://www.owasp.org/index.php/OWASP_Project_Reviewers_Database#tab=Project_Reviewers.2FVolunteersdata base are either a Project or a Chapter Leader and consequently all of
> them meet the criterion ‘Ideally, reviewers should be an existing OWASP
> project leader or chapter leader’.
>
>
>
> Being so, when you consider that there is a pool sufficiently large of
> options, I suggest you make a first selection of a First Reviewer by
> selecting the volunteers that have shown interest in reviewing projects in
> fields of expertise that include your own. Thereafter, so as to help you
> with picking up a reviewer, having already selected a set of potential ones,
> I suggest you review the profile/curriculum vitae of each one of them. Then,
> once you have made your mind up, please let us know what your decision is
> and I will ask the Global Projects Committee to confirm it.
>
>
>
> Hope this helps. Should you any other questions, please get back to me.
>
>
>
> Thanks,
>
>
>
> Paulo Coimbra,
>
> OWASP Project Manager <https://www.owasp.org/index.php/Main_Page>
>
>
>
> *From:* Turpin, Keith N [mailto:keith.n.turpin at boeing.com]
> *Sent:* quinta-feira, 2 de Setembro de 2010 17:15
> *To:* Paulo Coimbra
> *Subject:* RE: [GPC] Secure Coding Quick Reference
>
>
>
> How does the project assessment process work.
>
>
>
> When there are sufficient volunteers for the review committee do you let me
> know or is it posted on the site somewhere?
>
>
>
> I don't have any real criteria, per say, for a reviewer as long as they
> meet the OWASP requirements to move the project forward pending their thumbs
> up.
>
>
>
>
>
> *Keith Turpin** **CISSP, CSSLP*
> *The Boeing Company*
> *Information Security*
> *(206) 683-9667*
>
> Email Notice: This communication may contain sensitive information. If you
> are not the intended recipient, or believe that you have received this
> communication in error, do not print, copy, retransmit, disseminate or
> otherwise use the information. Respond to the sender that you have received
> this e-mail in error, and delete the copy you received.
>
>
>
>
>  ------------------------------
>
> *From:* Paulo Coimbra [mailto:paulo.coimbra at owasp.org]
> *Sent:* Thursday, September 02, 2010 9:00 AM
> *To:* bradcausey at owasp.org
> *Cc:* Turpin, Keith N; global-projects-committee at lists.owasp.org; 'Matt
> Tesauro'
> *Subject:* RE: [GPC] Secure Coding Quick Reference
>
> Brad,
>
>
>
> I thank you interest and support. To register as volunteer and hypothetical
> reviewer, please fill in the following link using one of the available
> positions, volunteers [1-10].
>
>
>
>
> http://www.owasp.org/index.php/OWASP_Project_Reviewers_Database#tab=Project_Reviewers.2FVolunteers
>
>
>
> As soon as the Project Leader and OWASP Global Projects Committee pick one
> reviewer within the various candidates, I will let you know. In the
> circumstance of other candidate is chosen, I suggest you consider contacting
> the Project Leader and becoming a Project Contributor.
>
>
>
> Also, if you agree, I will be counting on you to review other OWASP
> Projects and will contact you to check your availability whenever we have
> other projects to review within your field of expertise.
>
>
>
> Thanks much, regards,
>
>
>
> Paulo Coimbra,
>
> OWASP Project Manager <https://www.owasp.org/index.php/Main_Page>
>
>
>
> *From:* bradcausey at gmail.com [mailto:bradcausey at gmail.com] *On Behalf Of *Brad
> Causey
> *Sent:* quinta-feira, 2 de Setembro de 2010 16:18
> *To:* Paulo Coimbra
> *Cc:* Turpin, Keith N; global_education_committee at lists.owasp.org;
> global-projects-committee at lists.owasp.org; Matt Tesauro
> *Subject:* Re: [GPC] Secure Coding Quick Reference
>
>
>
> I'll be a reviewer, if you fellas need me.
>
>
> -Brad Causey
> CISSP, MCSE, C|EH, CIFI, CGSP
>
> http://www.owasp.org
> --
> "Si vis pacem, para bellum"
> --
>
> On Thu, Sep 2, 2010 at 6:10 AM, Paulo Coimbra <paulo.coimbra at owasp.org>
> wrote:
>
> Keith,
>
>
>
> The reviewed version of the project presentation has been uploaded. I’ve
> quickly glanced at it and, if you allow my comment, it seemed very well
> structured to me. I hope and anticipate you will be clapped at AppSec USA
> next week.
>
>
>
> As for the Word version of the guide, it had already been uploaded on the
> release page
> http://www.owasp.org/index.php/Projects/OWASP_Secure_Coding_Practices_-_Quick_Reference_Guide/Releases/Currentwhich appears to me to be the best place to make it available. Please let me
> know if you want it uploaded also on the ‘project about’ tab.
>
>
>
> Many thanks, best regards,
>
>
>
> Paulo Coimbra,
>
> OWASP Project Manager <https://www.owasp.org/index.php/Main_Page>
>
>
>
> *From:* Turpin, Keith N [mailto:keith.n.turpin at boeing.com]
> *Sent:* quarta-feira, 1 de Setembro de 2010 19:58
>
>
> *To:* Paulo Coimbra
> *Subject:* RE: Secure Coding Quick Reference
>
>
>
> Thanks so much for your help.
>
>
>
> I am working and getting the content together for the main tab now and have
> reviewed some other project's pages.
>
>
>
> Please upload the updated presentation for me, if you would. This is the
> presentation I will be giving at AppSec USA next week.
>
>
>
> Also I had originally sent the Word version of the guide, but did not see
> it on the "project about" tab. Did I miss it or does it not get posted
> there. I can resend if needed.
>
>
>
>
>
> *Keith Turpin** **CISSP, CSSLP*
> *The Boeing Company*
> *Information Security*
> *(206) 683-9667*
>
> Email Notice: This communication may contain sensitive information. If you
> are not the intended recipient, or believe that you have received this
> communication in error, do not print, copy, retransmit, disseminate or
> otherwise use the information. Respond to the sender that you have received
> this e-mail in error, and delete the copy you received.
>
>
>
>
>  ------------------------------
>
> *From:* Paulo Coimbra [mailto:paulo.coimbra at owasp.org]
> *Sent:* Wednesday, September 01, 2010 10:56 AM
> *To:* Turpin, Keith N
> *Cc:* global-projects-committee at lists.owasp.org; 'OWASP Foundation Board
> List'
>
>
> *Subject:* RE: Secure Coding Quick Reference
>
> Keith,
>
>
>
> There is no problem at all with your difficulties which are perfectly
> understandable given your limited wiki edition experience.
>
>
>
> As for your questions, I would say that, even though they were thought to
> serve different purposes, you can edit both ‘tabs’. In my perspective the
> ‘Project About’ tab can be edited either by the Project Leader and the OWASP
> Global Projects Committee (GPC) but the ultimate responsible is the latter.
> The ‘Project About’ tab was thought to create a certain level of
> standardization within OWASP Projects, to make sure that basic info as
> project contributors’ contacts and downloadable files etc are constantly
> accessible and, the last but not the least, to assure that the GPC has
> control over the project assessment/rating.
>
>
>
> As for the ‘Main’ tab (and others possibly created under the project
> leader’s criterion), as long as the OWASP principles & code of ethics are
> respected, it can/should be used by the project leader with total freedom. I
> suggest you browse through a few OWASP Projects to building an idea about
> what the other project leaders’ options were.
>
>
>
> In more operational terms, the ‘Project About’ tab is supported by a
> template created by the GPC and can be accessed here
> http://www.owasp.org/index.php/Projects/OWASP_Secure_Coding_Practices_-_Quick_Reference_Guide
> .
>
>
>
> I believe the GPC’s documentation, regarding the set of templates currently
> in use, will soon be considerably ameliorated but, meanwhile, the info
> available can be accessed here
> http://www.owasp.org/index.php/Category:GPC_Templates.
>
>
>
> In addition, to understand how the templates work, I suggest, if I may,
> skimming over the Wikimedia ‘Help:Template’ link as follows
> http://meta.wikimedia.org/wiki/Help:Template.
>
>
>
> However, while you don’t feel sufficiently familiarized with the Wiki I
> will always be here to assist you.
>
>
>
> Being so, regarding the need to upload an updated version of the
> presentation it´s up to you and you can try and do it yourself or send it
> over.
>
>
>
> I hope this helps, many thanks, best regards,
>
>
>
> Paulo Coimbra,
>
> OWASP Project Manager <https://www.owasp.org/index.php/Main_Page>
>
>
>
> *From:* Turpin, Keith N [mailto:keith.n.turpin at boeing.com]
> *Sent:* quarta-feira, 1 de Setembro de 2010 16:46
> *To:* Paulo Coimbra
> *Subject:* RE: Secure Coding Quick Reference
>
>
>
> I am taking a look at the wiki pages and had a couple questions.
>
>
>
> There are currently two tabs "Main" and "Project About".
>
>
>
> If I log in and go to the project page it appears that I can edit the
> "Main" tab, but can I edit the "Project About" tab? I have an updated
> version of the presentation to upload.
>
>
>
> I have seen that some projects have multiple tabs. I don't see a need for
> this at the moment, but I was wondering if this is something I do myself or
> ask to have created for me.
>
>
>
> Sorry if these are silly questions, but this is my first time working on
> the site or using this wiki system.
>
>
>
>
>
> *Keith Turpin** **CISSP, CSSLP*
> *The Boeing Company*
> *Information Security*
> *(206) 683-9667*
>
> Email Notice: This communication may contain sensitive information. If you
> are not the intended recipient, or believe that you have received this
> communication in error, do not print, copy, retransmit, disseminate or
> otherwise use the information. Respond to the sender that you have received
> this e-mail in error, and delete the copy you received.
>
>
>
>
>  ------------------------------
>
> *From:* Paulo Coimbra [mailto:paulo.coimbra at owasp.org]
> *Sent:* Tuesday, August 31, 2010 12:29 PM
> *To:* Turpin, Keith N; 'Matt Tesauro'
> *Cc:* 'OWASP Foundation Board List';
> global-projects-committee at lists.owasp.org
> *Subject:* RE: Secure Coding Quick Reference
>
> Hello Keith,
>
>
>
> First of all I apologise for my delayed response. Not deferrable personal
> issues have kept me out of work for a considerable period of time and
> consequently I haven’t been able to seasonably deal with my OWASP duties. I
> thank in advance your understanding.
>
>
>
> Secondly, thank you for volunteering to lead an OWASP Project.  It is with
> volunteers like yourselves that OWASP continues to succeed in making
> application security visible.
>
>
>
> Thirdly, as requested, I’ve created
> http://www.owasp.org/index.php/OWASP_Secure_Coding_Practices_-_Quick_Reference_Guidewiki page and placed it amongst all the other OWASP Projects
> http://www.owasp.org/index.php/Category:OWASP_Project#tab=Alpha_Status_Projects
>
>
>
> Please check it out and let me know if you find any problems or mistakes.
>
>
>
> Feel free to add any additional information to the project’s wiki page or
> to request assistance regarding its edition.
>
>
>
> Fourthly, the OWASP Global Projects Committee (GPC) will look at the
> roadmap and provide feedback on your project:  suggesting projects which are
> closely related, resources and contacts which may assist your efforts and
> any other suggestions to increase your project's success.
>
>
>
> Fifthly, the GPC will announce your project to the OWASP community and will
> seek a First Reviewer to hopefully assess the Stable Quality Status of your
> Release V1.0.
>
>
>
> I will keep you updated and let you know whenever we have one or a pool of
> volunteers ready for you to pick up.
>
>
>
> You can follow this recruitment process here
> http://www.owasp.org/index.php/OWASP_Project_Reviewers_Database#tab=Project_Reviewers.2FVolunteers
>
>
>
> Meanwhile, I suggest you make your self-assessment.
>
>
>
>
> http://www.owasp.org/index.php/Projects/OWASP_Secure_Coding_Practices_-_Quick_Reference_Guide/Releases/SCP_v1/Assessment
>
>
> That is all for now - I wish you and your project great success.  Thank you
> for supporting OWASP's mission.
>
> Should you have any questions or require any further information, please do
> not hesitate to contact me.
>
> Many thanks, best regards,
>
>
>
> *PS. Please let me know whether or not you wish an OWASP email address. *
>
>
>
> Paulo Coimbra,
>
> OWASP Project Manager <https://www.owasp.org/index.php/Main_Page>
>
>
>
> *From:* Turpin, Keith N [mailto:keith.n.turpin at boeing.com]
> *Sent:* segunda-feira, 30 de Agosto de 2010 18:29
> *To:* Matt Tesauro; Paulo Coimbra
> *Subject:* Secure Coding Quick Reference
>
>
>
> I have not heard anything back since sending in the various project
> documents. I just want to check status and verify that this will be up on
> the site before AppSec USA, since I am planning to do a talk introducing it
> there.
>
>
>
>
>
>
>
> Keith Turpin CISSP, CSSLP
>
> The Boeing Company
>
> Information Security
>
> (206) 683-9667
>
>
>
> Email Notice: This communication may contain sensitive information. If you
> are not the intended recipient, or believe that you have received this
> communication in error, do not print, copy, retransmit, disseminate or
> otherwise use the information. Respond to the sender that you have received
> this e-mail in error, and delete the copy you received.
>
>
> _______________________________________________
> Global-projects-committee mailing list
> Global-projects-committee at lists.owasp.org
> https://lists.owasp.org/mailman/listinfo/global-projects-committee
>
>
>
> _______________________________________________
> Owasp-board mailing list
> Owasp-board at lists.owasp.org
> https://lists.owasp.org/mailman/listinfo/owasp-board
>
>


-- 
Eoin Keary
OWASP Global Board Member
OWASP Code Review Guide Lead Author

Sent from my i-Transmogrifier
http://asg.ie/
https://twitter.com/EoinKeary
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/owasp-board/attachments/20100905/d4982f69/attachment-0002.html>


More information about the Owasp-board mailing list