[Owasp-board] Project status: Use of Web Application Firewalls

Paulo Coimbra pcoimbra at owasp.org
Tue Aug 30 19:06:35 UTC 2011


Hello Achim,

I have merged the two distinct pages the project anteriorly had as follows:

https://owasp.org/index.php/Category:OWASP_Best_Practices:_Use_of_Web_Applic
ation_Firewalls#tab=Project_About

https://owasp.org/index.php?title=Best_Practices:_Web_Application_Firewalls&
redirect=no 

Please check it out and let me know if you agree with the introduced changes
or, otherwise, I will reverse them.

As for the release assessment, I have carefully looked at the project's
outputs and it seemed to me that the latest english wiki release (version
1.0.5) still doesn't have equivalent pdf. Would it be possible for you
(and/or the German Chapter) to create it, please? Or do you prefer we assess
the version 1.0.4?

As for the assessment process itself, if you are targeting Stable Status the
procedure is as follows.
* Stable release: The project lead completes the pre-assessment checklist.
Then, the two project reviewers will complete their review of the release
(more on this below). After the reviews are complete, the Global Projects
Committee and OWASP Board will validate the project's review,
*  Stable release: 2 reviewers are required. Second review has special
requirements.
* 
* Ideally, per project release, the project leader will propose the
reviewer(s),
* Ideally, reviewers should be an existing OWASP project leader or chapter
leader.
* If the project lead is unable to find the required reviewer(s), the Global
Projects Committee can assist in identifying reviewer(s) for the project.
* It is recommended that an OWASP board member or Global Projects Committee
member be the second reviewer on Stable releases. The board has the initial
option to review the project, followed by the Global Projects Committee.
* The Global Projects Committee confirms the assignment of reviewers to a
project.
Having the above into account, I will ask to the Board and the GPC members
whether they want to perform the role of second reviewer. I will let them
know that you have already three different names to act as first and second
reviewers. In the circumstance they don't step in, I will get back to you
again for you to clarify from the set of three names what two you ultimate
chose for First and Second Reviewer.

Thanks,
- Paulo

Paulo Coimbra
OWASP Project Manager <https://www.owasp.org/index.php/User:Paulo_Coimbra>

From:  Achim <achim at owasp.org>
Reply-To:  Achim <achim at owasp.org>
Date:  Tue, 30 Aug 2011 09:40:19 +0200
To:  Paulo Coimbra <pcoimbra at owasp.org>
Subject:  Re: Project status: Use of Web Application Firewalls

Hi Paulo,

please see inline below.

Ciao
Achim

Am 29.08.2011 18:58, schrieb Paulo Coimbra:
>  Hello Achim,
...
>  
>  As for you question, regarding the project, I would say that we just need to
>  assess it in accordance with the criteria here
>  https://www.owasp.org/index.php/Documents_Assessment_Criteria mentioned.

The document fulfills the these criteria as follows:

==> https://www.owasp.org/index.php/Documents_Assessment_Criteria
  * Alpha Release Document Criteria
1. wiki page minumum? yes, see below
2. open license? yes
3. PDF available? yes
4. project Category? yes (I guess)
5. roadmap? no, as it is final

  * Beta Release Document Criteria
1. alpha complete? yes
2. all on OWASP wiki? yes
3. about this? yes
(see "sheet overview", "Short Project Description", "Abstract")
Reviewer Action Items (my comments:)
1. OWASP Writing Style? yes (mainly, as it is a translation)
2. wiki matches doc? yes
3. "About this .."? yes (it's headed "Abstract")
4. how complete? it's complete

  * Stable Release Document Criteria
1. alpha and beta? yes
2. documented limitations? yes (inside the ducument itself)
3. OWASP Writing Style? yes (mainly, as it is a translation)
4. one sheet overview? no, as the template does not provide it
5. format for book? unknown (is PDF sufficient?)

==> 
https://www.owasp.org/index.php/Assessing_Project_Health#Project_Wiki_Page_M
inimal_Content
  * Project Wiki Page Minimal Content
1. up to date project template? I guess yes
2. conference style presentation? no (as it was not yet presented on OWASP
conferences)
but it's OWASP-style document, see
https://owasp.org/index.php/Best_Practices:_Web_Application_Firewalls
3. sheet overview? yes (see project link)
4. working mailing list? yes
5. application security issue? yes
6. roadmap? no, as it is final
7. project leader with wiki account? yes
Reviewer Action Items (my comments:) 1. OWASP Writing Style? ??
2. wiki matches doc? yes
3. "About this .."? yes (it's headed "Abstract")
4. how complete? it's complete
1. beta reviewer? no
2. address app. security? yes
3. OWASP Writing Style? yes (mainly, as it is a translation)
4. documented limitations? yes (inside the ducument itself)
5. recommend the doc? yes
6. missing critical? no

>  
>  To better understand what I am saying, if I may, I suggest glancing at the
>  following two projects' releases:
>  
>  https://www.owasp.org/index.php/Projects/OWASP_Zed_Attack_Proxy_Project/Rele
>  ases/ZAP_1.3.0/Assessment
> 
>  https://www.owasp.org/index.php/Projects/OWASP_Secure_Coding_Practices_-_Qui
>  ck_Reference_Guide/Releases/SCP_v1/Assessment


Did it this way, see textual answers above.
(is there a wiki page/template to be completed?)

>  So, if you agree on the path I am above proposing, please let me know and
>  will consequently install the new GPC templates needed to support the
>  assessment process.

ahh, these are the tempates I'm asking for above :)

>  It would be also useful if you could tell me whether you
>  propose the needed two reviewers or if want I find them for you
>  https://www.owasp.org/index.php/Assessing_Project_Releases.

Ryan Barnett likes this document, so he surely qualifies best as reviewer.
And probably Arian Evans or Anurag Agrawal can review it also.
 
>  Looking forward to hearing back from you.
>  
>  Thanks,
>  - Paulo
>  
>  Paulo Coimbra
>  OWASP Project Manager <https://www.owasp.org/index.php/User:Paulo_Coimbra>
>  
>  From:  Achim <achim at owasp.org>
>  Reply-To:  Achim <achim at owasp.org>
>  Date:  Thu, 25 Aug 2011 13:55:02 +0200
>  To:  Paulo Coimbra <paulo.coimbra at owasp.org>
>  Subject:  Project status: Use of Web Application Firewalls
>  
>  Hi Paulo,
>  
>  it's been a while since we meat in Lisboa, hope you're well.
>  IIRC, you and Sandra wanted to visit München, I'm still waiting here ;-)
>  
>  ---
>  Back to OWASP.
>  
>  In https://owasp.org/index.php/Projects we see that our documenation project
>  Category:OWASP Best Practices: Use of Web Application Firewalls
>  https://owasp.org/index.php/Category:OWASP_Best_Practices:_Use_of_Web_Applic
>  ation_Firewalls
>  
>  
>  is marked as alpha status.
>  As this is a documentation / paper only, I think it could be qualified
>  stable.
>  
>  What do we need to do to make it stable?
>  
>  We also like to add the jumping page
>  https://owasp.org/index.php/Best_Practices:_Web_Application_Firewalls
>  
>  to the OWASP Projetcs page. Is that possible.
>  
>  Would be nice if you can give me some answers.
>  
>  Ciao,
>  Achim





-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/owasp-board/attachments/20110830/edbc1f53/attachment-0002.html>


More information about the Owasp-board mailing list