[Owasp-board] FW: Project status: Use of Web Application Firewalls

Eoin eoin.keary at owasp.org
Tue Aug 30 19:38:24 UTC 2011


Happy to help if you need a second pair of eyes. 

 

On 30 Aug 2011, at 20:19, Paulo Coimbra <pcoimbra at owasp.org> wrote:

> Board & GPC,
> 
> As you can see below we are preparing the process of assessing (Stable target) the latest release of the OWASP Best Practices: Use of Web Application Firewalls Project. 
> 
> What's more, as you know, in accordance with our current assessment criteria, "It is recommended that an OWASP board member or Global Projects Committee member be the second reviewer on Stable releases". 
> 
> Consequently and even though Achim Hoffmann has already suggested three names to act as first and second reviewers, i.e., Ryan Barnett, Arian Evans and Anurag Agrawal, to comply with our rules, I need to ask you all if any of you want to exercise the right of steeping in and act in this release assessment as Second Reviewer.   
> 
> If you agree, in the circumstance of absence of answer from you, I will assume that Achim can choose both reviewers from the set of three firstly suggested.
>   
> Thanks,
> - Paulo
> 
> Paulo Coimbra
> OWASP Project Manager
> 
> From: Paulo Coimbra <pcoimbra at owasp.org>
> Date: Tue, 30 Aug 2011 20:06:35 +0100
> To: Achim <achim at owasp.org>
> Cc: OWASP Foundation Board List <owasp-board at lists.owasp.org>, GPC <global-projects-committee at lists.owasp.org>
> Subject: Re: Project status: Use of Web Application Firewalls
> 
> Hello Achim,
> 
> I have merged the two distinct pages the project anteriorly had as follows:
> 
> https://owasp.org/index.php/Category:OWASP_Best_Practices:_Use_of_Web_Application_Firewalls#tab=Project_About 
> 
> https://owasp.org/index.php?title=Best_Practices:_Web_Application_Firewalls&redirect=no 
> 
> Please check it out and let me know if you agree with the introduced changes or, otherwise, I will reverse them.
> 
> As for the release assessment, I have carefully looked at the project's outputs and it seemed to me that the latest english wiki release (version 1.0.5) still doesn't have equivalent pdf. Would it be possible for you (and/or the German Chapter) to create it, please? Or do you prefer we assess the version 1.0.4?
> 
> As for the assessment process itself, if you are targeting Stable Status the procedure is as follows.
> Stable release: The project lead completes the pre-assessment checklist. Then, the two project reviewers will complete their review of the release (more on this below). After the reviews are complete, the Global Projects Committee and OWASP Board will validate the project's review,
>  Stable release: 2 reviewers are required. Second review has special requirements.
> Ideally, per project release, the project leader will propose the reviewer(s),
> Ideally, reviewers should be an existing OWASP project leader or chapter leader.
> If the project lead is unable to find the required reviewer(s), the Global Projects Committee can assist in identifying reviewer(s) for the project.
> It is recommended that an OWASP board member or Global Projects Committee member be the second reviewer on Stable releases. The board has the initial option to review the project, followed by the Global Projects Committee.
> The Global Projects Committee confirms the assignment of reviewers to a project.
> Having the above into account, I will ask to the Board and the GPC members whether they want to perform the role of second reviewer. I will let them know that you have already three different names to act as first and second reviewers. In the circumstance they don't step in, I will get back to you again for you to clarify from the set of three names what two you ultimate chose for First and Second Reviewer.  
> 
> Thanks,
> - Paulo
> 
> Paulo Coimbra
> OWASP Project Manager
> 
> From: Achim <achim at owasp.org>
> Reply-To: Achim <achim at owasp.org>
> Date: Tue, 30 Aug 2011 09:40:19 +0200
> To: Paulo Coimbra <pcoimbra at owasp.org>
> Subject: Re: Project status: Use of Web Application Firewalls
> 
> Hi Paulo,
> 
> please see inline below.
> 
> Ciao
> Achim
> 
> Am 29.08.2011 18:58, schrieb Paulo Coimbra:
> Hello Achim,
> ...
> As for you question, regarding the project, I would say that we just need to
> assess it in accordance with the criteria here
> https://www.owasp.org/index.php/Documents_Assessment_Criteria mentioned.
> 
> The document fulfills the these criteria as follows:
> 
> ==> https://www.owasp.org/index.php/Documents_Assessment_Criteria
>   * Alpha Release Document Criteria
> 	1. wiki page minumum?		yes, see below
> 	2. open license?		yes
> 	3. PDF available?		yes
> 	4. project Category?		yes (I guess)
> 	5. roadmap?			no, as it is final
> 
>   * Beta Release Document Criteria
> 	1. alpha complete?		yes
> 	2. all on OWASP wiki?		yes
> 	3. about this?			yes
> 				(see "sheet overview", "Short Project Description", "Abstract")
> 	Reviewer Action Items (my comments:)
> 	1. OWASP Writing Style?		yes (mainly, as it is a translation)
> 	2. wiki matches doc?		yes
> 	3. "About this .."?		yes (it's headed "Abstract")
> 	4. how complete?		it's complete
> 
>   * Stable Release Document Criteria
> 	1. alpha and beta?		yes
> 	2. documented limitations?	yes (inside the ducument itself)
> 	3. OWASP Writing Style?		yes (mainly, as it is a translation)
> 	4. one sheet overview?		no, as the template does not provide it
> 	5. format for book?		unknown (is PDF sufficient?)
> 
> ==> https://www.owasp.org/index.php/Assessing_Project_Health#Project_Wiki_Page_Minimal_Content
>   * Project Wiki Page Minimal Content
> 	1. up to date project template?	I guess yes
> 	2. conference style presentation? no (as it was not yet presented on OWASP conferences)
> 		but it's OWASP-style document, see
> 		https://owasp.org/index.php/Best_Practices:_Web_Application_Firewalls
> 	3. sheet overview?		yes (see project link)
> 	4. working mailing list?	yes
> 	5. application security issue?	yes
> 	6. roadmap?			no, as it is final
> 	7. project leader with wiki account? yes
> 	Reviewer Action Items (my comments:)	1. OWASP Writing Style?	??
> 	2. wiki matches doc?		yes
> 	3. "About this .."?		yes (it's headed "Abstract")
> 	4. how complete?		it's complete
> 	1. beta reviewer?		no
> 	2. address app. security?	yes
> 	3. OWASP Writing Style?		yes (mainly, as it is a translation)
> 	4. documented limitations?	yes (inside the ducument itself)
> 	5. recommend the doc?		yes
> 	6. missing critical?		no
> 
> To better understand what I am saying, if I may, I suggest glancing at the
> following two projects' releases:
> https://www.owasp.org/index.php/Projects/OWASP_Zed_Attack_Proxy_Project/Rele
> ases/ZAP_1.3.0/Assessment
> 
> https://www.owasp.org/index.php/Projects/OWASP_Secure_Coding_Practices_-_Qui
> ck_Reference_Guide/Releases/SCP_v1/Assessment
> 
> 
> Did it this way, see textual answers above.
> (is there a wiki page/template to be completed?)
> 
> So, if you agree on the path I am above proposing, please let me know and
> will consequently install the new GPC templates needed to support the
> assessment process.
> 
> ahh, these are the tempates I'm asking for above :)
> 
> It would be also useful if you could tell me whether you
> propose the needed two reviewers or if want I find them for you
> https://www.owasp.org/index.php/Assessing_Project_Releases.
> 
> Ryan Barnett likes this document, so he surely qualifies best as reviewer.
> And probably Arian Evans or Anurag Agrawal can review it also.
> Looking forward to hearing back from you.
> Thanks,
> - Paulo
> Paulo Coimbra
> OWASP Project Manager <https://www.owasp.org/index.php/User:Paulo_Coimbra>
> From:  Achim <achim at owasp.org>
> Reply-To:  Achim <achim at owasp.org>
> Date:  Thu, 25 Aug 2011 13:55:02 +0200
> To:  Paulo Coimbra <paulo.coimbra at owasp.org>
> Subject:  Project status: Use of Web Application Firewalls
> Hi Paulo,
> it's been a while since we meat in Lisboa, hope you're well.
> IIRC, you and Sandra wanted to visit München, I'm still waiting here ;-)
> ---
> Back to OWASP.
> In https://owasp.org/index.php/Projects we see that our documenation project
> Category:OWASP Best Practices: Use of Web Application Firewalls
> https://owasp.org/index.php/Category:OWASP_Best_Practices:_Use_of_Web_Applic
> ation_Firewalls
> is marked as alpha status.
> As this is a documentation / paper only, I think it could be qualified
> stable.
> What do we need to do to make it stable?
> We also like to add the jumping page
> https://owasp.org/index.php/Best_Practices:_Web_Application_Firewalls
> to the OWASP Projetcs page. Is that possible.
> Would be nice if you can give me some answers.
> Ciao,
> Achim
> 
> 
> 
> _______________________________________________
> Owasp-board mailing list
> Owasp-board at lists.owasp.org
> https://lists.owasp.org/mailman/listinfo/owasp-board
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/owasp-board/attachments/20110830/0790622c/attachment-0002.html>


More information about the Owasp-board mailing list