[Owasp-board] FW: Project status: Use of Web Application Firewalls
Paulo Coimbra
pcoimbra at owasp.org
Wed Aug 31 09:52:20 UTC 2011
All,
Having into account what all people has already said about this issue, on
top of the project leader self assessment, I propose we pick three reviewers
as follows:
* Self Assessment Achim,
* First Reviewer Arian,
* Second Reviewer Ryan
* Third Reviewer Eoin.
Please let me know about any disagreement with the path I am proposing so
that we can proceed.
Thanks,
- Paulo
Paulo Coimbra
OWASP Project Manager <https://www.owasp.org/index.php/User:Paulo_Coimbra>
From: Tom Brennan <tomb at owasp.org>
Date: Tue, 30 Aug 2011 23:19:26 -0400
To: Paulo Coimbra <pcoimbra at owasp.org>
Cc: OWASP Foundation Board List <owasp-board at lists.owasp.org>, Achim
<achim at owasp.org>, GPC <global-projects-committee at lists.owasp.org>, Eoin
Keary <eoin.keary at owasp.org>
Subject: Re: [Owasp-board] FW: Project status: Use of Web Application
Firewalls
Ryan and Arian would be ideal for this effort IMHO
On Aug 30, 2011, at 3:38 PM, Eoin wrote:
>
> Happy to help if you need a second pair of eyes.
>
>
>
> On 30 Aug 2011, at 20:19, Paulo Coimbra <pcoimbra at owasp.org> wrote:
>
>> Board & GPC,
>>
>> As you can see below we are preparing the process of assessing (Stable
>> target) the latest release of the OWASP Best Practices: Use of Web
>> Application Firewalls Project.
>>
>> What's more, as you know, in accordance with our current assessment criteria,
>> "It is recommended that an OWASP board member or Global Projects Committee
>> member be the second reviewer on Stable releases".
>>
>> Consequently and even though Achim Hoffmann has already suggested three names
>> to act as first and second reviewers, i.e., Ryan Barnett, Arian Evans and
>> Anurag Agrawal, to comply with our rules, I need to ask you all if any of you
>> want to exercise the right of steeping in and act in this release assessment
>> as Second Reviewer.
>>
>> If you agree, in the circumstance of absence of answer from you, I will
>> assume that Achim can choose both reviewers from the set of three firstly
>> suggested.
>>
>> Thanks,
>> - Paulo
>>
>> Paulo Coimbra
>> OWASP Project Manager <https://www.owasp.org/index.php/User:Paulo_Coimbra>
>>
>> From: Paulo Coimbra < <mailto:pcoimbra at owasp.org> pcoimbra at owasp.org>
>> Date: Tue, 30 Aug 2011 20:06:35 +0100
>> To: Achim < <mailto:achim at owasp.org> achim at owasp.org>
>> Cc: OWASP Foundation Board List < <mailto:owasp-board at lists.owasp.org>
>> owasp-board at lists.owasp.org>, GPC <
>> <mailto:global-projects-committee at lists.owasp.org>
>> global-projects-committee at lists.owasp.org>
>> Subject: Re: Project status: Use of Web Application Firewalls
>>
>> Hello Achim,
>>
>> I have merged the two distinct pages the project anteriorly had as follows:
>>
>>
>> <https://owasp.org/index.php/Category:OWASP_Best_Practices:_Use_of_Web_Applic
>> ation_Firewalls#tab=Project_About>
>> https://owasp.org/index.php/Category:OWASP_Best_Practices:_Use_of_Web_Applica
>> tion_Firewalls#tab=Project_About
>>
>>
>> <https://owasp.org/index.php?title=Best_Practices:_Web_Application_Firewalls&
>> redirect=no>
>> https://owasp.org/index.php?title=Best_Practices:_Web_Application_Firewalls&r
>> edirect=no
>>
>> Please check it out and let me know if you agree with the introduced changes
>> or, otherwise, I will reverse them.
>>
>> As for the release assessment, I have carefully looked at the project's
>> outputs and it seemed to me that the latest english wiki release (version
>> 1.0.5) still doesn't have equivalent pdf. Would it be possible for you
>> (and/or the German Chapter) to create it, please? Or do you prefer we assess
>> the version 1.0.4?
>>
>> As for the assessment process itself, if you are targeting Stable Status the
>> procedure is as follows.
>> * Stable release: The project lead completes the pre-assessment checklist.
>> Then, the two project reviewers will complete their review of the release
>> (more on this below). After the reviews are complete, the Global Projects
>> Committee and OWASP Board will validate the project's review,
>> * Stable release: 2 reviewers are required. Second review has special
>> requirements.
>> *
>> * Ideally, per project release, the project leader will propose the
>> reviewer(s),
>> * Ideally, reviewers should be an existing OWASP project leader or chapter
>> leader.
>> * If the project lead is unable to find the required reviewer(s), the Global
>> Projects Committee can assist in identifying reviewer(s) for the project.
>> * It is recommended that an OWASP board member or Global Projects Committee
>> member be the second reviewer on Stable releases. The board has the initial
>> option to review the project, followed by the Global Projects Committee.
>> * The Global Projects Committee confirms the assignment of reviewers to a
>> project.
>> Having the above into account, I will ask to the Board and the GPC members
>> whether they want to perform the role of second reviewer. I will let them
>> know that you have already three different names to act as first and second
>> reviewers. In the circumstance they don't step in, I will get back to you
>> again for you to clarify from the set of three names what two you ultimate
>> chose for First and Second Reviewer.
>>
>> Thanks,
>> - Paulo
>>
>> Paulo Coimbra
>> OWASP Project Manager <https://www.owasp.org/index.php/User:Paulo_Coimbra>
>>
>> From: Achim < <mailto:achim at owasp.org> achim at owasp.org>
>> Reply-To: Achim < <mailto:achim at owasp.org> achim at owasp.org>
>> Date: Tue, 30 Aug 2011 09:40:19 +0200
>> To: Paulo Coimbra < <mailto:pcoimbra at owasp.org> pcoimbra at owasp.org>
>> Subject: Re: Project status: Use of Web Application Firewalls
>>
>> Hi Paulo,
>>
>> please see inline below.
>>
>> Ciao
>> Achim
>>
>> Am 29.08.2011 18:58, schrieb Paulo Coimbra:
>>> Hello Achim,
>> ...
>>>
>>> As for you question, regarding the project, I would say that we just need
>>> to
>>> assess it in accordance with the criteria here
>>> <https://www.owasp.org/index.php/Documents_Assessment_Criteria>
>>> https://www.owasp.org/index.php/Documents_Assessment_Criteria mentioned.
>>
>> The document fulfills the these criteria as follows:
>>
>> ==> <https://www.owasp.org/index.php/Documents_Assessment_Criteria>
>> https://www.owasp.org/index.php/Documents_Assessment_Criteria
>> * Alpha Release Document Criteria
>> 1. wiki page minumum? yes, see below
>> 2. open license? yes
>> 3. PDF available? yes
>> 4. project Category? yes (I guess)
>> 5. roadmap? no, as it is final
>>
>> * Beta Release Document Criteria
>> 1. alpha complete? yes
>> 2. all on OWASP wiki? yes
>> 3. about this? yes
>> (see "sheet overview", "Short Project Description", "Abstract")
>> Reviewer Action Items (my comments:)
>> 1. OWASP Writing Style? yes (mainly, as it is a translation)
>> 2. wiki matches doc? yes
>> 3. "About this .."? yes (it's headed "Abstract")
>> 4. how complete? it's complete
>>
>> * Stable Release Document Criteria
>> 1. alpha and beta? yes
>> 2. documented limitations? yes (inside the ducument itself)
>> 3. OWASP Writing Style? yes (mainly, as it is a translation)
>> 4. one sheet overview? no, as the template does not provide it
>> 5. format for book? unknown (is PDF sufficient?)
>>
>> ==>
>> <https://www.owasp.org/index.php/Assessing_Project_Health#Project_Wiki_Page_M
>> inimal_Content>
>> https://www.owasp.org/index.php/Assessing_Project_Health#Project_Wiki_Page_Mi
>> nimal_Content
>> * Project Wiki Page Minimal Content
>> 1. up to date project template? I guess yes
>> 2. conference style presentation? no (as it was not yet presented on OWASP
>> conferences)
>> but it's OWASP-style document, see
>> <https://owasp.org/index.php/Best_Practices:_Web_Application_Firewalls>
>> https://owasp.org/index.php/Best_Practices:_Web_Application_Firewalls
>> 3. sheet overview? yes (see project link)
>> 4. working mailing list? yes
>> 5. application security issue? yes
>> 6. roadmap? no, as it is final
>> 7. project leader with wiki account? yes
>> Reviewer Action Items (my comments:) 1. OWASP Writing Style? ??
>> 2. wiki matches doc? yes
>> 3. "About this .."? yes (it's headed "Abstract")
>> 4. how complete? it's complete
>> 1. beta reviewer? no
>> 2. address app. security? yes
>> 3. OWASP Writing Style? yes (mainly, as it is a translation)
>> 4. documented limitations? yes (inside the ducument itself)
>> 5. recommend the doc? yes
>> 6. missing critical? no
>>
>>>
>>> To better understand what I am saying, if I may, I suggest glancing at the
>>> following two projects' releases:
>>>
>>>
>>> <https://www.owasp.org/index.php/Projects/OWASP_Zed_Attack_Proxy_Project/Rel
>>> e>
>>> https://www.owasp.org/index.php/Projects/OWASP_Zed_Attack_Proxy_Project/Rele
>>> ases/ZAP_1.3.0/Assessment
>>>
>>>
>>> <https://www.owasp.org/index.php/Projects/OWASP_Secure_Coding_Practices_-_Qu
>>> i>
>>> https://www.owasp.org/index.php/Projects/OWASP_Secure_Coding_Practices_-_Qui
>>> ck_Reference_Guide/Releases/SCP_v1/Assessment
>>
>>
>> Did it this way, see textual answers above.
>> (is there a wiki page/template to be completed?)
>>
>>> So, if you agree on the path I am above proposing, please let me know and
>>> will consequently install the new GPC templates needed to support the
>>> assessment process.
>>
>> ahh, these are the tempates I'm asking for above :)
>>
>>> It would be also useful if you could tell me whether you
>>> propose the needed two reviewers or if want I find them for you
>>> <https://www.owasp.org/index.php/Assessing_Project_Releases>
>>> https://www.owasp.org/index.php/Assessing_Project_Releases.
>>
>> Ryan Barnett likes this document, so he surely qualifies best as reviewer.
>> And probably Arian Evans or Anurag Agrawal can review it also.
>>
>>> Looking forward to hearing back from you.
>>>
>>> Thanks,
>>> - Paulo
>>>
>>> Paulo Coimbra
>>> OWASP Project Manager <
>>> <https://www.owasp.org/index.php/User:Paulo_Coimbra>
>>> https://www.owasp.org/index.php/User:Paulo_Coimbra>
>>>
>>> From: Achim < <mailto:achim at owasp.org> achim at owasp.org>
>>> Reply-To: Achim < <mailto:achim at owasp.org> achim at owasp.org>
>>> Date: Thu, 25 Aug 2011 13:55:02 +0200
>>> To: Paulo Coimbra < <mailto:paulo.coimbra at owasp.org>
>>> paulo.coimbra at owasp.org>
>>> Subject: Project status: Use of Web Application Firewalls
>>>
>>> Hi Paulo,
>>>
>>> it's been a while since we meat in Lisboa, hope you're well.
>>> IIRC, you and Sandra wanted to visit München, I'm still waiting here ;-)
>>>
>>> ---
>>> Back to OWASP.
>>>
>>> In <https://owasp.org/index.php/Projects>
>>> https://owasp.org/index.php/Projects we see that our documenation project
>>> Category:OWASP Best Practices: Use of Web Application Firewalls
>>>
>>> <https://owasp.org/index.php/Category:OWASP_Best_Practices:_Use_of_Web_Appli
>>> c>
>>> https://owasp.org/index.php/Category:OWASP_Best_Practices:_Use_of_Web_Applic
>>> ation_Firewalls
>>>
>>>
>>> is marked as alpha status.
>>> As this is a documentation / paper only, I think it could be qualified
>>> stable.
>>>
>>> What do we need to do to make it stable?
>>>
>>> We also like to add the jumping page
>>> <https://owasp.org/index.php/Best_Practices:_Web_Application_Firewalls>
>>> https://owasp.org/index.php/Best_Practices:_Web_Application_Firewalls
>>>
>>> to the OWASP Projetcs page. Is that possible.
>>>
>>> Would be nice if you can give me some answers.
>>>
>>> Ciao,
>>> Achim
>>
>>
>>
>> _______________________________________________
>> Owasp-board mailing list
>> Owasp-board at lists.owasp.org
>> https://lists.owasp.org/mailman/listinfo/owasp-board
> _______________________________________________
> Owasp-board mailing list
> Owasp-board at lists.owasp.org
> https://lists.owasp.org/mailman/listinfo/owasp-board
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/owasp-board/attachments/20110831/1f1252f0/attachment-0002.html>
More information about the Owasp-board
mailing list