[Owasp-board] FW: Project status: Use of Web Application Firewalls

Eoin eoin.keary at owasp.org
Wed Aug 31 09:54:54 UTC 2011


Fine with me.
When shall review period start?


On 31 August 2011 10:52, Paulo Coimbra <pcoimbra at owasp.org> wrote:

> All,
>
> Having into account what all people has already said about this issue, on
> top of the project leader self assessment, I propose we pick *three *reviewers
>  as follows:
>
>    - Self Assessment – Achim,
>    - First Reviewer – Arian,
>    - Second Reviewer – Ryan
>    - Third Reviewer – Eoin.
>
> Please let me know about any disagreement with the path I am proposing so
> that we can proceed.
>
> Thanks,
> - Paulo
>
> Paulo Coimbra
> OWASP Project Manager <https://www.owasp.org/index.php/User:Paulo_Coimbra>
>
> From: Tom Brennan <tomb at owasp.org>
> Date: Tue, 30 Aug 2011 23:19:26 -0400
>
> To: Paulo Coimbra <pcoimbra at owasp.org>
> Cc: OWASP Foundation Board List <owasp-board at lists.owasp.org>, Achim <
> achim at owasp.org>, GPC <global-projects-committee at lists.owasp.org>, Eoin
> Keary <eoin.keary at owasp.org>
> Subject: Re: [Owasp-board] FW: Project status: Use of Web Application
> Firewalls
>
> Ryan and Arian would be ideal for this effort IMHO
>
>
> On Aug 30, 2011, at 3:38 PM, Eoin wrote:
>
>
> Happy to help if you need a second pair of eyes.
>
>
>
> On 30 Aug 2011, at 20:19, Paulo Coimbra <pcoimbra at owasp.org> wrote:
>
> Board & GPC,
>
> As you can see below we are preparing the process of assessing (Stable
> target) the latest release of the OWASP Best Practices: Use of Web
> Application Firewalls Project.
>
> What's more, as you know, in accordance with our current assessment
> criteria, "*It is recommended that an OWASP board member or Global
> Projects Committee member be the second reviewer on Stable releases". *
> *
> *
> Consequently and even though Achim Hoffmann has already suggested three
> names to act as first and second reviewers, i.e., Ryan Barnett, Arian Evans
> and Anurag Agrawal, to comply with our rules, I need to ask you all if any
> of you want to exercise the right of steeping in and act in this release
> assessment as Second Reviewer.
>
> If you agree, in the circumstance of absence of answer from you, I will
> assume that Achim can choose both reviewers from the set of three firstly
> suggested.
> *  *
> Thanks,
> - Paulo
>
> Paulo Coimbra
> OWASP Project Manager <https://www.owasp.org/index.php/User:Paulo_Coimbra>
>
> From: Paulo Coimbra < <pcoimbra at owasp.org>pcoimbra at owasp.org>
> Date: Tue, 30 Aug 2011 20:06:35 +0100
> To: Achim < <achim at owasp.org>achim at owasp.org>
> Cc: OWASP Foundation Board List < <owasp-board at lists.owasp.org>
> owasp-board at lists.owasp.org>, GPC <<global-projects-committee at lists.owasp.org>
> global-projects-committee at lists.owasp.org>
> Subject: Re: Project status: Use of Web Application Firewalls
>
> Hello Achim,
>
> I have merged the two distinct pages the project anteriorly had as follows:
>
>
> <https://owasp.org/index.php/Category:OWASP_Best_Practices:_Use_of_Web_Application_Firewalls#tab=Project_About>
> https://owasp.org/index.php/Category:OWASP_Best_Practices:_Use_of_Web_Application_Firewalls#tab=Project_About
>
>
>
> <https://owasp.org/index.php?title=Best_Practices:_Web_Application_Firewalls&redirect=no>
> https://owasp.org/index.php?title=Best_Practices:_Web_Application_Firewalls&redirect=no
>
>
> Please check it out and let me know if you agree with the introduced
> changes or, otherwise, I will reverse them.
>
> As for the release assessment, I have carefully looked at the project's
> outputs and it seemed to me that the latest english wiki release (version
> 1.0.5) still doesn't have equivalent pdf. *Would it be possible for you
> (and/or the German Chapter) to create it, please? Or do you prefer we assess
> the version 1.0.4?*
>
> As for the assessment process itself, if you are targeting Stable Status
> the procedure is as follows.
>
>    - Stable release: The project lead completes the pre-assessment
>    checklist. Then, the two project reviewers will complete their review of the
>    release (more on this below). After the reviews are complete, the Global
>    Projects Committee and OWASP Board will validate the project's review,
>    -  Stable release: 2 reviewers are required. *Second review has special
>    requirements.*
>    - Ideally, per project release, the project leader will propose the
>    reviewer(s),
>    - Ideally, reviewers should be an existing OWASP project leader or
>    chapter leader.
>    - If the project lead is unable to find the required reviewer(s), the
>    Global Projects Committee can assist in identifying reviewer(s) for the
>    project.
>    - *It is recommended that an OWASP board member or Global Projects
>    Committee member be the second reviewer on Stable releases. *The board
>    has the initial option to review the project, followed by the Global
>    Projects Committee.
>    - The Global Projects Committee confirms the assignment of reviewers to
>    a project.
>
> Having the above into account, I will ask to the Board and the GPC members
> whether they want to perform the role of second reviewer. I will let them
> know that you have already three different names to act as first and second
> reviewers. In the circumstance they don't step in, I will get back to you
> again for you to clarify from the set of three names what two you ultimate
> chose for First and Second Reviewer.
>
> Thanks,
> - Paulo
>
> Paulo Coimbra
> OWASP Project Manager <https://www.owasp.org/index.php/User:Paulo_Coimbra>
>
> From: Achim < <achim at owasp.org>achim at owasp.org>
> Reply-To: Achim < <achim at owasp.org>achim at owasp.org>
> Date: Tue, 30 Aug 2011 09:40:19 +0200
> To: Paulo Coimbra < <pcoimbra at owasp.org>pcoimbra at owasp.org>
> Subject: Re: Project status: Use of Web Application Firewalls
>
> Hi Paulo,
>
> please see inline below.
>
> Ciao
> Achim
>
> Am 29.08.2011 18:58, schrieb Paulo Coimbra:
>
> Hello Achim,
>
> ...
>
>  As for you question, regarding the project, I would say that we just need
> to
> assess it in accordance with the criteria here
>  <https://www.owasp.org/index.php/Documents_Assessment_Criteria>
> https://www.owasp.org/index.php/Documents_Assessment_Criteria mentioned.
>
>
> The document fulfills the these criteria as follows:
>
> ==> <https://www.owasp.org/index.php/Documents_Assessment_Criteria>
> https://www.owasp.org/index.php/Documents_Assessment_Criteria
>   * Alpha Release Document Criteria
> 1. wiki page minumum? yes, see below
> 2. open license? yes
> 3. PDF available? yes
> 4. project Category? yes (I guess)
> 5. roadmap?  no, as it is final
>
>   * Beta Release Document Criteria
> 1. alpha complete? yes
> 2. all on OWASP wiki? yes
> 3. about this?  yes
>   (see "sheet overview", "Short Project Description", "Abstract")
> Reviewer Action Items (my comments:)
> 1. OWASP Writing Style? yes (mainly, as it is a translation)
> 2. wiki matches doc? yes
> 3. "About this .."? yes (it's headed "Abstract")
> 4. how complete? it's complete
>
>   * Stable Release Document Criteria
> 1. alpha and beta? yes
> 2. documented limitations? yes (inside the ducument itself)
> 3. OWASP Writing Style? yes (mainly, as it is a translation)
> 4. one sheet overview? no, as the template does not provide it
> 5. format for book? unknown (is PDF sufficient?)
>
> ==>
> <https://www.owasp.org/index.php/Assessing_Project_Health#Project_Wiki_Page_Minimal_Content>
> https://www.owasp.org/index.php/Assessing_Project_Health#Project_Wiki_Page_Minimal_Content
>   * Project Wiki Page Minimal Content
> 1. up to date project template? I guess yes
> 2. conference style presentation? no (as it was not yet presented on OWASP
> conferences)
>  but it's OWASP-style document, see
>  <https://owasp.org/index.php/Best_Practices:_Web_Application_Firewalls>
> https://owasp.org/index.php/Best_Practices:_Web_Application_Firewalls
> 3. sheet overview? yes (see project link)
> 4. working mailing list? yes
> 5. application security issue? yes
> 6. roadmap?  no, as it is final
> 7. project leader with wiki account? yes
> Reviewer Action Items (my comments:) 1. OWASP Writing Style? ??
> 2. wiki matches doc? yes
> 3. "About this .."? yes (it's headed "Abstract")
> 4. how complete? it's complete
> 1. beta reviewer? no
> 2. address app. security? yes
> 3. OWASP Writing Style? yes (mainly, as it is a translation)
> 4. documented limitations? yes (inside the ducument itself)
> 5. recommend the doc? yes
> 6. missing critical? no
>
>  To better understand what I am saying, if I may, I suggest glancing at the
> following two projects' releases:
>
> <https://www.owasp.org/index.php/Projects/OWASP_Zed_Attack_Proxy_Project/Rele>
> https://www.owasp.org/index.php/Projects/OWASP_Zed_Attack_Proxy_Project/Rele
> ases/ZAP_1.3.0/Assessment
>
> <https://www.owasp.org/index.php/Projects/OWASP_Secure_Coding_Practices_-_Qui>
> https://www.owasp.org/index.php/Projects/OWASP_Secure_Coding_Practices_-_Qui
> ck_Reference_Guide/Releases/SCP_v1/Assessment
>
>
>
> Did it this way, see textual answers above.
> (is there a wiki page/template to be completed?)
>
> So, if you agree on the path I am above proposing, please let me know and
> will consequently install the new GPC templates needed to support the
> assessment process.
>
>
> ahh, these are the tempates I'm asking for above :)
>
> It would be also useful if you could tell me whether you
> propose the needed two reviewers or if want I find them for you
>  <https://www.owasp.org/index.php/Assessing_Project_Releases>
> https://www.owasp.org/index.php/Assessing_Project_Releases.
>
>
> Ryan Barnett likes this document, so he surely qualifies best as reviewer.
> And probably Arian Evans or Anurag Agrawal can review it also.
>
> Looking forward to hearing back from you.
>  Thanks,
> - Paulo
>  Paulo Coimbra
> OWASP Project Manager <<https://www.owasp.org/index.php/User:Paulo_Coimbra>
> https://www.owasp.org/index.php/User:Paulo_Coimbra>
>  From:  Achim < <achim at owasp.org>achim at owasp.org>
> Reply-To:  Achim < <achim at owasp.org>achim at owasp.org>
> Date:  Thu, 25 Aug 2011 13:55:02 +0200
> To:  Paulo Coimbra < <paulo.coimbra at owasp.org>paulo.coimbra at owasp.org>
> Subject:  Project status: Use of Web Application Firewalls
>  Hi Paulo,
>  it's been a while since we meat in Lisboa, hope you're well.
> IIRC, you and Sandra wanted to visit München, I'm still waiting here ;-)
>  ---
> Back to OWASP.
>  In <https://owasp.org/index.php/Projects>
> https://owasp.org/index.php/Projects we see that our documenation project
> Category:OWASP Best Practices: Use of Web Application Firewalls
> <https://owasp.org/index.php/Category:OWASP_Best_Practices:_Use_of_Web_Applic>
> https://owasp.org/index.php/Category:OWASP_Best_Practices:_Use_of_Web_Applic
> ation_Firewalls
>  is marked as alpha status.
> As this is a documentation / paper only, I think it could be qualified
> stable.
>  What do we need to do to make it stable?
>  We also like to add the jumping page
>  <https://owasp.org/index.php/Best_Practices:_Web_Application_Firewalls>
> https://owasp.org/index.php/Best_Practices:_Web_Application_Firewalls
>  to the OWASP Projetcs page. Is that possible.
>  Would be nice if you can give me some answers.
>  Ciao,
> Achim
>
>
>
>
> _______________________________________________
> Owasp-board mailing list
> Owasp-board at lists.owasp.org
> https://lists.owasp.org/mailman/listinfo/owasp-board
>
> _______________________________________________
> Owasp-board mailing list
> Owasp-board at lists.owasp.org
> https://lists.owasp.org/mailman/listinfo/owasp-board
>
>
>


-- 
Eoin Keary
OWASP Global Board Member
OWASP Code Review Guide Lead Author

https://twitter.com/EoinKeary
http://twitter.com/BCCRiskAdvisory
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/owasp-board/attachments/20110831/61f56335/attachment-0002.html>


More information about the Owasp-board mailing list