[Owasp-board] Final Proposal to be sent to Kevin Greene

Eoin Keary eoin.keary at owasp.org
Sun Jun 8 18:56:23 UTC 2014


Johanna, you are doing a great Job. 
There is a little confusion regarding the grants from DHS and swamp.
Please keep going, you have the boards full support.
Projects is what OWASP is about, not politik!


Eoin Keary
Owasp Global Board
+353 87 977 2988


On 8 Jun 2014, at 17:57, johanna curiel curiel <johanna.curiel at owasp.org> wrote:

> > If there's anything you wanted me to talk with him about please let me know.
> 
> One of the most important things is that projects needs a proper build script and code analysis is done only on C/C++/Java, so I wonder how projects as hackademics are going to be deployed because there is no tool for code analysis for this yet. Esapi Java  or ZAP makes sense to me, but with all due respect hackademics is too early in this phase because is HTML,Javascript and PHP which is not supported by SWAMP.
> 
> Right now everything works through a web interface , no direct access is granted to the SWAMP servers, so no way of deploying properly packages or tools that are not written in the mentioned languages and they must have a C/C++ script. I tested this myself.
> 
> SWAMP tools are for code analysis assessment, so I don't know how Hackacademics project fits into this.
> 
> To me it makes sense to start with those tools written in the available languages AND that are for Code or vulnerability assessment, verify that OWASP tools can be properly build and deployed. That is my plan.
> 
> And then we need to coordinate with SWAMP how other languages will be integrated into this program. And  if only tools that are for code analysis or vulnerability findings will be part of the SWAMP toolset. So far this is the case. So tools such as Hackademics, WebGoat ...are not for this. We need to know what the SWAMP exactly will provide regarding this.
> 
> I'll be sending these questions to Irene Landrum, technical manager of the SWAMP, which I have contact with. just the technical questions.
> 
> Dan as I mentioned on the 16 june I'll get more info with these or after getting answers from Irene. But important is to know how those languages and tools that are not supported right now are been planned by the SWAMP.
> 
> Thats why the plan written by Samantha does make any sense to me from the technical point of view.
> 
> 
> On Sun, Jun 8, 2014 at 12:33 PM, dan cornell <dan.cornell at owasp.org> wrote:
>> I'm going to be on-site at MITRE for a software assurance event tomorrow and I believe Kevin Greene from DHS is going to be there as well. If there's anything you wanted me to talk with him about please let me know. The DHS stuff I was waiting on finally got sorted out so I'm in a better position to talk with Kevin and the SWAMP folks now than I was for the past couple of months.
>> 
>> Thanks,
>> 
>> Dan
>> 
>> 
>> 
>> On Sun, Jun 8, 2014 at 11:25 AM, johanna curiel curiel <johanna.curiel at owasp.org> wrote:
>>> The purpose is the same too but no one ever informed me even when I have been so deeply involved in projects
>>> 
>>> and why not involving more projects? 
>>> 
>>> The idea of the SWAMP is to set the projects here too and use them for review purpose at the same time
>>> 
>>> 
>>> Samantha never told me anything and as I can see this dates from March...
>>> 
>>> I feel she has excluded me long time ago but this is just a confirmation of it. yea I was only good to review projects..only when she needed my technical help and never to be really part of key decisions and technical input.
>>> 
>>>  I kind of feel backstab and downgraded.
>>> 
>>> Anyways.. take a look of this
>>> 
>>> https://www.owasp.org/index.php/SWAP_OWASP
>>> 
>>> And without even knowing I'm the one taking the lead on this
>>> 
>>> That kick of meeting is taking place the 16 june and I have direct contact with the research team, and my focus is a technical one,not just bla bla.
>>> 
>>> It will be very good to know how far this plan really got...does anyone knows?
>>> 
>>> 
>>> On Sun, Jun 8, 2014 at 12:13 PM, psiinon <psiinon at gmail.com> wrote:
>>>> I've attached the proposal from earlier in this thread - no idea if it was the final one.
>>>> This is all about including OWASP project in the SWAMP rather than using it to evaluate OWASP projects :)
>>>> 
>>>> Cheers,
>>>> 
>>>> Simon
>>>> 
>>>> 
>>>> On Sun, Jun 8, 2014 at 5:07 PM, johanna curiel curiel <johanna.curiel at owasp.org> wrote:
>>>>> Interesting... :-/
>>>>> 
>>>>> I don't recall this info been sent over to me.
>>>>> 
>>>>> The QA approach plan is part of an integration with the SWAMP.
>>>>> 
>>>>> Would anyone be so kind to send me over this proposal so I know what has been spoken in the past with SWAMP?
>>>>> 
>>>>> regards
>>>>> 
>>>>> Johanna
>>>>> 
>>>>>  
>>>>> 
>>>>> 
>>>>> On Sun, Jun 8, 2014 at 11:04 AM, psiinon <psiinon at gmail.com> wrote:
>>>>>> Hey Samantha,
>>>>>> 
>>>>>> Will anyone be picking up the Swamp integration contact with your departure?
>>>>>> 
>>>>>> Cheers,
>>>>>> 
>>>>>> Simon
>>>>>> 
>>>>>> 
>>>>>> On Tue, Mar 25, 2014 at 7:55 PM, Konstantinos Papapanagiotou <Konstantinos at owasp.org> wrote:
>>>>>>> Looks great Samantha! Great work!
>>>>>>> 
>>>>>>> Kostas
>>>>>>> 
>>>>>>> 
>>>>>>> On Tue, Mar 25, 2014 at 7:10 PM, Samantha Groves <samantha.groves at owasp.org> wrote:
>>>>>>>> Ok, if no one has any objections, I will submit this to him today. Let me know. I will wait a few hours for a reply.
>>>>>>>> 
>>>>>>>> Thank you, All.
>>>>>>>> 
>>>>>>>> Samantha G. 
>>>>>>>> 
>>>>>>>> 
>>>>>>>> On Tue, Mar 25, 2014 at 7:38 AM, psiinon <psiinon at gmail.com> wrote:
>>>>>>>>> Thanks Samantha - I've been meaning to ask how this was going :)
>>>>>>>>> 
>>>>>>>>> Looks good to me.
>>>>>>>>> 
>>>>>>>>> 
>>>>>>>>> On Mon, Mar 24, 2014 at 9:35 PM, Samantha Groves <samantha.groves at owasp.org> wrote:
>>>>>>>>>> Hello All,
>>>>>>>>>> 
>>>>>>>>>> I just wanted to keep you all in the loop. Kevin and I have gone back and forth on this final statement of work for the SWAMP Integration. This is what the final statement looks like. Sarah is having a look at it right now, but I wanted to send this over to you as well so you can let me know if you have questions or concerns before sending it over. Let me know if this looks good with all of you. They have made some additions to some sections, and I wanted to know if they are ok with all of you.
>>>>>>>>>> 
>>>>>>>>>> Thank you, All.
>>>>>>>>>> 
>>>>>>>>>> Samantha
>>>>>>>>>> 
>>>>>>>>>> -- 
>>>>>>>>>> Samantha Groves, MBA
>>>>>>>>>> OWASP Projects Manager
>>>>>>>>>> 
>>>>>>>>>> The OWASP Foundation
>>>>>>>>>> Phoenix, USA
>>>>>>>>>> Email: samantha.groves at owasp.org
>>>>>>>>>> Skype: samanthahz 
>>>>>>>>>> 
>>>>>>>>>> OWASP Global Projects
>>>>>>>>>> Book a Meeting with Me
>>>>>>>>>> OWASP Contact US Form
>>>>>>>>>> New Project Application Form
>>>>>>>>> 
>>>>>>>>> 
>>>>>>>>> 
>>>>>>>>> -- 
>>>>>>>>> OWASP ZAP Project leader
>>>>>>>> 
>>>>>>>> 
>>>>>>>> 
>>>>>>>> -- 
>>>>>>>> Samantha Groves, MBA
>>>>>>>> OWASP Projects Manager
>>>>>>>> 
>>>>>>>> The OWASP Foundation
>>>>>>>> Phoenix, USA
>>>>>>>> Email: samantha.groves at owasp.org
>>>>>>>> Skype: samanthahz 
>>>>>>>> 
>>>>>>>> OWASP Global Projects
>>>>>>>> Book a Meeting with Me
>>>>>>>> OWASP Contact US Form
>>>>>>>> New Project Application Form
>>>>>> 
>>>>>> 
>>>>>> 
>>>>>> -- 
>>>>>> OWASP ZAP Project leader
>>>> 
>>>> 
>>>> 
>>>> -- 
>>>> OWASP ZAP Project leader
> 
> _______________________________________________
> Owasp-board mailing list
> Owasp-board at lists.owasp.org
> https://lists.owasp.org/mailman/listinfo/owasp-board
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/owasp-board/attachments/20140608/155156e4/attachment.html>


More information about the Owasp-board mailing list