[Owasp-board] Task force team assisting with cleanup of project inventories-updates

Jim Manico jim.manico at owasp.org
Sat Jun 28 08:10:13 UTC 2014


Johanna,

Surely use SWAMP tools if YOU want to, but there is no reason you HAVE 
to work with SWAMP. Please do not let them pressure you into any 
direction that you do not feel is right.

 > Since we are creating a system to run automated builds and without 
the work and effort of creating C/C++ build scripts or commands to be 
able to run them in SWAMP,  I see this right now as overload work for me.

There is your answer. Johanna, you've been a technie for over 15 years 
specific to web technology. I trust you and so does the rest of the board.

Don't let anyone pressure you into any direction that you think is 
wrong. That goes for me as well.

With respect,
Jim




On 6/28/14, 8:55 AM, johanna curiel curiel wrote:
> Jim, I'll be using other code analysis tools and right now SWAMP does 
> that too.
>
>  I would like to have a meeting with you/Board regarding the 
> SWAMP because I don't know where is this heading.
>
> DHS is really behind my back to put tools there, I did that with a 
> couple but since they all need C/C++ build scripts or clear build 
> (gcc) commands (that is also possibly) I was able to find out how to 
> run them and get the exact build errors if they failed.
>
> This could be a free way to use some code analysis tools for these 
> languages but I'm not sure if I should be doing this.
>
> Since we are creating a system to run automated builds and without the 
> work and effort of creating C/C++ build scripts or commands to be able 
> to run them in SWAMP,  I see this right now as overload work for me.
>
> I like the way the SWAMP runs, is quite easy to work but the overload 
> work of creating C/C++ build scripts or commands is major minus for 
> me. The idea is if  a tools has his own build scripts written in 
> maven, ant, python or other scripting language, this will add extra 
> work to any testing.
>
> Again, what is the strategy with the SWAMP? I think I can test some 
> tools (such as NinjaPingU that already has a C++ build scripts) but I 
> would not be using this environment because it adds too much work. In 
> the end I think the developer of the tool should be doing this if he 
> wants to use the SWAMP.
>
> Please let me know because communicating consistency to external 
> parties is essential. Like in this case, I have the understanding that 
> SWAMP wants me to put OWASP tools there but I think 
> we should communicate my findings why I might not continue doing this 
> and if the board wants to promote this among our community, that is 
> another strategy I'm not aware of but definitely, that message wont 
> be communicated from my side
>
>  I see activities that in APPSEC US are  already heading in that 
> direction so please let me know.
>
> I would appreciate you feedback and clarification regarding the SWAMP
>
> regards
>
> Johanna
>
>
> On Sat, Jun 28, 2014 at 2:37 AM, Jim Manico <jim.manico at owasp.org 
> <mailto:jim.manico at owasp.org>> wrote:
>
>     Johanna,
>
>     AWESOME. It was great to meet you in person at AppSecEU and thank
>     you for your selfless volunteerism.
>
>     Glad to see your are leveraging SAST in your infrastructure. When
>     the time is right I'd like to put a call out to invite other
>     vendors to participate.
>
>     I want to make sure we are as vendor neutral as possible so all
>     have the opportunity to participate (and donate licenses to the
>     foundation). :) When the time is right of course, I do not want to
>     derail your progress and pilot.
>
>     Great work to you and Jason and all the others who are helping.
>     This is very exciting!
>
>     PS: Johanna has been a web developer for 15 years which I think is
>     pretty rare and awesome. :)
>
>     Aloha,
>     --
>     Jim Manico
>     @Manicode
>     (808) 652-3805 <tel:%28808%29%20652-3805>
>
>     On Jun 28, 2014, at 7:29 AM, Josh Sokol <josh.sokol at owasp.org
>     <mailto:josh.sokol at owasp.org>> wrote:
>
>>     Thank you very much for the update Johanna!  It is great to hear
>>     about the cohesive efforts of the projects team and it sounds
>>     like you all are making some great progress on several fronts. 
>>     I'd encourage you all to keep pressing forward and please do not
>>     hesitate to let us know if there's anything we can do to help.
>>
>>     ~josh
>>
>>
>>     On Fri, Jun 27, 2014 at 7:21 PM, johanna curiel curiel
>>     <johanna.curiel at owasp.org <mailto:johanna.curiel at owasp.org>> wrote:
>>
>>         Board
>>
>>         I just want to let you know that Kait Disney has been
>>         contributing a lot since last year, cleaning the inventory on
>>         the WIKI pages
>>
>>         We are starting a new project, which means we will set all
>>         OWASP projects in JIRA for better management and reporting of
>>         project status
>>
>>         Kait has access to JIRA and will start doing this during this
>>         week for projects that are not there yet, including
>>         classifying them properly.
>>
>>         I have been testing manually the projects and Jason Johnson
>>         has recently setup a build server that will allow us to
>>         automate most of this task and verify that repositories and
>>         source code build properly. This information will be used as
>>         a measuring criteria , including checking unit tests(such as
>>         the case of OWASP ZAP)
>>
>>         I will work on this next week and more intensively after the
>>         12 of July.
>>
>>         Enrico Branca has create also a python script that will allow
>>         us to have a centralized system that determines the activity
>>         level on git hub repositories of projects much better than
>>         Ohloh  and we will be setting this as a web app page such as
>>         this :http://www.pythonsecurity.org/stats
>>
>>         Checkmarx Business development director Avichai Elgavish had
>>         expressed his support to provide us licenses for our code
>>         review analysis tool and I'll be in contact with him next
>>         week regarding this.
>>
>>         I really appreciate all this team efforts that will help us
>>         have a better overview of project activities and management
>>         of their status
>>
>>         I'll update this soon information on the wiki and  I think
>>         this is worth to put in the global connector for the entire
>>         community so they know how are we approaching this
>>
>>         regards
>>
>>         Johanna
>>
>>         _______________________________________________
>>         Owasp-board mailing list
>>         Owasp-board at lists.owasp.org <mailto:Owasp-board at lists.owasp.org>
>>         https://lists.owasp.org/mailman/listinfo/owasp-board
>>
>>
>>     _______________________________________________
>>     Owasp-board mailing list
>>     Owasp-board at lists.owasp.org <mailto:Owasp-board at lists.owasp.org>
>>     https://lists.owasp.org/mailman/listinfo/owasp-board
>
>

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/owasp-board/attachments/20140628/9d8468a0/attachment-0001.html>


More information about the Owasp-board mailing list