[Owasp-board] Task force team assisting with cleanup of project inventories-updates

johanna curiel curiel johanna.curiel at owasp.org
Sat Jun 28 08:34:17 UTC 2014


Don't let anyone pressure you into any direction that you think is wrong.
That goes for me as well.

I  just want  to report an experience and it could be that the SWAMP team
has certain expectations.

However, communicating this to SWAP should be done properly and I think
is appropriate  to show one consistent message as an organization ;-)


On Sat, Jun 28, 2014 at 4:10 AM, Jim Manico <jim.manico at owasp.org> wrote:

>  Johanna,
>
> Surely use SWAMP tools if YOU want to, but there is no reason you HAVE to
> work with SWAMP. Please do not let them pressure you into any direction
> that you do not feel is right.
>
> >  Since we are creating a system to run automated builds and without the
> work and effort of creating C/C++ build scripts or commands to be able to
> run them in SWAMP,  I see this right now as overload work for me.
>
> There is your answer. Johanna, you've been a technie for over 15 years
> specific to web technology. I trust you and so does the rest of the board.
>
> Don't let anyone pressure you into any direction that you think is wrong.
> That goes for me as well.
>
> With respect,
> Jim
>
>
>
>
>  On 6/28/14, 8:55 AM, johanna curiel curiel wrote:
>
>  Jim, I'll be using other code analysis tools and right now SWAMP does
> that too.
>
>   I would like to have a meeting with you/Board regarding the
> SWAMP because I don't know where is this heading.
>
>  DHS is really behind my back to put tools there, I did that with a
> couple but since they all need C/C++ build scripts or clear build (gcc)
> commands (that is also possibly) I was able to find out how to run them and
> get the exact build errors if they failed.
>
>  This could be a free way to use some code analysis tools for these
> languages but I'm not sure if I should be doing this.
>
>  Since we are creating a system to run automated builds and without the
> work and effort of creating C/C++ build scripts or commands to be able to
> run them in SWAMP,  I see this right now as overload work for me.
>
>  I like the way the SWAMP runs, is quite easy to work but the overload
> work of creating C/C++ build scripts or commands is major minus for me. The
> idea is if  a tools has his own build scripts written in maven, ant, python
> or other scripting language, this will add extra work to any testing.
>
>  Again, what is the strategy with the SWAMP? I think I can test some
> tools (such as NinjaPingU that already has a C++ build scripts) but I would
> not be using this environment because it adds too much work. In the end I
> think the developer of the tool should be doing this if he wants to use the
> SWAMP.
>
>  Please let me know because communicating consistency to external parties
> is essential. Like in this case, I have the understanding that SWAMP wants
> me to put OWASP tools there but I think we should communicate my findings
> why I might not continue doing this and if the board wants to promote this
> among our community, that is another strategy I'm not aware of
> but definitely, that message wont be communicated from my side
>
>   I see activities that in APPSEC US are  already heading in that
> direction so please let me know.
>
>  I would appreciate you feedback and clarification regarding the SWAMP
>
>  regards
>
>  Johanna
>
>
> On Sat, Jun 28, 2014 at 2:37 AM, Jim Manico <jim.manico at owasp.org> wrote:
>
>>  Johanna,
>>
>>  AWESOME. It was great to meet you in person at AppSecEU and thank you
>> for your selfless volunteerism.
>>
>>  Glad to see your are leveraging SAST in your infrastructure. When the
>> time is right I'd like to put a call out to invite other vendors to
>> participate.
>>
>>  I want to make sure we are as vendor neutral as possible so all have
>> the opportunity to participate (and donate licenses to the foundation). :)
>> When the time is right of course, I do not want to derail your progress and
>> pilot.
>>
>>  Great work to you and Jason and all the others who are helping. This is
>> very exciting!
>>
>>  PS: Johanna has been a web developer for 15 years which I think is
>> pretty rare and awesome. :)
>>
>>  Aloha,
>> --
>> Jim Manico
>> @Manicode
>> (808) 652-3805
>>
>> On Jun 28, 2014, at 7:29 AM, Josh Sokol <josh.sokol at owasp.org> wrote:
>>
>>   Thank you very much for the update Johanna!  It is great to hear about
>> the cohesive efforts of the projects team and it sounds like you all are
>> making some great progress on several fronts.  I'd encourage you all to
>> keep pressing forward and please do not hesitate to let us know if there's
>> anything we can do to help.
>>
>>  ~josh
>>
>>
>> On Fri, Jun 27, 2014 at 7:21 PM, johanna curiel curiel <
>> johanna.curiel at owasp.org> wrote:
>>
>>> Board
>>>
>>>  I just want to let you know that Kait Disney has been contributing a
>>> lot since last year, cleaning the inventory on the WIKI pages
>>>
>>>  We are starting a new project, which means we will set all OWASP
>>> projects in JIRA for better management and reporting of project status
>>>
>>>  Kait has access to JIRA and will start doing this during this week for
>>> projects that are not there yet, including classifying them properly.
>>>
>>>  I have been testing manually the projects and Jason Johnson has
>>> recently setup a build server that will allow us to automate most of this
>>> task and verify that repositories and source code build properly. This
>>> information will be used as a measuring criteria , including checking unit
>>> tests(such as the case of OWASP ZAP)
>>>
>>>  I will work on this next week and more intensively after the 12 of
>>> July.
>>>
>>>  Enrico Branca has create also a python script that will allow us to
>>> have a centralized system that determines the activity level on git hub
>>> repositories of projects much better than Ohloh  and we will be setting
>>> this as a web app page such as this :http://www.pythonsecurity.org/stats
>>>
>>>  Checkmarx Business development director Avichai Elgavish had expressed
>>> his support to provide us licenses for our code review analysis tool and
>>> I'll be in contact with him next week regarding this.
>>>
>>>  I really appreciate all this team efforts that will help us have a
>>> better overview of project activities and management of their status
>>>
>>>  I'll update this soon information on the wiki and  I think this is
>>> worth to put in the global connector for the entire community so they know
>>> how are we approaching this
>>>
>>>  regards
>>>
>>>  Johanna
>>>
>>> _______________________________________________
>>> Owasp-board mailing list
>>> Owasp-board at lists.owasp.org
>>> https://lists.owasp.org/mailman/listinfo/owasp-board
>>>
>>>
>>   _______________________________________________
>> Owasp-board mailing list
>> Owasp-board at lists.owasp.org
>> https://lists.owasp.org/mailman/listinfo/owasp-board
>>
>>
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/owasp-board/attachments/20140628/01fc4c17/attachment.html>


More information about the Owasp-board mailing list