[Owasp-board] SWAMP update

johanna curiel curiel johanna.curiel at owasp.org
Mon Apr 13 17:37:09 UTC 2015


Kate could approve it and it will follow the work flow.

Hi Fabio,

For the clarification of the process, Kate sends us(Project review team)
the request so we can provide our feedback on the information provided by
the Project leader and based on this information , the project is finally
approved, OWASP page is then created and based on the maturity level,
placed accordingly in the Project inventory.

SWAMP is a very mature project, so I could not consider this project an
incubator, unless anyone has any objections.

Based on the feedback from other team members , we will need to check if we
place it under LABS to begin with.

Regards

Johanna


On Mon, Apr 13, 2015 at 11:54 AM, Fabio Cerullo <fcerullo at owasp.org> wrote:

> Jim
>
> Patrick already submitted it as an OWASP project and is only waiting in
> the queue.
>
> Now that the project is open source, Kate could approve it and it will
> follow the work flow.
>
> Fabio
>
> Sent from my iPhone
>
> On 13 Apr 2015, at 12:48, Jim Manico <jim.manico at owasp.org> wrote:
>
> Patrick,
>
> Excellent. SWAMP is Apache licensed which is very community friendly. We
> of course need to go through a submission and approval process first, so
> please consider submitting your project as an OWASP project if you are
> interested. There is no harm in talking to Kate but you still need to go
> through our project submission process. :)
>
> For project submission please submit using this form:
> http://www.tfaforms.com/263506 and include the following information.
>
> A - PROJECT
>
>    1. Project Name,
>    2. Project purpose / overview,
>    3. Project Roadmap,
>    4. Project links (if any) to external sites,
>    5. Project license
>     6. Project Leader name,
>    7. Project Leader email address,
>    8. Project Leader wiki account - the username (you'll need this to
>    edit the wiki),
>    9. Project Contributor(s) (if any) - name email and wiki account (if
>    any),
>    10. Project Main Links (if any).
>    11. For Documentation: A table of Contents
>    12. For Code: A prototype hosted in an open source repository of your
>    choice. Make sure it has read access.
>
>
>
>
>
> For more info, please visit
> https://www.owasp.org/index.php/Category:OWASP_Project#tab=Starting_a_New_Project
>
> ALOHA Patrick,
> Jim Manico
> OWASP Global Board Member
>
>
> On 4/13/15 8:41 AM, Fabio Cerullo wrote:
>
> Patrick
>
>  Thanks for your mail and apologies for the delay. These are fantastic
> news and I'm looking forward to get SWAMP as an official OWASP project now
> that has been open sourced.
>
>  I'm cc'ing Kate Hartman, our Operations Director, to progress your OWASP
> project application.
>
>  Thanks,
>
>  Fabio
>
> Sent from my iPhone
>
> On 7 Apr 2015, at 13:50, Beyer, Patrick <PBeyer at continuousassurance.org>
> wrote:
>
>    Good Morning!
>
>  I’m please to announce we have the SWAMP code posted to GitHub!
>
>  The Link is - https://github.com/mirswamp/open-swamp
>
>  Let me know if there any issues suggestions!
>
>  Thanks
>
>  Patrick Beyer, PhD PMP
> Project Manager
> Software Assurance Market Place
> O:(608) 316-4664
> C: (609) 509-5203
> www.continuousassurance.org
>
>  Pbeyer at continuousassurance.org
> Pbeyer at Morgridge.org
> pbeyer2 at wIsc.edu
>
>
>
>   From: Fabio Cerullo <fcerullo at owasp.org>
> Date: Fri, 20 Mar 2015 09:01:15 +0000
> To: "Beyer, Patrick" <PBeyer at continuousassurance.org>
> Cc: OWASP Board List <owasp-board at lists.owasp.org>, Kevin Greene <
> kevin.greene at hq.dhs.gov>
> Subject: Re: SWAMP update
>
>   Hi Patrick,
>
>  Those are great news.
>
>  We have indeed received your project submission. Please let us know once
> the source code is available on Github so we could set up your project in
> the wiki and announce it as an official OWASP project.
>
>  Any questions please let me know.
>
>  Thanks
> Fabio
>
> Sent from my iPhone
>
> On 17 Mar 2015, at 14:54, Beyer, Patrick <PBeyer at continuousassurance.org>
> wrote:
>
>    Hi Fabio,
>
>
>  Sorry for the tardy response.
>
>  We are extremely close on the Open source release of the SWAMP code to
> GitHub.
>
>  One last hoop to jump through is generating a report of the
> Vulnerability analysis of the code for DHS.
>
>  Once the report is completed (Hopefully by the end of the week) we will
> be able to release the code.
>
>  But as always the SWAMP is open for business and can be used at anytime!
>
>  Is there any word on our project submission to OWASP?
>
>  Thanks
>
>
>  Patrick Beyer, PhD PMP
> Project Manager
> Software Assurance Market Place
> O:(608) 316-4664
> C: (609) 509-5203
> www.continuousassurance.org
>
>  Pbeyer at continuousassurance.org
> Pbeyer at Morgridge.org
> pbeyer2 at wIsc.edu
>
>
>
>   From: Fabio Cerullo <fcerullo at owasp.org>
> Date: Mon, 2 Mar 2015 17:55:29 +0000
> To: "Beyer, Patrick" <PBeyer at continuousassurance.org>
> Cc: OWASP Board List <owasp-board at lists.owasp.org>, Kevin Greene <
> kevin.greene at hq.dhs.gov>
> Subject: Re: SWAMP update
>
>  Patrick
>
>  I hope you are keeping well.
>
>  Just wanted to catch up with you as there is some traction at OWASP to
> scan some of our projects codebase using the SWAMP.
>
>  Do you think the SWAMP is ready to be 'open-sourced' and adopted by
> OWASP?
>
>  Thanks
> Fabio
>
>
>
> On Fri, Oct 17, 2014 at 7:28 PM, Beyer, Patrick <
> PBeyer at continuousassurance.org> wrote:
>
>>   We are just getting data on how long it will take us to sanitize our
>> code and have it ready for release.
>> Its about 40 hours of work right now and we just have to fit it into the
>> Schedule..
>>
>>  I’m waiting on that to move forward on the Application..
>>
>>  Patrick D. Beyer, PhD, PMP
>> Software Assurance Marketplace (SWAMP)
>> Morgridge Institute for Research
>> O:(608) 316-4664
>> C: (608) 509-5203
>> Pbeyer at morgridgeinstitute.org
>> pbeyer2 at wisc.edu
>>
>>
>>   From: Fabio Cerullo <fcerullo at owasp.org>
>> Date: Friday, October 17, 2014 at 12:25
>> To: Pat Beyer <pbeyer at continuousassurance.org>
>> Cc: OWASP Board List <owasp-board at lists.owasp.org>, Kevin Greene <
>> kevin.greene at hq.dhs.gov>
>> Subject: Re: SWAMP update
>>
>>  Patrick
>>
>>  No problem at all and thanks for the update.
>>
>>  I reviewed the functionality doc and it seems you have some busy months
>> ahead of you. As part of the roadmap, it would be very useful if you
>> could highlight when are you planning to open source the platform so it
>> could be "adopted" as an OWASP project. If you have any questions regarding
>> this process, please let us know.
>>
>>  All the best,
>>
>>  Fabio
>>
>> On Friday, October 17, 2014, Beyer, Patrick <
>> PBeyer at continuousassurance.org> wrote:
>>
>>>   Fabio et al,
>>>
>>>  Sorry for my Delayed response, things are getting crazy (In a good
>>> way)…
>>>
>>>  I want to give the board Good accurate information so it was taking me
>>> some time to verify.
>>>
>>>  Lets start with me sharing our Functionality by release document which
>>> shows what functionality we plan on within the next twelve months.
>>>
>>>  We just released version 1.11 on 16 Oct 2014..
>>>
>>>  I will be DILIGENTLY working on OSWAP / SWAMP Timeline for the boards
>>> review here in the next week or so.
>>>
>>>  Thanks for being Patient!
>>>
>>>
>>>  Patrick D. Beyer, PhD, PMP
>>> Software Assurance Marketplace (SWAMP)
>>> Morgridge Institute for Research
>>> O:(608) 316-4664
>>> C: (608) 509-5203
>>> Pbeyer at morgridgeinstitute.org
>>> pbeyer2 at wisc.edu
>>>
>>>
>>>   From: Fabio Cerullo <fcerullo at owasp.org>
>>> Date: Thursday, October 16, 2014 at 17:59
>>> Cc: Pat Beyer <pbeyer at continuousassurance.org>, OWASP Board List <
>>> owasp-board at lists.owasp.org>, Kevin Greene <kevin.greene at hq.dhs.gov>
>>> Subject: SWAMP update
>>>
>>>  Patrick
>>>
>>>  Hope you are keeping well.
>>>
>>>  I'm contacting you on behalf of the OWASP Board to see whether you had
>>> the chance to progress the roadmap discussed at Appsec USA last September.
>>>
>>>  We are looking forward to your response.
>>>
>>>  Thanks and regards
>>>
>>>  Fabio
>>>
>>> On Monday, September 22, 2014, Tom Brennan - OWASP <tomb at owasp.org>
>>> wrote:
>>>
>>>> Patrick,
>>>>
>>>> You may also want to bookmark this:
>>>>
>>>> 'STARTING A NEW OWASP PROJECT"
>>>>
>>>>
>>>> https://www.owasp.org/index.php/Category:OWASP_Project#tab=Starting_a_New_Project
>>>>
>>>> This will help everyone using written guidance for new projects.
>>>>
>>>> Tom Brennan
>>>> Global Vice Chairman
>>>> OWASP Foundation
>>>> 973-202-0122
>>>> tomb at owasp.org | www.owasp.org
>>>>
>>>> On Sep 22, 2014, at 12:20 PM, Beyer, Patrick <
>>>> PBeyer at continuousassurance.org> wrote:
>>>>
>>>> > Absolutely,
>>>> >
>>>> > Give us a few days to work up a good road map based on our
>>>> conversations last Thursday!
>>>> >
>>>> > We are really excited to build this relationship!!
>>>> >
>>>> > Pat
>>>> >
>>>> > Sent from my iPhone
>>>> >
>>>> > On Sep 21, 2014, at 20:00, "Eoin Keary" <eoin.keary at owasp.org> wrote:
>>>> >
>>>> >> I'd think a call to go through would be beneficial.
>>>> >>
>>>> >>
>>>> >> Eoin Keary
>>>> >> Owasp Global Board
>>>> >> +353 87 977 2988 <%2B353%2087%20977%202988>
>>>> >>
>>>> >>
>>>> >> On 21 Sep 2014, at 20:22, Tom Brennan - proactiveRISK <
>>>> tomb at proactiverisk.com> wrote:
>>>> >>
>>>> >>> Your looking for updated in edition to:
>>>> >>>
>>>> https://continuousassurance.org/technical-resources/project-roadmap/
>>>> >>>
>>>> >>> The SWAMP FAQ is useful and will be referenced
>>>> >>> https://continuousassurance.org/faqs/
>>>> >>>
>>>> >>>
>>>> >>>
>>>> >>> On Sep 21, 2014, at 5:54 PM, Jim Manico <jim.manico at owasp.org>
>>>> wrote:
>>>> >>>
>>>> >>>> +1 Eoin.
>>>> >>>>
>>>> >>>> Patrick,
>>>> >>>>
>>>> >>>> I'm eager to find all of the various places where OWASP and SWAMP
>>>> intersect! I think there is a lot we can do for each other in terms of
>>>> helping the community achieve excellence in application security.
>>>> >>>>
>>>> >>>> Aloha,
>>>> >>>> Jim
>>>> >>>>
>>>> >>>>
>>>> >>>> On 9/21/14, 12:47 PM, Eoin Keary wrote:
>>>> >>>>> Hi Patrick,
>>>> >>>>> Good meeting this last week.
>>>> >>>>>
>>>> >>>>> Can we look at next steps assuming we can all agree the openness
>>>> of SWAMP is understood.
>>>> >>>>> Items like the roadmap would be a good discussion point to kick
>>>> off.
>>>> >>>>> Thanks,
>>>> >>>>> Eoin
>>>> >>>>>
>>>> >>>>>
>>>> >>>>> Eoin Keary
>>>> >>>>> Owasp Global Board
>>>> >>>>> +353 87 977 2988 <%2B353%2087%20977%202988>
>>>> >>>>>
>>>> >>>>> _______________________________________________
>>>> >>>>> Owasp-board mailing list
>>>> >>>>> Owasp-board at lists.owasp.org
>>>> >>>>> https://lists.owasp.org/mailman/listinfo/owasp-board
>>>> >>>>
>>>> >>>> _______________________________________________
>>>> >>>> Owasp-board mailing list
>>>> >>>> Owasp-board at lists.owasp.org
>>>> >>>> https://lists.owasp.org/mailman/listinfo/owasp-board
>>>>
>>>> _______________________________________________
>>>> Owasp-board mailing list
>>>> Owasp-board at lists.owasp.org
>>>> https://lists.owasp.org/mailman/listinfo/owasp-board
>>>>
>>>
>
>
> _______________________________________________
> Owasp-board mailing listOwasp-board at lists.owasp.orghttps://lists.owasp.org/mailman/listinfo/owasp-board
>
>
>
> _______________________________________________
> Owasp-board mailing list
> Owasp-board at lists.owasp.org
> https://lists.owasp.org/mailman/listinfo/owasp-board
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/owasp-board/attachments/20150413/dbec143a/attachment-0001.html>


More information about the Owasp-board mailing list