[Owasp-board] SWAMP update

Jim Manico jim.manico at owasp.org
Mon Apr 13 19:29:13 UTC 2015


Kate does not approve projects; Johanna Curiel and the project review team
do.

But make no mistake, I think SWAMP is awesome and should be a great OWASP
project!

Aloha,
--
Jim Manico
@Manicode
(808) 652-3805

On Apr 13, 2015, at 8:54 AM, Fabio Cerullo <fcerullo at owasp.org> wrote:

Jim

Patrick already submitted it as an OWASP project and is only waiting in the
queue.

Now that the project is open source, Kate could approve it and it will
follow the work flow.

Fabio

Sent from my iPhone

On 13 Apr 2015, at 12:48, Jim Manico <jim.manico at owasp.org> wrote:

 Patrick,

Excellent. SWAMP is Apache licensed which is very community friendly. We of
course need to go through a submission and approval process first, so
please consider submitting your project as an OWASP project if you are
interested. There is no harm in talking to Kate but you still need to go
through our project submission process. :)

For project submission please submit using this form:
http://www.tfaforms.com/263506 and include the following information.

 A - PROJECT

   1. Project Name,
   2. Project purpose / overview,
   3. Project Roadmap,
   4. Project links (if any) to external sites,
   5. Project license
    6. Project Leader name,
   7. Project Leader email address,
   8. Project Leader wiki account - the username (you'll need this to edit
   the wiki),
   9. Project Contributor(s) (if any) - name email and wiki account (if
   any),
   10. Project Main Links (if any).
   11. For Documentation: A table of Contents
   12. For Code: A prototype hosted in an open source repository of your
   choice. Make sure it has read access.





For more info, please visit
https://www.owasp.org/index.php/Category:OWASP_Project#tab=Starting_a_New_Project

ALOHA Patrick,
Jim Manico
OWASP Global Board Member


On 4/13/15 8:41 AM, Fabio Cerullo wrote:

 Patrick

 Thanks for your mail and apologies for the delay. These are fantastic news
and I'm looking forward to get SWAMP as an official OWASP project now that
has been open sourced.

 I'm cc'ing Kate Hartman, our Operations Director, to progress your OWASP
project application.

 Thanks,

 Fabio

Sent from my iPhone

On 7 Apr 2015, at 13:50, Beyer, Patrick <PBeyer at continuousassurance.org>
wrote:

   Good Morning!

 I’m please to announce we have the SWAMP code posted to GitHub!

 The Link is - https://github.com/mirswamp/open-swamp

 Let me know if there any issues suggestions!

 Thanks

 Patrick Beyer, PhD PMP
Project Manager
Software Assurance Market Place
O:(608) 316-4664
C: (609) 509-5203
www.continuousassurance.org

 Pbeyer at continuousassurance.org
Pbeyer at Morgridge.org
pbeyer2 at wIsc.edu



  From: Fabio Cerullo <fcerullo at owasp.org>
Date: Fri, 20 Mar 2015 09:01:15 +0000
To: "Beyer, Patrick" <PBeyer at continuousassurance.org>
Cc: OWASP Board List <owasp-board at lists.owasp.org>, Kevin Greene <
kevin.greene at hq.dhs.gov>
Subject: Re: SWAMP update

  Hi Patrick,

 Those are great news.

 We have indeed received your project submission. Please let us know once
the source code is available on Github so we could set up your project in
the wiki and announce it as an official OWASP project.

 Any questions please let me know.

 Thanks
Fabio

Sent from my iPhone

On 17 Mar 2015, at 14:54, Beyer, Patrick <PBeyer at continuousassurance.org>
wrote:

   Hi Fabio,


 Sorry for the tardy response.

 We are extremely close on the Open source release of the SWAMP code to
GitHub.

 One last hoop to jump through is generating a report of the Vulnerability
analysis of the code for DHS.

 Once the report is completed (Hopefully by the end of the week) we will be
able to release the code.

 But as always the SWAMP is open for business and can be used at anytime!

 Is there any word on our project submission to OWASP?

 Thanks


 Patrick Beyer, PhD PMP
Project Manager
Software Assurance Market Place
O:(608) 316-4664
C: (609) 509-5203
www.continuousassurance.org

 Pbeyer at continuousassurance.org
Pbeyer at Morgridge.org
pbeyer2 at wIsc.edu



  From: Fabio Cerullo <fcerullo at owasp.org>
Date: Mon, 2 Mar 2015 17:55:29 +0000
To: "Beyer, Patrick" <PBeyer at continuousassurance.org>
Cc: OWASP Board List <owasp-board at lists.owasp.org>, Kevin Greene <
kevin.greene at hq.dhs.gov>
Subject: Re: SWAMP update

 Patrick

 I hope you are keeping well.

 Just wanted to catch up with you as there is some traction at OWASP to
scan some of our projects codebase using the SWAMP.

 Do you think the SWAMP is ready to be 'open-sourced' and adopted by OWASP?

 Thanks
Fabio



On Fri, Oct 17, 2014 at 7:28 PM, Beyer, Patrick <
PBeyer at continuousassurance.org> wrote:

>   We are just getting data on how long it will take us to sanitize our
> code and have it ready for release.
> Its about 40 hours of work right now and we just have to fit it into the
> Schedule..
>
>  I’m waiting on that to move forward on the Application..
>
>  Patrick D. Beyer, PhD, PMP
> Software Assurance Marketplace (SWAMP)
> Morgridge Institute for Research
> O:(608) 316-4664
> C: (608) 509-5203
> Pbeyer at morgridgeinstitute.org
> pbeyer2 at wisc.edu
>
>
>   From: Fabio Cerullo <fcerullo at owasp.org>
> Date: Friday, October 17, 2014 at 12:25
> To: Pat Beyer <pbeyer at continuousassurance.org>
> Cc: OWASP Board List <owasp-board at lists.owasp.org>, Kevin Greene <
> kevin.greene at hq.dhs.gov>
> Subject: Re: SWAMP update
>
>  Patrick
>
>  No problem at all and thanks for the update.
>
>  I reviewed the functionality doc and it seems you have some busy months
> ahead of you. As part of the roadmap, it would be very useful if you
> could highlight when are you planning to open source the platform so it
> could be "adopted" as an OWASP project. If you have any questions regarding
> this process, please let us know.
>
>  All the best,
>
>  Fabio
>
> On Friday, October 17, 2014, Beyer, Patrick <
> PBeyer at continuousassurance.org> wrote:
>
>>   Fabio et al,
>>
>>  Sorry for my Delayed response, things are getting crazy (In a good way)…
>>
>>  I want to give the board Good accurate information so it was taking me
>> some time to verify.
>>
>>  Lets start with me sharing our Functionality by release document which
>> shows what functionality we plan on within the next twelve months.
>>
>>  We just released version 1.11 on 16 Oct 2014..
>>
>>  I will be DILIGENTLY working on OSWAP / SWAMP Timeline for the boards
>> review here in the next week or so.
>>
>>  Thanks for being Patient!
>>
>>
>>  Patrick D. Beyer, PhD, PMP
>> Software Assurance Marketplace (SWAMP)
>> Morgridge Institute for Research
>> O:(608) 316-4664
>> C: (608) 509-5203
>> Pbeyer at morgridgeinstitute.org
>> pbeyer2 at wisc.edu
>>
>>
>>   From: Fabio Cerullo <fcerullo at owasp.org>
>> Date: Thursday, October 16, 2014 at 17:59
>> Cc: Pat Beyer <pbeyer at continuousassurance.org>, OWASP Board List <
>> owasp-board at lists.owasp.org>, Kevin Greene <kevin.greene at hq.dhs.gov>
>> Subject: SWAMP update
>>
>>  Patrick
>>
>>  Hope you are keeping well.
>>
>>  I'm contacting you on behalf of the OWASP Board to see whether you had
>> the chance to progress the roadmap discussed at Appsec USA last September.
>>
>>  We are looking forward to your response.
>>
>>  Thanks and regards
>>
>>  Fabio
>>
>> On Monday, September 22, 2014, Tom Brennan - OWASP <tomb at owasp.org>
>> wrote:
>>
>>> Patrick,
>>>
>>> You may also want to bookmark this:
>>>
>>> 'STARTING A NEW OWASP PROJECT"
>>>
>>>
>>> https://www.owasp.org/index.php/Category:OWASP_Project#tab=Starting_a_New_Project
>>>
>>> This will help everyone using written guidance for new projects.
>>>
>>> Tom Brennan
>>> Global Vice Chairman
>>> OWASP Foundation
>>> 973-202-0122
>>> tomb at owasp.org | www.owasp.org
>>>
>>> On Sep 22, 2014, at 12:20 PM, Beyer, Patrick <
>>> PBeyer at continuousassurance.org> wrote:
>>>
>>> > Absolutely,
>>> >
>>> > Give us a few days to work up a good road map based on our
>>> conversations last Thursday!
>>> >
>>> > We are really excited to build this relationship!!
>>> >
>>> > Pat
>>> >
>>> > Sent from my iPhone
>>> >
>>> > On Sep 21, 2014, at 20:00, "Eoin Keary" <eoin.keary at owasp.org> wrote:
>>> >
>>> >> I'd think a call to go through would be beneficial.
>>> >>
>>> >>
>>> >> Eoin Keary
>>> >> Owasp Global Board
>>> >> +353 87 977 2988 <%2B353%2087%20977%202988>
>>> >>
>>> >>
>>> >> On 21 Sep 2014, at 20:22, Tom Brennan - proactiveRISK <
>>> tomb at proactiverisk.com> wrote:
>>> >>
>>> >>> Your looking for updated in edition to:
>>> >>> https://continuousassurance.org/technical-resources/project-roadmap/
>>> >>>
>>> >>> The SWAMP FAQ is useful and will be referenced
>>> >>> https://continuousassurance.org/faqs/
>>> >>>
>>> >>>
>>> >>>
>>> >>> On Sep 21, 2014, at 5:54 PM, Jim Manico <jim.manico at owasp.org>
>>> wrote:
>>> >>>
>>> >>>> +1 Eoin.
>>> >>>>
>>> >>>> Patrick,
>>> >>>>
>>> >>>> I'm eager to find all of the various places where OWASP and SWAMP
>>> intersect! I think there is a lot we can do for each other in terms of
>>> helping the community achieve excellence in application security.
>>> >>>>
>>> >>>> Aloha,
>>> >>>> Jim
>>> >>>>
>>> >>>>
>>> >>>> On 9/21/14, 12:47 PM, Eoin Keary wrote:
>>> >>>>> Hi Patrick,
>>> >>>>> Good meeting this last week.
>>> >>>>>
>>> >>>>> Can we look at next steps assuming we can all agree the openness
>>> of SWAMP is understood.
>>> >>>>> Items like the roadmap would be a good discussion point to kick
>>> off.
>>> >>>>> Thanks,
>>> >>>>> Eoin
>>> >>>>>
>>> >>>>>
>>> >>>>> Eoin Keary
>>> >>>>> Owasp Global Board
>>> >>>>> +353 87 977 2988 <%2B353%2087%20977%202988>
>>> >>>>>
>>> >>>>> _______________________________________________
>>> >>>>> Owasp-board mailing list
>>> >>>>> Owasp-board at lists.owasp.org
>>> >>>>> https://lists.owasp.org/mailman/listinfo/owasp-board
>>> >>>>
>>> >>>> _______________________________________________
>>> >>>> Owasp-board mailing list
>>> >>>> Owasp-board at lists.owasp.org
>>> >>>> https://lists.owasp.org/mailman/listinfo/owasp-board
>>>
>>> _______________________________________________
>>> Owasp-board mailing list
>>> Owasp-board at lists.owasp.org
>>> https://lists.owasp.org/mailman/listinfo/owasp-board
>>>
>>


_______________________________________________
Owasp-board mailing
listOwasp-board at lists.owasp.orghttps://lists.owasp.org/mailman/listinfo/owasp-board
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/owasp-board/attachments/20150413/d9004557/attachment-0001.html>


More information about the Owasp-board mailing list