[Owasp-board] SWAMP Project Request

johanna curiel curiel johanna.curiel at owasp.org
Mon Mar 16 18:19:42 UTC 2015


Board and Kate,

I think the SWAP is looking for a way to work together with us? Clearly,
the nature of their project cannot be categorized as an OWASP project but I
really support the idea of projects using these kind of service to check
their quality.

Right now there is a similar service (Coverty) and not per se do I want to
insist project leaders using the SWAMP but any similar approach (Coverty or
using their own scanning tools or their preference) should be part of the
review process. I do this for some of the projects

Regards

Johanna

On Fri, Mar 13, 2015 at 1:29 PM, Jim Manico <jim.manico at owasp.org> wrote:

>  Johanna,
>
> This is an easy one. To be an OWASP project you must be open source. :) If
> not, no OWASP project!
>
> Aloha,
> Jim
>
>
>
> On 3/13/15 12:31 AM, johanna curiel curiel wrote:
>
> Kate,
>
>  The main condition is to be open source and to have an open source
> license.
>
>  After having used the swamp, it is quite difficult to categorized it as
> a code or tool but especially being open source.
>
>  I consider the swap a service and it's environment is not open , in
> fact, you run scanning on code and tool projects in a closed environment to
> the user on their servers.
>
>  What I consider the swamp a great service to verify the quality of
> certain projects that can be run in their servers and I believe that
> projects that can run their code in these servers could make excellent use
> of it as a verification of minimum quality.
>
>  I have ideas regarding how we could encourage projects to run their
> code especially if we link this to measuring quality criteria when doing
> reviews and gaining higher status and I would like to discuss this with you
> and the board if you are interested
>
>  Regards
>
>  Johanna
>
> On Thursday, March 12, 2015, Tom Brennan <tomb at proactiverisk.com> wrote:
>
>> He has to follow the project guidelines like everyone else ;)
>>
>>
>>
>> On Thu, Mar 12, 2015 at 5:20 PM, Kate Hartmann <kate.hartmann at owasp.org>
>> wrote:
>>
>>> Board, I know that there had been multiple conversations with SWAMP,
>>> especially in Denver last year.
>>>
>>>  I received a "new project request" from Patrick Beyer asking that
>>> SWAMP be set up as an OWASP project.
>>>
>>>  I wanted to understand what the "next steps" are with this request.
>>>
>>>
>>>  Thank you.
>>>
>>>  --
>>>
>>>
>>>  Kate Hartmann
>>> kate.hartmann at owasp.org
>>> +1 301-275-9403 <%2B1%20301-275-9403>
>>>
>>>
>>> _______________________________________________
>>> Owasp-board mailing list
>>> Owasp-board at lists.owasp.org
>>> https://lists.owasp.org/mailman/listinfo/owasp-board
>>>
>>>
>>
>
> _______________________________________________
> Owasp-board mailing listOwasp-board at lists.owasp.orghttps://lists.owasp.org/mailman/listinfo/owasp-board
>
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/owasp-board/attachments/20150316/519cedba/attachment-0001.html>


More information about the Owasp-board mailing list