[Owasp-board] Empty and incomplete projects again
Jim Manico
jim.manico at owasp.org
Fri Nov 6 00:58:34 UTC 2015
Simon,
I agree with you in spirit. I really do not want to see any empty
projects either.
Claudia has a close eye on this and I really want to give her some room
to work these issues out. The scale of empty projects is very small
right now (2) and the world is not ending. :) Let's give Claudia some
room to do her thing, and we can all revisit this in a few weeks to
ensure progress is made.
Does that seem reasonable?
Aloha,
Jim
On 11/5/15 2:50 AM, psiinon wrote:
> I think the current rules for the minimum requirements for a project
> are very reasonable, and I think we should all discuss this before
> changing them.
> Empty project pages dont help OWASP and I dont think they help the
> projects either.
>
> Cheers,
>
> Simon
>
> On Thu, Nov 5, 2015 at 12:40 PM, johanna curiel curiel
> <johanna.curiel at owasp.org <mailto:johanna.curiel at owasp.org>> wrote:
>
> Hi Claudia
>
> Both projects are setup under 'Documentation'
>
> I read the API project and at the moment there is no clear
> approach on how they will do a research to come with the 'top 10
> API vulnerabilities'
>
> This means David has to do a quite intensive research and gather a
> lot of information to be able to come up with a 'reasonable' 'top
> 10 API'. Claudia, please familiarize yourself how the OWASP TOP 10
> is done and you will see how much input data is used over a period
> of *_3 years_* to come up with the 'TOP 10'. Thats is the reason
> why people take quite serious the 'top 10' and has gain such place
> in the appsec community.
>
> API's are dependent on programming languages and frameworks,
> requiring quite a lot of knowledge of each one to come up with
> some useful information. I can assure you that after a year, there
> won't be enough information in this project, this is no easy
> piece.If he has defined a scope such as ' TOP ten .NET API' would
> have been easier.
>
> The 'TOP ten privacy' also took more than a year of research
> before they could come up with some data. Keep in mind that if
> someone wants to do these kind of projects they definitely need to
> present some serious proposal otherwise the chance of being and
> empty project or dummy data is almost definitely.
>
> Dave should present a clear plan how he thinks he will achieve
> this and in the wiki page there is nothing conclusive and clear
> just 'The roadmap for this project is straightforward: we'll begin
> by conducting research and seeking feedback from developers and
> security auditors on the problems they most frequently encounter
> via web-based APIs. "
>
> IF this is a serious research there should be a _research
> proposal_ and this is not even the case. Documentation based on
> poor research methodologies serves to serious appsec people of no
> purpose. No one is going to use a 'top ten api' base on poor
> research , even worse, this will be damaging to owaps image.
>
> So I might sound strict, but is not about being nice, but helping
> the project leaders to understand their responsibilities with
> OWASP if they want to embark into a project like this.
>
> Regards
>
> Johanna
>
>
>
> On Wed, Nov 4, 2015 at 6:47 PM, Claudia Casanovas
> <claudia.aviles-casanovas at owasp.org
> <mailto:claudia.aviles-casanovas at owasp.org>> wrote:
>
> Hi Johanna,
>
> These two project leaders are working on their completion and
> I will ensure both are completed. They currently marked as In
> Process for the Project Task Force.
>
> https://www.owasp.org/index.php/OWASP_Security_Ninja_Program_Project
> <https://www.owasp.org/index.php/OWASP_Security_Ninja_Program_Project> -
>
> Wiki Page will be Deleted as Project Leader has a new name
> https://www.owasp.org/index.php/OWASP_Security_Ninja_Project
> <https://www.owasp.org/index.php/OWASP_Security_Ninja_Project>
> Page will be deleted (as this was only a name change instance)
> once the Project Leader adds the completed information.
>
> This particular project is taking over the work from on Secure
> Development Training Project which is in process of shutting
> down on which Tobias is the Project Leader and Chris Romeo
> will be taking over the project but with a new name and new
> added content. The Secure Development Training Project is not
> yet merged as Chris Romeo is working on the content on the new
> wiki page.
>
>
> David Shaw is working on the content and has been in contact
> with me this week.
> https://www.owasp.org/index.php/OWASP_API_Security_Project
> <https://www.owasp.org/index.php/OWASP_API_Security_Project>
>
> I agree on your concern and will be diligently working with
> the Project Leaders to ensure completion this week.
>
>
>
>
> On Wed, Nov 4, 2015 at 2:18 PM, johanna curiel curiel
> <johanna.curiel at owasp.org <mailto:johanna.curiel at owasp.org>>
> wrote:
>
> Hi Project Task Force, and members of the Board
>
> A while ago I noticed that people have decide to change
> the rules and allow empty projects , what that means is
> that there is nothing produced (not even a table of
> contents) and wiki pages are being setup as 'projects,
> even worse, templates with no content
>
> I feel quite disappointed to see this, especially after
> the amount of work I and other volunteers with some staff
> took to clean up the 'empty projects'
> These projects have no content delivered as mentioned on
> the conditions for starting a project
>
> https://www.owasp.org/index.php/OWASP_Security_Ninja_Program_Project
> https://www.owasp.org/index.php/OWASP_API_Security_Project
>
> Again, what is the benefit of changing the rules and allow
> this again?
>
> For documentation :(still is mentioned on the website)
> https://www.owasp.org/index.php/Category:OWASP_Project#tab=Starting_a_New_Project
>
> A - PROJECT
>
> 1. Project Name,
> 2. Project purpose / overview,
> 3. Project Roadmap,
> 4. Project links (if any) to external sites,
> 5. [[Guidelines_for_OWASP_Projects#Project_Licensing|Project
> License],]
> 6. Project Leader name,
> 7. Project Leader email address,
> 8. Project Leader wiki account - the username (you'll
> need this to edit the wiki),
> 9. Project Contributor(s) (if any) - name email and wiki
> account (if any),
> 10. Project Main Links (if any).
> 11. For Documentation: A table of Contents
> 12. For Code: A prototype hosted in an open source
> repository of your choice. Make sure it has read access
>
>
> regards
>
> Johanna
>
>
>
>
> --
>
>
> Claudia Aviles-Casanovas
> <mailto:claudia.aviles-casanovas at owasp.org>
> Project Coordinator
> Phone:973-288-1697 <tel:973-288-1697>
>
>
>
> _______________________________________________
> Owasp-board mailing list
> Owasp-board at lists.owasp.org <mailto:Owasp-board at lists.owasp.org>
> https://lists.owasp.org/mailman/listinfo/owasp-board
>
>
>
>
> --
> OWASP ZAP <https://www.owasp.org/index.php/ZAP> Project leader
>
>
> _______________________________________________
> Owasp-board mailing list
> Owasp-board at lists.owasp.org
> https://lists.owasp.org/mailman/listinfo/owasp-board
--
Jim Manico
Global Board Member
OWASP Foundation
https://www.owasp.org
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/owasp-board/attachments/20151105/f454776a/attachment-0001.html>
More information about the Owasp-board
mailing list