<html xmlns:v="urn:schemas-microsoft-com:vml" xmlns:o="urn:schemas-microsoft-com:office:office" xmlns:w="urn:schemas-microsoft-com:office:word" xmlns:x="urn:schemas-microsoft-com:office:excel" xmlns:p="urn:schemas-microsoft-com:office:powerpoint" xmlns:a="urn:schemas-microsoft-com:office:access" xmlns:dt="uuid:C2F41010-65B3-11d1-A29F-00AA00C14882" xmlns:s="uuid:BDC6E3F0-6DA3-11d1-A2A3-00AA00C14882" xmlns:rs="urn:schemas-microsoft-com:rowset" xmlns:z="#RowsetSchema" xmlns:b="urn:schemas-microsoft-com:office:publisher" xmlns:ss="urn:schemas-microsoft-com:office:spreadsheet" xmlns:c="urn:schemas-microsoft-com:office:component:spreadsheet" xmlns:odc="urn:schemas-microsoft-com:office:odc" xmlns:oa="urn:schemas-microsoft-com:office:activation" xmlns:html="http://www.w3.org/TR/REC-html40" xmlns:q="http://schemas.xmlsoap.org/soap/envelope/" xmlns:D="DAV:" xmlns:x2="http://schemas.microsoft.com/office/excel/2003/xml" xmlns:ois="http://schemas.microsoft.com/sharepoint/soap/ois/" xmlns:dir="http://schemas.microsoft.com/sharepoint/soap/directory/" xmlns:ds="http://www.w3.org/2000/09/xmldsig#" xmlns:dsp="http://schemas.microsoft.com/sharepoint/dsp" xmlns:udc="http://schemas.microsoft.com/data/udc" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:sub="http://schemas.microsoft.com/sharepoint/soap/2002/1/alerts/" xmlns:ec="http://www.w3.org/2001/04/xmlenc#" xmlns:sp="http://schemas.microsoft.com/sharepoint/" xmlns:sps="http://schemas.microsoft.com/sharepoint/soap/" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:udcs="http://schemas.microsoft.com/data/udc/soap" xmlns:udcxf="http://schemas.microsoft.com/data/udc/xmlfile" xmlns:udcp2p="http://schemas.microsoft.com/data/udc/parttopart" xmlns:wf="http://schemas.microsoft.com/sharepoint/soap/workflow/" xmlns:dsss="http://schemas.microsoft.com/office/2006/digsig-setup" xmlns:dssi="http://schemas.microsoft.com/office/2006/digsig" xmlns:mdssi="http://schemas.openxmlformats.org/package/2006/digital-signature" xmlns:mver="http://schemas.openxmlformats.org/markup-compatibility/2006" xmlns:m="http://schemas.microsoft.com/office/2004/12/omml" xmlns:mrels="http://schemas.openxmlformats.org/package/2006/relationships" xmlns:spwp="http://microsoft.com/sharepoint/webpartpages" xmlns:ex12t="http://schemas.microsoft.com/exchange/services/2006/types" xmlns:ex12m="http://schemas.microsoft.com/exchange/services/2006/messages" xmlns:pptsl="http://schemas.microsoft.com/sharepoint/soap/SlideLibrary/" xmlns:spsl="http://microsoft.com/webservices/SharePointPortalServer/PublishedLinksService" xmlns:Z="urn:schemas-microsoft-com:" xmlns:st="" xmlns="http://www.w3.org/TR/REC-html40">

<head>
<meta http-equiv=Content-Type content="text/html; charset=us-ascii">
<meta name=Generator content="Microsoft Word 12 (filtered medium)">
<style>
<!--
 /* Font Definitions */
 @font-face
        {font-family:"Cambria Math";
        panose-1:2 4 5 3 5 4 6 3 2 4;}
@font-face
        {font-family:Calibri;
        panose-1:2 15 5 2 2 2 4 3 2 4;}
@font-face
        {font-family:Tahoma;
        panose-1:2 11 6 4 3 5 4 4 2 4;}
 /* Style Definitions */
 p.MsoNormal, li.MsoNormal, div.MsoNormal
        {margin:0cm;
        margin-bottom:.0001pt;
        font-size:12.0pt;
        font-family:"Times New Roman","serif";}
a:link, span.MsoHyperlink
        {mso-style-priority:99;
        color:blue;
        text-decoration:underline;}
a:visited, span.MsoHyperlinkFollowed
        {mso-style-priority:99;
        color:purple;
        text-decoration:underline;}
span.EmailStyle17
        {mso-style-type:personal-reply;
        font-family:"Calibri","sans-serif";
        color:#1F497D;}
.MsoChpDefault
        {mso-style-type:export-only;}
@page Section1
        {size:612.0pt 792.0pt;
        margin:72.0pt 72.0pt 72.0pt 72.0pt;}
div.Section1
        {page:Section1;}
-->
</style>
<!--[if gte mso 9]><xml>
 <o:shapedefaults v:ext="edit" spidmax="1026" />
</xml><![endif]--><!--[if gte mso 9]><xml>
 <o:shapelayout v:ext="edit">
  <o:idmap v:ext="edit" data="1" />
 </o:shapelayout></xml><![endif]-->
</head>

<body lang=EN-GB link=blue vlink=purple>

<div class=Section1>

<p class=MsoNormal style='text-align:justify'><span style='font-size:11.0pt;
font-family:"Calibri","sans-serif";color:#1F497D'>Hello Leonardo,<o:p></o:p></span></p>

<p class=MsoNormal style='text-align:justify'><span style='font-size:11.0pt;
font-family:"Calibri","sans-serif";color:#1F497D'><o:p> </o:p></span></p>

<p class=MsoNormal style='text-align:justify'><span style='font-size:11.0pt;
font-family:"Calibri","sans-serif";color:#1F497D'>I thank your clear feedback
regarding the ASDR status and I am glad to hear that important progress have
been made. I am also pleased to know that you are thinking in pushing the project
up the ladder in the next season of code - as you know the guide’s
integration is an issue currently at stake and maybe some efforts towards this
direction can to this point be made.<o:p></o:p></span></p>

<p class=MsoNormal style='text-align:justify'><span style='font-size:11.0pt;
font-family:"Calibri","sans-serif";color:#1F497D'><o:p> </o:p></span></p>

<p class=MsoNormal style='text-align:justify'><span style='font-size:11.0pt;
font-family:"Calibri","sans-serif";color:#1F497D'>As for the circumstances in
which you have worked, I understand the difficulty you have faced to find
volunteers. The path we have followed, under which we have allocated four
reviewers to this project instead of the usual two, definitely didn’t
work. We did so to get additional help because we had anticipated the task’s
grandiosity but it seems now clear that we have mixed reviewer’s and
contributor’s roles.  I would say we need to learn this lesson.<o:p></o:p></span></p>

<p class=MsoNormal style='text-align:justify'><span style='font-size:11.0pt;
font-family:"Calibri","sans-serif";color:#1F497D'><o:p> </o:p></span></p>

<p class=MsoNormal style='text-align:justify'><span style='font-size:11.0pt;
font-family:"Calibri","sans-serif";color:#1F497D'>Regarding the SoC’s payment,
even if none review has been done except yours, IMHO it could be evaluated given
that 80% of the approved roadmap has been accomplished and two extra-planned
tasks have been performed, i.e. the identification of the most important
subclasses for each category and the articles’ cleaning. <o:p></o:p></span></p>

<p class=MsoNormal style='text-align:justify'><span style='font-size:11.0pt;
font-family:"Calibri","sans-serif";color:#1F497D'><o:p> </o:p></span></p>

<p class=MsoNormal style='text-align:justify'><span style='font-size:11.0pt;
font-family:"Calibri","sans-serif";color:#1F497D'>Therefore, I am carbon copying
both the Board and the Project’s Committee to have their say on the issue.
I am sure very soon we will receive the appropriate response.<o:p></o:p></span></p>

<p class=MsoNormal style='text-align:justify'><span style='font-size:11.0pt;
font-family:"Calibri","sans-serif";color:#1F497D'><o:p> </o:p></span></p>

<p class=MsoNormal style='text-align:justify'><span style='font-size:11.0pt;
font-family:"Calibri","sans-serif";color:#1F497D'>Many thanks, best regards,<o:p></o:p></span></p>

<p class=MsoNormal style='text-align:justify'><span style='font-size:11.0pt;
font-family:"Calibri","sans-serif";color:#1F497D'> <o:p></o:p></span></p>

<p class=MsoNormal><span lang=PT style='font-size:11.0pt;font-family:"Calibri","sans-serif";
color:#1F497D'>Paulo Coimbra,<o:p></o:p></span></p>

<p class=MsoNormal><span lang=PT style='font-size:11.0pt;font-family:"Calibri","sans-serif";
color:#1F497D'><a href="https://www.owasp.org/index.php/Main_Page"><span
style='color:blue'>OWASP Project Manager</span></a><o:p></o:p></span></p>

<p class=MsoNormal><span lang=PT style='font-size:11.0pt;font-family:"Calibri","sans-serif";
color:#1F497D'><o:p> </o:p></span></p>

<div style='border:none;border-left:solid blue 1.5pt;padding:0cm 0cm 0cm 4.0pt'>

<div>

<div style='border:none;border-top:solid #B5C4DF 1.0pt;padding:3.0pt 0cm 0cm 0cm'>

<p class=MsoNormal><b><span lang=EN-US style='font-size:10.0pt;font-family:
"Tahoma","sans-serif"'>From:</span></b><span lang=EN-US style='font-size:10.0pt;
font-family:"Tahoma","sans-serif"'> Leonardo Cavallari Militelli
[mailto:leonardocavallari@gmail.com] <br>
<b>Sent:</b> segunda-feira, 16 de Fevereiro de 2009 19:22<br>
<b>To:</b> paulo.coimbra@owasp.org; dinis cruz; Jeff Williams; Dave Wichers;
Tom Brennan; seba@owasp.org<br>
<b>Subject:</b> ASDR SoC Final Review<o:p></o:p></span></p>

</div>

</div>

<p class=MsoNormal><o:p> </o:p></p>

<p class=MsoNormal>Hello Paulo and Board,<br>
<br>
I'm writing to inform that SoC final review of ASDR was just made. Here's the <a
href="https://www.owasp.org/index.php/Project_Information:template_ASDR_Project_-_Final_Review_-_Self_Evaluation_-_B">part
B of my evaluation.</a><br>
As you might know, many things didn't worked out as I expected thus making
really difficult to reach all the goals I had proposed.<br>
The major problem was on get volunteers to develop articles.<br>
<br>
However, two other important activities that were raised during SoC have been
done. The first was to identify the most important subclasses for each
category. This will help on articles classification and head to a taxonomy
model. CWE, Fortify, McGraws models were investigated and I believe we could
identify the most suitable for OWASP contents.<br>
The second activity was clean up the articles. Kirsten and I had identified
around 300 not proper articles to be deleted, which were much more on Quality
assurance than application security or were duplicated. Lots of those were
donated by Fortify and many others were created exaclty as they appear on
Mitre's CWE/CAPEC, just to let you know.<br>
<br>
Also, as you can see on <a
href="https://www.owasp.org/index.php/OWASP_ASDR_Project_-_Assessment_Frame">project
assessment frame</a>, no review from reviewers was done, once not much contents
were developed to be reviewed. They help me mainly on discussing
categories/subclasses and sharing their visions about project mid-long future.<br>
<br>
I believe that from now on it's possible to succed and proper coordinate
volunteers on ASDR articles development, as project structure is much more
cleaner and easier to people understand what it's all about. I presume that we
can have a Release quality version for the current articles on next season of
code/quality.<br>
<br>
Let me know your thoughts about all the work that was done, feedbacks and
improvements for the project<br>
Best,<br>
<br>
Leo Cavallari<o:p></o:p></p>

</div>

</div>

</body>

</html>