<html xmlns:v="urn:schemas-microsoft-com:vml" xmlns:o="urn:schemas-microsoft-com:office:office" xmlns:w="urn:schemas-microsoft-com:office:word" xmlns:x="urn:schemas-microsoft-com:office:excel" xmlns:p="urn:schemas-microsoft-com:office:powerpoint" xmlns:a="urn:schemas-microsoft-com:office:access" xmlns:dt="uuid:C2F41010-65B3-11d1-A29F-00AA00C14882" xmlns:s="uuid:BDC6E3F0-6DA3-11d1-A2A3-00AA00C14882" xmlns:rs="urn:schemas-microsoft-com:rowset" xmlns:z="#RowsetSchema" xmlns:b="urn:schemas-microsoft-com:office:publisher" xmlns:ss="urn:schemas-microsoft-com:office:spreadsheet" xmlns:c="urn:schemas-microsoft-com:office:component:spreadsheet" xmlns:odc="urn:schemas-microsoft-com:office:odc" xmlns:oa="urn:schemas-microsoft-com:office:activation" xmlns:html="http://www.w3.org/TR/REC-html40" xmlns:q="http://schemas.xmlsoap.org/soap/envelope/" xmlns:D="DAV:" xmlns:mt="http://schemas.microsoft.com/sharepoint/soap/meetings/" xmlns:x2="http://schemas.microsoft.com/office/excel/2003/xml" xmlns:ois="http://schemas.microsoft.com/sharepoint/soap/ois/" xmlns:dir="http://schemas.microsoft.com/sharepoint/soap/directory/" xmlns:ds="http://www.w3.org/2000/09/xmldsig#" xmlns:dsp="http://schemas.microsoft.com/sharepoint/dsp" xmlns:udc="http://schemas.microsoft.com/data/udc" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:sub="http://schemas.microsoft.com/sharepoint/soap/2002/1/alerts/" xmlns:ec="http://www.w3.org/2001/04/xmlenc#" xmlns:sp="http://schemas.microsoft.com/sharepoint/" xmlns:sps="http://schemas.microsoft.com/sharepoint/soap/" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:udcs="http://schemas.microsoft.com/data/udc/soap" xmlns:udcxf="http://schemas.microsoft.com/data/udc/xmlfile" xmlns:udcp2p="http://schemas.microsoft.com/data/udc/parttopart" xmlns:wf="http://schemas.microsoft.com/sharepoint/soap/workflow/" xmlns:dsss="http://schemas.microsoft.com/office/2006/digsig-setup" xmlns:dssi="http://schemas.microsoft.com/office/2006/digsig" xmlns:mdssi="http://schemas.openxmlformats.org/package/2006/digital-signature" xmlns:mver="http://schemas.openxmlformats.org/markup-compatibility/2006" xmlns:m="http://schemas.microsoft.com/office/2004/12/omml" xmlns:mrels="http://schemas.openxmlformats.org/package/2006/relationships" xmlns:spwp="http://microsoft.com/sharepoint/webpartpages" xmlns:ex12t="http://schemas.microsoft.com/exchange/services/2006/types" xmlns:ex12m="http://schemas.microsoft.com/exchange/services/2006/messages" xmlns:pptsl="http://schemas.microsoft.com/sharepoint/soap/SlideLibrary/" xmlns:spsl="http://microsoft.com/webservices/SharePointPortalServer/PublishedLinksService" xmlns:Z="urn:schemas-microsoft-com:" xmlns:st="" xmlns="http://www.w3.org/TR/REC-html40">

<head>
<meta http-equiv=Content-Type content="text/html; charset=us-ascii">
<meta name=Generator content="Microsoft Word 12 (filtered medium)">
<style>
<!--
 /* Font Definitions */
 @font-face
        {font-family:"Cambria Math";
        panose-1:2 4 5 3 5 4 6 3 2 4;}
@font-face
        {font-family:Calibri;
        panose-1:2 15 5 2 2 2 4 3 2 4;}
@font-face
        {font-family:Tahoma;
        panose-1:2 11 6 4 3 5 4 4 2 4;}
 /* Style Definitions */
 p.MsoNormal, li.MsoNormal, div.MsoNormal
        {margin:0cm;
        margin-bottom:.0001pt;
        font-size:11.0pt;
        font-family:"Calibri","sans-serif";}
a:link, span.MsoHyperlink
        {mso-style-priority:99;
        color:blue;
        text-decoration:underline;}
a:visited, span.MsoHyperlinkFollowed
        {mso-style-priority:99;
        color:purple;
        text-decoration:underline;}
p.MsoListParagraph, li.MsoListParagraph, div.MsoListParagraph
        {mso-style-priority:34;
        margin-top:0cm;
        margin-right:0cm;
        margin-bottom:10.0pt;
        margin-left:36.0pt;
        line-height:115%;
        font-size:11.0pt;
        font-family:"Calibri","sans-serif";}
p.MsoListParagraphCxSpFirst, li.MsoListParagraphCxSpFirst, div.MsoListParagraphCxSpFirst
        {mso-style-priority:34;
        mso-style-type:export-only;
        margin-top:0cm;
        margin-right:0cm;
        margin-bottom:0cm;
        margin-left:36.0pt;
        margin-bottom:.0001pt;
        line-height:115%;
        font-size:11.0pt;
        font-family:"Calibri","sans-serif";}
p.MsoListParagraphCxSpMiddle, li.MsoListParagraphCxSpMiddle, div.MsoListParagraphCxSpMiddle
        {mso-style-priority:34;
        mso-style-type:export-only;
        margin-top:0cm;
        margin-right:0cm;
        margin-bottom:0cm;
        margin-left:36.0pt;
        margin-bottom:.0001pt;
        line-height:115%;
        font-size:11.0pt;
        font-family:"Calibri","sans-serif";}
p.MsoListParagraphCxSpLast, li.MsoListParagraphCxSpLast, div.MsoListParagraphCxSpLast
        {mso-style-priority:34;
        mso-style-type:export-only;
        margin-top:0cm;
        margin-right:0cm;
        margin-bottom:10.0pt;
        margin-left:36.0pt;
        line-height:115%;
        font-size:11.0pt;
        font-family:"Calibri","sans-serif";}
span.EmailStyle17
        {mso-style-type:personal-compose;
        font-family:"Calibri","sans-serif";
        color:windowtext;}
.MsoChpDefault
        {mso-style-type:export-only;}
@page Section1
        {size:612.0pt 792.0pt;
        margin:72.0pt 72.0pt 72.0pt 72.0pt;}
div.Section1
        {page:Section1;}
 /* List Definitions */
 @list l0
        {mso-list-id:1183057671;
        mso-list-type:hybrid;
        mso-list-template-ids:-1825021652 168619142 134807555 134807557 134807553 134807555 134807557 134807553 134807555 134807557;}
@list l0:level1
        {mso-level-start-at:0;
        mso-level-number-format:bullet;
        mso-level-text:-;
        mso-level-tab-stop:none;
        mso-level-number-position:left;
        text-indent:-18.0pt;
        font-family:"Calibri","sans-serif";
        mso-fareast-font-family:Calibri;
        mso-bidi-font-family:"Times New Roman";}
@list l0:level2
        {mso-level-tab-stop:72.0pt;
        mso-level-number-position:left;
        text-indent:-18.0pt;}
@list l0:level3
        {mso-level-tab-stop:108.0pt;
        mso-level-number-position:left;
        text-indent:-18.0pt;}
@list l0:level4
        {mso-level-tab-stop:144.0pt;
        mso-level-number-position:left;
        text-indent:-18.0pt;}
@list l0:level5
        {mso-level-tab-stop:180.0pt;
        mso-level-number-position:left;
        text-indent:-18.0pt;}
@list l0:level6
        {mso-level-tab-stop:216.0pt;
        mso-level-number-position:left;
        text-indent:-18.0pt;}
@list l0:level7
        {mso-level-tab-stop:252.0pt;
        mso-level-number-position:left;
        text-indent:-18.0pt;}
@list l0:level8
        {mso-level-tab-stop:288.0pt;
        mso-level-number-position:left;
        text-indent:-18.0pt;}
@list l0:level9
        {mso-level-tab-stop:324.0pt;
        mso-level-number-position:left;
        text-indent:-18.0pt;}
ol
        {margin-bottom:0cm;}
ul
        {margin-bottom:0cm;}
-->
</style>
<!--[if gte mso 9]><xml>
 <o:shapedefaults v:ext="edit" spidmax="1026" />
</xml><![endif]--><!--[if gte mso 9]><xml>
 <o:shapelayout v:ext="edit">
  <o:idmap v:ext="edit" data="1" />
 </o:shapelayout></xml><![endif]-->
</head>

<body lang=EN-GB link=blue vlink=purple>

<div class=Section1>

<p class=MsoNormal style='text-align:justify'>Board, Project’s Committee,<o:p></o:p></p>

<p class=MsoNormal style='text-align:justify'><o:p> </o:p></p>

<p class=MsoNormal style='text-align:justify'>Please see below and let me know
if you think appropriate we send off this call for contributions to our leaders’
mailing list. It goes without saying, feel free to change it as you find best. <o:p></o:p></p>

<p class=MsoNormal style='text-align:justify'><o:p> </o:p></p>

<p class=MsoNormal style='text-align:justify'>Many thanks, regards,<o:p></o:p></p>

<p class=MsoNormal style='text-align:justify'><o:p> </o:p></p>

<p class=MsoNormal style='text-align:justify'>Paulo<o:p></o:p></p>

<p class=MsoNormal style='text-align:justify'><o:p> </o:p></p>

<p class=MsoNormal style='text-align:justify'><o:p> </o:p></p>

<p class=MsoNormal style='text-align:justify'>Hello Leaders,<o:p></o:p></p>

<p class=MsoNormal style='text-align:justify'><o:p> </o:p></p>

<p class=MsoNormal style='text-align:justify'>I hope you are well. <o:p></o:p></p>

<p class=MsoNormal style='text-align:justify'><o:p> </o:p></p>

<p class=MsoNormal style='text-align:justify'>You better than anyone else know
that OWASP as an organization has been built by your continuous open
contributions both by defining its mission, organizational structure, rules and
procedures and by leading the application security projects that are its core
of activity.<o:p></o:p></p>

<p class=MsoNormal style='text-align:justify'><o:p> </o:p></p>

<p class=MsoNormal style='text-align:justify'>In my today’s call for
contributions, procedures regarding projects development’s stage
assessment are the main issue.<o:p></o:p></p>

<p class=MsoNormal style='text-align:justify'><o:p> </o:p></p>

<p class=MsoNormal style='text-align:justify'>As you may know, a system to
evaluate OWASP projects is already in use and actually consists in both a set
of criteria <a
href="http://www.owasp.org/index.php/Category:OWASP_Project_Assessment">http://www.owasp.org/index.php/Category:OWASP_Project_Assessment</a>
and a skeleton/frame to implement it <a
href="http://www.owasp.org/index.php/OWASP_Live_CD_2008_Project_-_Assessment_Frame">http://www.owasp.org/index.php/OWASP_Live_CD_2008_Project_-_Assessment_Frame</a>
.<o:p></o:p></p>

<p class=MsoNormal style='text-align:justify'><o:p> </o:p></p>

<p class=MsoNormal style='text-align:justify'>With other few subsequent
modifications, this set of criteria has mainly resulted of a <span
style='font-size:10.0pt;font-family:"Tahoma","sans-serif"'>vigorous</span>
discussion held through this mailing list almost a year ago and since then it
has been used in all newly set up projects. <o:p></o:p></p>

<p class=MsoNormal style='text-align:justify'><o:p> </o:p></p>

<p class=MsoNormal style='text-align:justify'>Since then this issue has been
discussed consecutively in several different contexts. In our Summit, for
example, even if we haven’t committed a specific slot of time to deal
with this matter, it has collaterally arisen throughout many project’s
presentations. In addition, I regularly receive from OWASP Board requests to
make modifications, a systemic reflection is being held within the
Project’s Committee and, as result of my daily handling of projects under
review, I am obtaining some feedback from project leaders and reviewers. <o:p></o:p></p>

<p class=MsoNormal style='text-align:justify'><o:p> </o:p></p>

<p class=MsoNormal style='text-align:justify'>Overall, the people with whom
I’ve discussed this issue usually say that the procedure can be improved
and IMHO they are right. <o:p></o:p></p>

<p class=MsoNormal style='text-align:justify'><o:p> </o:p></p>

<p class=MsoNormal style='text-align:justify'>From these discussions,
I’ve retained that a handful of criteria have been proposed but
haven’t been implemented yet as forthcoming:<o:p></o:p></p>

<p class=MsoListParagraphCxSpFirst style='text-align:justify;text-indent:-18.0pt;
mso-list:l0 level1 lfo1'><![if !supportLists]><span style='mso-list:Ignore'>-<span
style='font:7.0pt "Times New Roman"'>         
</span></span><![endif]>OWASP writing style (Tool projects/Release Quality),<o:p></o:p></p>

<p class=MsoListParagraphCxSpMiddle style='text-align:justify;text-indent:-18.0pt;
mso-list:l0 level1 lfo1'><![if !supportLists]><span style='mso-list:Ignore'>-<span
style='font:7.0pt "Times New Roman"'>         
</span></span><![endif]>Translation (Tools and Documentation/Release Quality),<o:p></o:p></p>

<p class=MsoListParagraphCxSpMiddle style='text-align:justify;text-indent:-18.0pt;
mso-list:l0 level1 lfo1'><![if !supportLists]><span style='mso-list:Ignore'>-<span
style='font:7.0pt "Times New Roman"'>         
</span></span><![endif]>Bi-monthly periodic news (Tools and Documentation/non
specified Quality status),<o:p></o:p></p>

<p class=MsoListParagraphCxSpMiddle style='text-align:justify;text-indent:-18.0pt;
mso-list:l0 level1 lfo1'><![if !supportLists]><span style='mso-list:Ignore'>-<span
style='font:7.0pt "Times New Roman"'>         
</span></span><![endif]>5 slide deck for OWASP Boot Camp project (Tools and
Documentation/Beta status),<o:p></o:p></p>

<p class=MsoListParagraphCxSpMiddle style='text-align:justify;text-indent:-18.0pt;
mso-list:l0 level1 lfo1'><![if !supportLists]><span style='mso-list:Ignore'>-<span
style='font:7.0pt "Times New Roman"'>         
</span></span><![endif]>Attribution rules (Tools and Documentation/non
specified Quality status), <o:p></o:p></p>

<p class=MsoListParagraphCxSpMiddle style='text-align:justify;text-indent:-18.0pt;
mso-list:l0 level1 lfo1'><![if !supportLists]><span style='mso-list:Ignore'>-<span
style='font:7.0pt "Times New Roman"'>         
</span></span><![endif]>Compulsory Project Skeleton/Frame (Tools and
Documentation/all Quality status), <o:p></o:p></p>

<p class=MsoListParagraphCxSpMiddle style='text-align:justify;text-indent:-18.0pt;
mso-list:l0 level1 lfo1'><![if !supportLists]><span style='mso-list:Ignore'>-<span
style='font:7.0pt "Times New Roman"'>         
</span></span><![endif]> Reviewer role - addition and clarification, <o:p></o:p></p>

<p class=MsoListParagraphCxSpMiddle style='text-align:justify'><a
href="http://owaspsoc2008.wordpress.com/2008/07/15/assessment-guidance/">http://owaspsoc2008.wordpress.com/2008/07/15/assessment-guidance/</a><o:p></o:p></p>

<p class=MsoListParagraphCxSpLast style='text-align:justify;text-indent:-18.0pt;
mso-list:l0 level1 lfo1'><![if !supportLists]><span style='mso-list:Ignore'>-<span
style='font:7.0pt "Times New Roman"'>         
</span></span><![endif]>Mentor role addition and definition.<o:p></o:p></p>

<p class=MsoNormal style='text-align:justify'>In addition, as far as I am
concerned, a few more structural comments have also been made. Even without
pointing out alternative technical solutions, at least a  couple of them
have questioned the rationale of working with tables in wiki text and others
have pointed out the willingness of having a project’s page similar to, <span
lang=EN-US>for example<span style='color:#1F497D'>,</span></span> this one <span
lang=EN-US style='color:#1F497D'><a href="http://www.hdiv.org/">http://www.hdiv.org/</a>.
</span><o:p></o:p></p>

<p class=MsoNormal style='text-align:justify'><o:p> </o:p></p>

<p class=MsoNormal style='text-align:justify'>Having said all the above with
the intention of giving you a picture of the current situation, I ask for your
contribution so as to update the OWASP Assessment Criteria. <o:p></o:p></p>

<p class=MsoNormal style='text-align:justify'><o:p> </o:p></p>

<p class=MsoNormal style='text-align:justify'>In operational terms, I’ve
replicated the Assessment Criteria page <a
href="http://www.owasp.org/index.php/Category:OWASP_Project_Assessment_-_Update">http://www.owasp.org/index.php/Category:OWASP_Project_Assessment_-_Update</a>
and propose you introduce your changes directly on it. As soon as we finish the
discussion phase, all the contributions will be moved to the original wiki
page. With the goal of enhancing the discussion, I also propose you use this
mailing list to inform which changes are being proposed and the reason or goal
for doing so. <o:p></o:p></p>

<p class=MsoNormal style='text-align:justify'><o:p> </o:p></p>

<p class=MsoNormal style='text-align:justify'>Please do have into account that
you proposals can have implications in the assessment frame that we are
currently using and, if it happens, please present a compatible solution. 
<o:p></o:p></p>

<p class=MsoNormal style='text-align:justify'><o:p> </o:p></p>

<p class=MsoNormal style='text-align:justify'>I thank you all in anticipation
and look forward to having your indispensable feedback.<o:p></o:p></p>

<p class=MsoNormal style='text-align:justify'>Regards,<o:p></o:p></p>

<p class=MsoNormal><o:p> </o:p></p>

<p class=MsoNormal><span lang=PT>Paulo Coimbra,<o:p></o:p></span></p>

<p class=MsoNormal><span lang=PT><a
href="https://www.owasp.org/index.php/Main_Page">OWASP Project Manager</a><o:p></o:p></span></p>

<p class=MsoNormal><o:p> </o:p></p>

</div>

</body>

</html>