<html xmlns:v="urn:schemas-microsoft-com:vml" xmlns:o="urn:schemas-microsoft-com:office:office" xmlns:w="urn:schemas-microsoft-com:office:word" xmlns:x="urn:schemas-microsoft-com:office:excel" xmlns:p="urn:schemas-microsoft-com:office:powerpoint" xmlns:a="urn:schemas-microsoft-com:office:access" xmlns:dt="uuid:C2F41010-65B3-11d1-A29F-00AA00C14882" xmlns:s="uuid:BDC6E3F0-6DA3-11d1-A2A3-00AA00C14882" xmlns:rs="urn:schemas-microsoft-com:rowset" xmlns:z="#RowsetSchema" xmlns:b="urn:schemas-microsoft-com:office:publisher" xmlns:ss="urn:schemas-microsoft-com:office:spreadsheet" xmlns:c="urn:schemas-microsoft-com:office:component:spreadsheet" xmlns:odc="urn:schemas-microsoft-com:office:odc" xmlns:oa="urn:schemas-microsoft-com:office:activation" xmlns:html="http://www.w3.org/TR/REC-html40" xmlns:q="http://schemas.xmlsoap.org/soap/envelope/" xmlns:D="DAV:" xmlns:mt="http://schemas.microsoft.com/sharepoint/soap/meetings/" xmlns:x2="http://schemas.microsoft.com/office/excel/2003/xml" xmlns:ois="http://schemas.microsoft.com/sharepoint/soap/ois/" xmlns:dir="http://schemas.microsoft.com/sharepoint/soap/directory/" xmlns:ds="http://www.w3.org/2000/09/xmldsig#" xmlns:dsp="http://schemas.microsoft.com/sharepoint/dsp" xmlns:udc="http://schemas.microsoft.com/data/udc" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:sub="http://schemas.microsoft.com/sharepoint/soap/2002/1/alerts/" xmlns:ec="http://www.w3.org/2001/04/xmlenc#" xmlns:sp="http://schemas.microsoft.com/sharepoint/" xmlns:sps="http://schemas.microsoft.com/sharepoint/soap/" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:udcs="http://schemas.microsoft.com/data/udc/soap" xmlns:udcxf="http://schemas.microsoft.com/data/udc/xmlfile" xmlns:udcp2p="http://schemas.microsoft.com/data/udc/parttopart" xmlns:wf="http://schemas.microsoft.com/sharepoint/soap/workflow/" xmlns:dsss="http://schemas.microsoft.com/office/2006/digsig-setup" xmlns:dssi="http://schemas.microsoft.com/office/2006/digsig" xmlns:mdssi="http://schemas.openxmlformats.org/package/2006/digital-signature" xmlns:mver="http://schemas.openxmlformats.org/markup-compatibility/2006" xmlns:m="http://schemas.microsoft.com/office/2004/12/omml" xmlns:mrels="http://schemas.openxmlformats.org/package/2006/relationships" xmlns:spwp="http://microsoft.com/sharepoint/webpartpages" xmlns:ex12t="http://schemas.microsoft.com/exchange/services/2006/types" xmlns:ex12m="http://schemas.microsoft.com/exchange/services/2006/messages" xmlns:pptsl="http://schemas.microsoft.com/sharepoint/soap/SlideLibrary/" xmlns:spsl="http://microsoft.com/webservices/SharePointPortalServer/PublishedLinksService" xmlns:Z="urn:schemas-microsoft-com:" xmlns:st="" xmlns="http://www.w3.org/TR/REC-html40">

<head>
<META HTTP-EQUIV="Content-Type" CONTENT="text/html; charset=us-ascii">
<meta name=Generator content="Microsoft Word 12 (filtered medium)">
<style>
<!--
 /* Font Definitions */
 @font-face
        {font-family:"Cambria Math";
        panose-1:2 4 5 3 5 4 6 3 2 4;}
@font-face
        {font-family:Calibri;
        panose-1:2 15 5 2 2 2 4 3 2 4;}
@font-face
        {font-family:Tahoma;
        panose-1:2 11 6 4 3 5 4 4 2 4;}
 /* Style Definitions */
 p.MsoNormal, li.MsoNormal, div.MsoNormal
        {margin:0in;
        margin-bottom:.0001pt;
        font-size:11.0pt;
        font-family:"Calibri","sans-serif";}
a:link, span.MsoHyperlink
        {mso-style-priority:99;
        color:blue;
        text-decoration:underline;}
a:visited, span.MsoHyperlinkFollowed
        {mso-style-priority:99;
        color:purple;
        text-decoration:underline;}
p.MsoListParagraph, li.MsoListParagraph, div.MsoListParagraph
        {mso-style-priority:34;
        margin-top:0in;
        margin-right:0in;
        margin-bottom:10.0pt;
        margin-left:.5in;
        line-height:115%;
        font-size:11.0pt;
        font-family:"Calibri","sans-serif";}
span.EmailStyle18
        {mso-style-type:personal;
        font-family:"Calibri","sans-serif";
        color:windowtext;}
span.EmailStyle19
        {mso-style-type:personal;
        font-family:"Calibri","sans-serif";
        color:#1F497D;}
span.EmailStyle20
        {mso-style-type:personal-reply;
        font-family:"Calibri","sans-serif";
        color:#1F497D;}
.MsoChpDefault
        {mso-style-type:export-only;
        font-size:10.0pt;}
@page Section1
        {size:8.5in 11.0in;
        margin:1.0in 1.0in 1.0in 1.0in;}
div.Section1
        {page:Section1;}
 /* List Definitions */
 @list l0
        {mso-list-id:1183057671;
        mso-list-type:hybrid;
        mso-list-template-ids:-1825021652 168619142 134807555 134807557 134807553 134807555 134807557 134807553 134807555 134807557;}
@list l0:level1
        {mso-level-start-at:0;
        mso-level-number-format:bullet;
        mso-level-text:-;
        mso-level-tab-stop:none;
        mso-level-number-position:left;
        text-indent:-.25in;
        font-family:"Calibri","sans-serif";
        mso-fareast-font-family:Calibri;
        mso-bidi-font-family:"Times New Roman";}
@list l0:level2
        {mso-level-tab-stop:1.0in;
        mso-level-number-position:left;
        text-indent:-.25in;}
@list l0:level3
        {mso-level-tab-stop:1.5in;
        mso-level-number-position:left;
        text-indent:-.25in;}
@list l0:level4
        {mso-level-tab-stop:2.0in;
        mso-level-number-position:left;
        text-indent:-.25in;}
@list l0:level5
        {mso-level-tab-stop:2.5in;
        mso-level-number-position:left;
        text-indent:-.25in;}
@list l0:level6
        {mso-level-tab-stop:3.0in;
        mso-level-number-position:left;
        text-indent:-.25in;}
@list l0:level7
        {mso-level-tab-stop:3.5in;
        mso-level-number-position:left;
        text-indent:-.25in;}
@list l0:level8
        {mso-level-tab-stop:4.0in;
        mso-level-number-position:left;
        text-indent:-.25in;}
@list l0:level9
        {mso-level-tab-stop:4.5in;
        mso-level-number-position:left;
        text-indent:-.25in;}
ol
        {margin-bottom:0in;}
ul
        {margin-bottom:0in;}
-->
</style>
<!--[if gte mso 9]><xml>
 <o:shapedefaults v:ext="edit" spidmax="1026" />
</xml><![endif]--><!--[if gte mso 9]><xml>
 <o:shapelayout v:ext="edit">
  <o:idmap v:ext="edit" data="1" />
 </o:shapelayout></xml><![endif]-->
</head>

<body lang=EN-US link=blue vlink=purple>

<div class=Section1>

<p class=MsoNormal><span style='color:#1F497D'>I’m OK with this, although I’m
not a big fan of many of the suggestions below. But that’s OK. Lets get the ideas
out there and we can then make some decisions.<o:p></o:p></span></p>

<p class=MsoNormal><span style='color:#1F497D'><o:p> </o:p></span></p>

<p class=MsoNormal><span style='color:#1F497D'>-Dave<o:p></o:p></span></p>

<p class=MsoNormal><span style='color:#1F497D'><o:p> </o:p></span></p>

<div>

<div style='border:none;border-top:solid #B5C4DF 1.0pt;padding:3.0pt 0in 0in 0in'>

<p class=MsoNormal><b><span style='font-size:10.0pt;font-family:"Tahoma","sans-serif"'>From:</span></b><span
style='font-size:10.0pt;font-family:"Tahoma","sans-serif"'>
owasp-board-bounces@lists.owasp.org
[mailto:owasp-board-bounces@lists.owasp.org] <b>On Behalf Of </b>Paulo Coimbra<br>
<b>Sent:</b> Wednesday, March 04, 2009 11:25 AM<br>
<b>To:</b> 'OWASP Foundation Board List';
global_tools_and_project_committee@lists.owasp.org<br>
<b>Subject:</b> [Owasp-board] FW: REQUEST FOR DECISION/CALL FOR CONTRIBUTIONS
TO UPDATE THE ASSESSMENT CRITERIA<br>
<b>Importance:</b> High<o:p></o:p></span></p>

</div>

</div>

<p class=MsoNormal><o:p> </o:p></p>

<p class=MsoNormal style='text-align:justify'><span lang=EN-GB>Board, Project’s
Committee,<o:p></o:p></span></p>

<p class=MsoNormal style='text-align:justify'><span lang=EN-GB><o:p> </o:p></span></p>

<p class=MsoNormal style='text-align:justify'><span lang=EN-GB>In consequence
of the comments received in the last Committee meeting, I’ve introduced the changes
yellow underlined.  Please let me know if this email can be sent off.<b><i>
</i></b><o:p></o:p></span></p>

<p class=MsoNormal style='text-align:justify'><span lang=EN-GB
style='color:#1F497D'><o:p> </o:p></span></p>

<p class=MsoNormal style='text-align:justify'><span lang=EN-GB>Many thanks,
regards,<o:p></o:p></span></p>

<p class=MsoNormal style='text-align:justify'><span lang=EN-GB><o:p> </o:p></span></p>

<p class=MsoNormal style='text-align:justify'><span lang=EN-GB>Paulo<o:p></o:p></span></p>

<p class=MsoNormal style='text-align:justify'><span lang=EN-GB><o:p> </o:p></span></p>

<p class=MsoNormal style='text-align:justify'><span lang=EN-GB><o:p> </o:p></span></p>

<p class=MsoNormal style='text-align:justify'><span lang=EN-GB>Hello Leaders,<o:p></o:p></span></p>

<p class=MsoNormal style='text-align:justify'><span lang=EN-GB><o:p> </o:p></span></p>

<p class=MsoNormal style='text-align:justify'><span lang=EN-GB>I hope you are
well. <o:p></o:p></span></p>

<p class=MsoNormal style='text-align:justify'><span lang=EN-GB><o:p> </o:p></span></p>

<p class=MsoNormal style='text-align:justify'><span lang=EN-GB>You better than
anyone else know that OWASP as an organization has been built by your
continuous open contributions both by defining its mission, organizational
structure, rules and procedures and by leading the application security
projects that are its core of activity.<o:p></o:p></span></p>

<p class=MsoNormal style='text-align:justify'><span lang=EN-GB><o:p> </o:p></span></p>

<p class=MsoNormal style='text-align:justify'><span lang=EN-GB>In my today’s
call for contributions, procedures regarding projects development’s stage assessment
are the main issue.<o:p></o:p></span></p>

<p class=MsoNormal style='text-align:justify'><span lang=EN-GB><o:p> </o:p></span></p>

<p class=MsoNormal style='text-align:justify'><span lang=EN-GB>As you may know,
a system to evaluate OWASP projects is already in use and actually consists in
both a set of criteria <a
href="http://www.owasp.org/index.php/Category:OWASP_Project_Assessment">http://www.owasp.org/index.php/Category:OWASP_Project_Assessment</a>
and a skeleton/frame to implement it <a
href="http://www.owasp.org/index.php/OWASP_Live_CD_2008_Project_-_Assessment_Frame">http://www.owasp.org/index.php/OWASP_Live_CD_2008_Project_-_Assessment_Frame</a>
.<o:p></o:p></span></p>

<p class=MsoNormal style='text-align:justify'><span lang=EN-GB><o:p> </o:p></span></p>

<p class=MsoNormal style='text-align:justify'><span lang=EN-GB>With other few
subsequent modifications, this set of criteria has mainly resulted of a </span><span
lang=EN-GB style='font-size:10.0pt;font-family:"Tahoma","sans-serif"'>vigorous</span><span
lang=EN-GB> discussion held through this mailing list almost a year ago and
since then it has been used in all newly set up projects. <o:p></o:p></span></p>

<p class=MsoNormal style='text-align:justify'><span lang=EN-GB><o:p> </o:p></span></p>

<p class=MsoNormal style='text-align:justify'><span lang=EN-GB>Since then this
issue has been discussed consecutively in several different contexts. In our
Summit, for example, even if we haven’t committed a specific slot of time to
deal with this matter, it has collaterally arisen throughout many project’s
presentations. In addition, I regularly receive from OWASP Board requests to
make modifications, a systemic reflection is being held within the Project’s
Committee and, as result of my daily handling of projects under review, I am
obtaining some feedback from project leaders and reviewers. <o:p></o:p></span></p>

<p class=MsoNormal style='text-align:justify'><span lang=EN-GB><o:p> </o:p></span></p>

<p class=MsoNormal style='text-align:justify'><span lang=EN-GB>Overall, the
people with whom I’ve discussed this issue usually say that the procedure can
be improved and IMHO<span style='color:#1F497D'>, </span><span
style='background:yellow;mso-highlight:yellow'>even if I think<b><i> </i></b>the
Assessment Criteria is working and actually has been of great help,</span><span
style='color:#1F497D'> </span>they are right<span style='color:#1F497D'>. </span><o:p></o:p></span></p>

<p class=MsoNormal style='text-align:justify'><span lang=EN-GB><o:p> </o:p></span></p>

<p class=MsoNormal style='text-align:justify'><span lang=EN-GB>From these
discussions, I’ve retained that a handful of criteria have been proposed but
haven’t been implemented yet as forthcoming:<o:p></o:p></span></p>

<p class=MsoListParagraph style='text-align:justify;text-indent:-.25in;
mso-list:l0 level1 lfo2'><![if !supportLists]><span lang=EN-GB><span
style='mso-list:Ignore'>-<span style='font:7.0pt "Times New Roman"'>         
</span></span></span><![endif]><span lang=EN-GB>OWASP writing style (Tool
projects/Release Quality),<o:p></o:p></span></p>

<p class=MsoListParagraph style='text-align:justify;text-indent:-.25in;
mso-list:l0 level1 lfo2'><![if !supportLists]><span lang=EN-GB><span
style='mso-list:Ignore'>-<span style='font:7.0pt "Times New Roman"'>         
</span></span></span><![endif]><span lang=EN-GB>Translation (Tools and
Documentation/Release Quality),<o:p></o:p></span></p>

<p class=MsoListParagraph style='text-align:justify;text-indent:-.25in;
mso-list:l0 level1 lfo2'><![if !supportLists]><span lang=EN-GB><span
style='mso-list:Ignore'>-<span style='font:7.0pt "Times New Roman"'>         
</span></span></span><![endif]><span lang=EN-GB>Bi-monthly periodic news (Tools
and Documentation/non specified Quality status),<o:p></o:p></span></p>

<p class=MsoListParagraph style='text-align:justify;text-indent:-.25in;
mso-list:l0 level1 lfo2'><![if !supportLists]><span lang=EN-GB><span
style='mso-list:Ignore'>-<span style='font:7.0pt "Times New Roman"'>         
</span></span></span><![endif]><span lang=EN-GB>5 slide deck for OWASP Boot
Camp project (Tools and Documentation/Beta status),<o:p></o:p></span></p>

<p class=MsoListParagraph style='text-align:justify;text-indent:-.25in;
mso-list:l0 level1 lfo2'><![if !supportLists]><span lang=EN-GB><span
style='mso-list:Ignore'>-<span style='font:7.0pt "Times New Roman"'>         
</span></span></span><![endif]><span lang=EN-GB>Attribution rules (Tools and
Documentation/non specified Quality status), <o:p></o:p></span></p>

<p class=MsoListParagraph style='text-align:justify;text-indent:-.25in;
mso-list:l0 level1 lfo2'><![if !supportLists]><span lang=EN-GB><span
style='mso-list:Ignore'>-<span style='font:7.0pt "Times New Roman"'>         
</span></span></span><![endif]><span lang=EN-GB>Compulsory Project
Skeleton/Frame (Tools and Documentation/all Quality status), <o:p></o:p></span></p>

<p class=MsoListParagraph style='text-align:justify;text-indent:-.25in;
mso-list:l0 level1 lfo2'><![if !supportLists]><span lang=EN-GB><span
style='mso-list:Ignore'>-<span style='font:7.0pt "Times New Roman"'>         
</span></span></span><![endif]><span lang=EN-GB> Reviewer role - addition
and clarification, <o:p></o:p></span></p>

<p class=MsoListParagraph style='text-align:justify'><span lang=EN-GB><a
href="http://owaspsoc2008.wordpress.com/2008/07/15/assessment-guidance/">http://owaspsoc2008.wordpress.com/2008/07/15/assessment-guidance/</a><o:p></o:p></span></p>

<p class=MsoListParagraph style='text-align:justify;text-indent:-.25in;
mso-list:l0 level1 lfo2'><![if !supportLists]><span lang=EN-GB><span
style='mso-list:Ignore'>-<span style='font:7.0pt "Times New Roman"'>         
</span></span></span><![endif]><span lang=EN-GB>Mentor role addition and
definition.<o:p></o:p></span></p>

<p class=MsoNormal style='text-align:justify'><span lang=EN-GB>In addition, as
far as I am concerned, a few more structural comments have also been made. Even
without pointing out alternative technical solutions, at least a  couple
of them have questioned the rationale of working with tables in wiki text and
others have pointed out the willingness of having a project’s page similar to, </span>for
example<span style='color:#1F497D'>,</span><span lang=EN-GB> this one </span><span
style='color:#1F497D'><a href="http://www.hdiv.org/">http://www.hdiv.org/</a>. </span><span
lang=EN-GB><o:p></o:p></span></p>

<p class=MsoNormal style='text-align:justify'><span lang=EN-GB><o:p> </o:p></span></p>

<p class=MsoNormal style='text-align:justify'><span lang=EN-GB>Having said all
the above with the intention of giving you a picture of the current situation,
I ask for your contribution so as to update the OWASP Assessment Criteria. <o:p></o:p></span></p>

<p class=MsoNormal style='text-align:justify'><span lang=EN-GB><o:p> </o:p></span></p>

<p class=MsoNormal style='text-align:justify'><span lang=EN-GB>In operational
terms, I’ve replicated the Assessment Criteria page <a
href="http://www.owasp.org/index.php/Category:OWASP_Project_Assessment_-_Update">http://www.owasp.org/index.php/Category:OWASP_Project_Assessment_-_Update</a>
and propose you introduce your changes directly on it. As soon as we finish the
discussion phase, all the contributions will be moved to the original wiki
page. With the goal of enhancing the discussion, I also propose you use this mailing
list to inform which changes are being proposed and the reason or goal for
doing so. <span style='background:yellow;mso-highlight:yellow'>We are also
building a Google questionnaire to collect your opinions and contributions and,
as soon as it is finished, it will be sent off.</span><o:p></o:p></span></p>

<p class=MsoNormal style='text-align:justify'><span lang=EN-GB><o:p> </o:p></span></p>

<p class=MsoNormal style='text-align:justify'><span lang=EN-GB>Please do have
into account that you proposals can have implications in the assessment frame
that we are currently using and, if it happens, please present a compatible
solution.  <o:p></o:p></span></p>

<p class=MsoNormal style='text-align:justify'><span lang=EN-GB
style='color:#1F497D'><o:p> </o:p></span></p>

<p class=MsoNormal style='text-align:justify'><span lang=EN-GB
style='background:yellow;mso-highlight:yellow'>To conclude, I would like to
inform you that the Project’s Committee propose that, as soon as we finish this
discussion, we establish as a rule to apply to all OWASP Projects that the
quality categorization must respect the revised assessment criteria which
eventually will mean that all projects not assessed under these rules will be
placed under Alpha Quality status.</span><span lang=EN-GB> <o:p></o:p></span></p>

<p class=MsoNormal style='text-align:justify'><b><i><span lang=EN-GB
style='color:#1F497D'><o:p> </o:p></span></i></b></p>

<p class=MsoNormal style='text-align:justify'><span lang=EN-GB>I thank you all
in anticipation and look forward to having your indispensable feedback.<o:p></o:p></span></p>

<p class=MsoNormal style='text-align:justify'><span lang=EN-GB>Regards,<o:p></o:p></span></p>

<p class=MsoNormal><span lang=EN-GB><o:p> </o:p></span></p>

<p class=MsoNormal><span lang=PT>Paulo Coimbra,<o:p></o:p></span></p>

<p class=MsoNormal><span lang=PT><a
href="https://www.owasp.org/index.php/Main_Page">OWASP Project Manager</a><o:p></o:p></span></p>

<p class=MsoNormal><span lang=EN-GB><o:p> </o:p></span></p>

</div>

</body>

</html>