<div dir="ltr">Board and Kate,<div><br></div><div>I think the SWAP is looking for a way to work together with us? Clearly, the nature of their project cannot be categorized as an OWASP project but I really support the idea of projects using these kind of service to check their quality.</div><div><br></div><div>Right now there is a similar service (Coverty) and not per se do I want to insist project leaders using the SWAMP but any similar approach (Coverty or using their own scanning tools or their preference) should be part of the review process. I do this for some of the projects</div><div><br></div><div>Regards</div><div><br></div><div>Johanna</div></div><div class="gmail_extra"><br><div class="gmail_quote">On Fri, Mar 13, 2015 at 1:29 PM, Jim Manico <span dir="ltr"><<a href="mailto:jim.manico@owasp.org" target="_blank">jim.manico@owasp.org</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
  
    
  
  <div bgcolor="#FFFFFF" text="#000000">
    Johanna,<br>
    <br>
    This is an easy one. To be an OWASP project you must be open source.
    :) If not, no OWASP project!<br>
    <br>
    Aloha,<br>
    Jim<div><div class="h5"><br>
    <br>
    <br>
    <div>On 3/13/15 12:31 AM, johanna curiel
      curiel wrote:<br>
    </div>
    <blockquote type="cite">Kate,
      <div><br>
      </div>
      <div>The main condition is to be open source and to have an open
        source license.</div>
      <div><br>
      </div>
      <div>After having used the swamp, it is quite difficult to
        categorized it as a code or tool but especially being
        open source.</div>
      <div><br>
      </div>
      <div>I consider the swap a service and it's environment is
        not open , in fact, you run scanning on code and tool projects
        in a closed environment to the user on their servers.</div>
      <div><br>
      </div>
      <div>What I consider the swamp a great service to verify the
        quality of certain projects that can be run in their servers and
        I believe that projects that can run their code in these servers
        could make excellent use of it as a verification of
        minimum quality.</div>
      <div><br>
      </div>
      <div>I have ideas regarding how we could encourage projects to run
        their code especially if we link this to measuring quality
        criteria when doing reviews and gaining higher status and
        I would like to discuss this with you and the board if you are
        interested </div>
      <div><br>
      </div>
      <div>Regards </div>
      <div><br>
      </div>
      <div>Johanna<br>
        <br>
        On Thursday, March 12, 2015, Tom Brennan <<a href="mailto:tomb@proactiverisk.com" target="_blank">tomb@proactiverisk.com</a>>
        wrote:<br>
        <blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
          <div dir="ltr">He has to follow the project guidelines like
            everyone else ;)
            <div class="gmail_extra"><br clear="all">
              <div>
                <div>
                  <div dir="ltr">
                    <div dir="ltr">
                      <div dir="ltr">
                        <div dir="ltr">
                          <div dir="ltr">
                            <div>
                              <div style="font-size:10px"><br>
                              </div>
                            </div>
                          </div>
                        </div>
                      </div>
                    </div>
                  </div>
                </div>
              </div>
              <br>
              <div class="gmail_quote">On Thu, Mar 12, 2015 at 5:20 PM,
                Kate Hartmann <span dir="ltr"><<a>kate.hartmann@owasp.org</a>></span>
                wrote:<br>
                <blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
                  <div dir="ltr">Board, I know that there had been
                    multiple conversations with SWAMP, especially in
                    Denver last year.
                    <div><br>
                    </div>
                    <div>I received a "new project request" from Patrick
                      Beyer asking that SWAMP be set up as an OWASP
                      project.</div>
                    <div><br>
                    </div>
                    <div>I wanted to understand what the "next steps"
                      are with this request.</div>
                    <div><br>
                    </div>
                    <div><br>
                    </div>
                    <div>Thank you.<span><font color="#888888"><br clear="all">
                          <div><br>
                          </div>
                          -- <br>
                          <div>
                            <div dir="ltr">
                              <div><br>
                              </div>
                              <div><br>
                              </div>
                              Kate Hartmann
                              <div><a>kate.hartmann@owasp.org</a></div>
                              <div><a href="tel:%2B1%20301-275-9403" value="+13012759403" target="_blank">+1
                                  301-275-9403</a></div>
                            </div>
                          </div>
                          <br>
                          <img src="https://tracking.cirrusinsight.com/track?guid=39900c5b-2eac-4520-8e58-5e8838f69446&userid=005U0000000IOnlIAG" border="0" height="1" width="1"></font></span></div>
                  </div>
                  <br>
                  _______________________________________________<br>
                  Owasp-board mailing list<br>
                  <a>Owasp-board@lists.owasp.org</a><br>
                  <a href="https://lists.owasp.org/mailman/listinfo/owasp-board" target="_blank">https://lists.owasp.org/mailman/listinfo/owasp-board</a><br>
                  <br>
                </blockquote>
              </div>
              <br>
            </div>
          </div>
        </blockquote>
      </div>
      <br>
      <fieldset></fieldset>
      <br>
      <pre>_______________________________________________
Owasp-board mailing list
<a href="mailto:Owasp-board@lists.owasp.org" target="_blank">Owasp-board@lists.owasp.org</a>
<a href="https://lists.owasp.org/mailman/listinfo/owasp-board" target="_blank">https://lists.owasp.org/mailman/listinfo/owasp-board</a>
</pre>
    </blockquote>
    <br>
  </div></div></div>

</blockquote></div><br></div>