[OWASP-GUIDE] 2.1 Development Process

Andrew van der Stock vanderaj at greebo.net
Thu Jul 28 21:37:33 EDT 2005

Hi there,

Now that 2.0 is out the door, here is how I'd like to approach the  
development process.

Revision Control

I felt that I was definitely holding up progress of 2.0 when I had  
the only known example of the Guide. To this end, I wish to start  
using the CVS properly. I've shuffled the previous files around in  
the CVS guide module (so we don't lose them), and tagged it all prior  
to my changes.

I've uploaded all the Word, Omnigraffle and Visio files (but not the  
PDFs) to the repository and tagged them 2.0.1. I've also branched a  
2.0.x branch (GUIDE20). That's the "stable" branch (2.0.1 ->) and  
unstable (HEAD which will become 2.1 in time). Any minor edits for  
2.0.1 will have to be applied by hand as CVS really doesn't grok Word  
or Visio documents. I'd like to ask that we use Visio XML for  
diagrams. Omnigraffle and Visio (post 2002) can read and write Visio  
XML files.

If you don't have a CVS client, you can browse the CVS here:


It's up to an hour behind the actual repository - don't fret if you  
can't see the changes immediately. If you choose to work from the web  
CVS, please make sure you download the latest version before you  
start work, and then just before you submit your revision, check that  
no newer version is available. Word has a merge function (Tools ->  
Merge documents). Please merge before submitting.

As I'm using Eclipse on the Mac to manage my CVS on SourceForge,  
could someone with any other combination please check out the guide  
project and determine if the binary files (Word + images) works okay  
for them?


Let's review each and every chapter for content and style. This  
really didn't occur for 2.0, and I'd like to fix that for 2.1. I'd  
like to use this approach:

a) We all review each chapter and submit our views on what could change
b) Let's selectively add new and remove material
c) Cap the effort at no more than five days per review
d) Prefer at least one reviewer per chapter

5 * 29 = 145 days. If we don't do reviews in parallel, it's likely  
that we're not going to be finished by November. This is a relatively  
easy task for those who wish to ease into Guide development. Please  
notify me if you're going to take on a chapter to review so we don't  
have too many people reviewing the same chapter.


I'd really like to see:

* include PayPal in the CC handling chapter
* Include detail on how to find each issue when performing code reviews
* Rank issues to identify which issues are for "highly protected"  
* More diagrams to aid comprehension, particularly buffer overflows  
and injections

New chapters

There are five new chapters for 2.1:

* How to perform a code review - to be shared with the Testing project
* Distributed Computing - Race conditions
* J2EE and ASP.NET language guides
* Deployment
* Software Quality Assurance

I have checked in the last two.

Time to participate

Volunteers? :) If you volunteer to do new content, I'd like to ask  
the chapter or section you are working on is returned by no later  
than the end of August for preliminary editing and peer review, even  
if you are not yet finished. We'll do another drop in September and  
October. That way we still have time before November to finish it if  
you don't make that much progress. I am a realist about volunteer  
time as I've been (very) guilty of this particular sin in the  
past. :) I am the MASTER procrastinator. :)

* Easy: Review a chapter or two
* Medium: Write a new section or re-write an old one which  
desperately needs it
* Hard: Write a complete chapter


More information about the Owasp-guide mailing list