[Owasp-guide] Minutes of the meeting

Andrew van der Stock vanderaj at owasp.org
Fri Jun 29 12:58:32 UTC 2012

Hi folks,

So we had the meeting, but Google+ turned out to be a bit of a first time nightmare. Thank you to Christopher and Peter for attending, and everyone else who tried. I'm sorry it didn't work out the best. 

I will touch base with each of you via G+ and make sure it works for you before we have our next meeting. So please either add me to your circles (vanderaj @ gmail.com) if you don't use the e-mail address you use here, or I will send you an invite to the address I have for you. 

The next meeting will be the last Friday in July, at midnight my time (so two hours later than this meeting) so as to allow participation from the folks on the West Coast of the US. This the day AFTER BlackHat finishes, and the first day of DefCon. Luckily for you, the meeting will be at breakfast time Las Vegas, and nothing happens around then :)

Here's the video of the meeting:

Action Items:

1. Budget

Andrew to discuss budget spending with the group before we go to town spending it. Currently $0 allocated, $5k asked for if I recall correctly. We don't need money right now. We will need it probably early next year. 

2. Allocations

I have a draft list of allocations. 

Editing and reviewing:

Abraham Kang - Co-Leader / Output encoding
Jim Manico - Editing / Reviewing / Crypto chapter

Offers of help of specific chapters

Christopher H. Young Architecture
Peter Quodling - Architecture
Mylene Architecture / J2EE / Java
Thomas Chen Risk Management, secure SDLC, Secure Requirement.
Juan C Calderon  Classic ASP examples, Spanish translation
Michael de Libero ESAPI for PHP, PHP examples
Tom Stripling ESAPI for PHP, PHP, Input validation
Ken Owen Database usage
Tim Kulp  ASP.NET WebForms MVC, education, common business use cases, security architecture
Sandeep Singh Nain - Database, Auditing and Logging
Kevin W. Wall Jim volunteered him for the crypto chapter, ESAPI :)
Erik Eduardo Moreno Sánchez  Spanish translation, 
Chris Schmidt ESAPI
vinoth sivasubramanian Appendix on mapping
Roopesh Konda secure deployment

Willing to help

Steven Mak
Simone Onofri
Akash Mahajan
Menerick, John 
Clint Laskowski time limited, smaller chapter
Derek Browne editing and reviewing
Kavitha Jeyamuthurajan 
Kevin Horvath 
Robert Casazza like to help, but not a security expert
Raoul Endres 
RK  authentication
William E. T. Work on a larger chapter 

There's plenty of ToC to go, so if you haven't claimed a chapter yet, please do so. :-)

3. Direction

This is a building book, don't mind a small example of the problem statement, but mostly that should belong in the zillions of other material in the OWASP Universe. This is a building book. 

4. Timelines

If you've been allocated a chapter above, it's yours :) Please work with all the folks who've asked for a similar section. I want to have another status meeting next month, and for you to have a workable outline of what you want to put in there:

- Consider the previous version of the Guide. 
- References / bibliography / research / papers / CVEs that you want to bring to the table. This can be added to over time. I learnt a LOT during my first go at the Guide back in 2004, and I thought I knew a lot before I started. 
- Mark up issues you found with it (there WILL be issues, trust me)
- Consider the other Guides and ASVS, you need to deal with the common numbering scheme where it exists, but you will be cutting new ground. Don't be scared, put it in! We will discuss what is written before folks spend time on it. :)
- Please flesh out the common numbering headings in your section, again adding as you see fit, but please don't add OWASP-DG-AUTHC-015 for Issue Foo when OWASP-TG-AUTH--015 is already Issue Blah. They both need to be issue Blah. Foo should be -016. 
- Discuss with me / the list your direction / goals. There's nothing worse than throwing material away, rewriting or forgetting something important. 

If you've not yet allocated to a chapter, please ask for one. 

Ambitious deadline: June 30, 2013 for presentation at OWASP AppSec Research 2013. 
Realistic deadline: August 30, 2013 for presentation at OWASP US 2013. 

Let's work towards the first date, and see how close we get. 

Finish planning by end of July, 2012. 
First section / chapters completed by September 2012 (we all might need to write a few chapters ourselves)
50% of the chapters finished by December 30, 2012
80% of the chapters finished by March 30, 2013
Graphic design will start around March next year
All the diagrams and snippets to be finished April 2013 so we can get them queued up for making pretty
Copy complete by May 30, 2013 to allow the final edit to take place, and to allow translations to start


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/owasp-guide/attachments/20120629/acec42b7/attachment.html>

More information about the Owasp-guide mailing list