[OWASP-LEADERS] Owasp project standards

Mark Curphey mark.curphey at watchfire.com
Tue Feb 18 01:26:47 EST 2003


Hi Manav
 
Great job once again. 
 
Here are a few thoughts on things we should add to make it into the OWASP
bible so to speak. You may have these on your schedule but I thought I would
jot them down in case. 
 
Use of CVS - ie all documents and code should be in CVS
File Formats - Use DocBook where appropriate and possible
Representing yourself as being "From OWASP"
Use of the OWASP brand (no commercial exploitation essentially)
 
I think it would be good to include the mission statement and organizational
model and a few of the other things I developed in the OWASP plan as well.
 
http://prdownloads.sourceforge.net/owasp/TheOWASPPlan2003.pdf?download
<http://prdownloads.sourceforge.net/owasp/TheOWASPPlan2003.pdf?download> 
 
Mark

-----Original Message-----
From: Jennifer Tharp [mailto:tharpo at tharpo.com] 
Sent: Monday, February 17, 2003 10:24 AM
To: owasp-leaders at lists.sourceforge.net
Subject: RE: [OWASP-LEADERS] Owasp project standards


Nice job, Manav.
A few thoughts:
The document begins with definitions of "should," "must," etc., but those
don't appear to be used further in the document, excluding opening
paragraphs. Seems we should either carry those usages forward throughout the
document, or eliminate them altogether.
I followed the exchange about aspects of importance.  While I agree that
performance should be a part of correct operation, that's not necessarily
intuitive.  While we may agree with you conceptually now, I think we should
document that in your work, so others reading this in the future understand
that to be the case.  It could be as simple as "correct operation (including
performance)."
Do the table of contents accurately reflect the entire scope of this
document?  I know we've also discussed additional processes -- wanted to
determine if they will become part of your document, or whether additional
documentaiton will be created.
The attachment below contains several grammatical and spelling edits.  
 
 
 -----Original Message-----
From: owasp-leaders-admin at lists.sourceforge.net
[mailto:owasp-leaders-admin at lists.sourceforge.net]On Behalf Of Manavendra
Gupta
Sent: Sunday, February 16, 2003 8:31 PM
To: owasp-leaders at lists.sourceforge.net
Subject: [OWASP-LEADERS] Owasp project standards



Hi,
 
Please find attached the Owasp project standards document. This is a work in
progress, and as you'd see a lot of meat of the document is missing.


In all honesty, I did try to use DocBook with XMLSpy to get on with the
document, but I lost close to 3 days finding my way around it (and I must
admit I'm not good at it still). 
 
I have certain artificats ready (such as the delivery control checklist,
code review checklist, etc), but I will need another day to integrate them
with this document. 
 
I shall be able to spend a lot more time over the course of next week, so
hopefully, the progress will be much faster.
 
Please review the document and email me your comments/suggestions.
 
Thanks,
Manav.

-------------- next part --------------
An HTML attachment was scrubbed...
URL: https://lists.owasp.org/mailman/private/owasp-leaders/attachments/20030218/27a6f7bf/attachment.html 


More information about the OWASP-Leaders mailing list