[OWASP-LEADERS] New Member and 1st step to getting more organized

Manavendra Gupta manavendrak at hotmail.com
Mon Jan 27 20:11:17 EST 2003

Hello All,

Its a pleasure to be a part of the community. As we move forward, I hope
this turns out to be a fulfilling relationship for all.

The list that Mark reproduced in his email was, at best, partial. I have
seen more cumbersome checklists and 'standards' and 'guidelines' in
commercial projects (especially those where the companies are under SQA
reviews), but I've always tried to cut down the documentation to the bare
minimum. Its not an easy task to document, and each written statement
usually leaves scope for multiple interpretations.

What I propose is, to build a set of guidelines, or HOW-TOs that will help
newcomers (at the least), at each aspect of the coding process, and provide
them with a ready-reckoner for each step, so that when the work packet is
finally released, it looks and behaves exactly like other work packets,
irrespective of the complexity and size, color of skin, etc.

I might remove or add items from this list. Before I do that, I will provide
a schedule for each of these documents. But I need to first know the current
process(es) being followed (or the lack of them). I'd also love to get in
touch with at least a couple of development teams to understand how they
have been doing so far, what are actions being taken at different stages,
what would be the closest corrective action to bridge the gap across teams,
the optimal number and depth of steps for each aspect, etc.

So, what do the leaders think? Please pour in your ideas. Meanwhile, I'll
bounce the schedule off Mark first, and henceforth will interact with the
leaders directly (assuming that's the mechanism of interaction).

----- Original Message -----
From: "Mark Curphey" <mark at curphey.com>
To: <owasp-leaders at lists.sourceforge.net>
Sent: Saturday, January 25, 2003 8:01 PM
Subject: [OWASP-LEADERS] New Member and 1st step to getting more organized

> Its really exciting to see the portal code coming on and hearing about a
> WebGoat release and CodeSeeker release real soon.
> I think everyone agrees we are getting to a stage when we need to get
> more structure and consistency. Not rules but guidelines, so everyones
> comfortable with how and what stuff happens.
> In another OWASP twist of fate (and as I was about to start working on
> some outlines with Alex) I got an email from Manavenda volunteering
> himself. As you can see from his resume attached, he has great
> experience and skills and I am hoping he can help us with the project
> documentation we all need, but no one has time to do.
> His initial thoughts were as follows.
> 1. Coding Standards
> 2. Code Review Checklist
> 3. Release notes guidelines
> 4. Build Process guidelines
> 5. Release Process guidelines - including packaging (internal
> (development
> builds) as well as actual)
> 6. Delivery control checklist
> 7. Technology-specific best practices
> 8. Bug reporting and tracking mechanism
> 9. Defect tracking mechanism
> 10. CVS access guidelines
> I am proposing we do these in DocBook XML and they get rendered to the
> portal as HTML for everyone to see and use. Lets face it good project
> documentation is as much apart of building a secure app as some other
> things.
> So welcome Manav. If anyone else has any ideas, please let this list
> know. Anything else etc ?
> Manav, after some discussion and feedback can we build a schedule for
> these docs ? We should also talk about the app to render then to the
> portal....
> Thanks and have a great SuperBowl Sunday ! Go Raiders !!

More information about the OWASP-Leaders mailing list