[Owasp-leaders] CALL FOR CONTRIBUTIONS TO UPDATE THE ASSESSMENT CRITERIA

Dinis Cruz dinis.cruz at owasp.org
Thu Mar 5 10:23:38 EST 2009


Aqui ta' o malandro :)

Dinis Cruz

On 5 Mar 2009, at 14:54, "Paulo Coimbra" <paulo.coimbra at owasp.org>  
wrote:

> Hello Leaders,
>
>
>
> I hope you are well.
>
>
>
> You better than anyone else know that OWASP as an organization has  
> been built by your continuous open contributions both by defining  
> its mission, organizational structure, rules and procedures and by  
> leading the application security projects that are its core of  
> activity.
>
>
>
> In my today’s call for contributions, procedures regarding projects  
> development’s stage assessment are the main issue.
>
>
>
> As you may know, a system to evaluate OWASP projects is already in  
> use and actually consists in both a set of criteria http://www.owasp.org/index.php/Category:OWASP_Project_Assessment 
>  and a skeleton/frame to implement it http://www.owasp.org/index.php/OWASP_Live_CD_2008_Project_-_Assessment_Frame 
>  .
>
>
>
> With other few subsequent modifications, this set of criteria has  
> mainly resulted of a vigorous discussion held through this mailing  
> list almost a year ago and since then it has been used in all newly  
> set up projects.
>
>
>
> Since then this issue has been discussed consecutively in several  
> different contexts. In our Summit, for example, even if we haven’t c 
> ommitted a specific slot of time to deal with this matter, it has co 
> llaterally arisen throughout many project’s presentations. In additi 
> on, I regularly receive from OWASP Board requests to make modificati 
> ons, a systemic reflection is being held within the Project’s Commit 
> tee and, as result of my daily handling of projects under review, I  
> am obtaining some feedback from project leaders and reviewers.
>
>
>
> Overall, the people with whom I’ve discussed this issue usually say  
> that the procedure can be improved and IMHO, even if I think the Ass 
> essment Criteria is working and actually has been of great help, the 
> y are right.
>
>
>
> From these discussions, I’ve retained that a handful of criteria hav 
> e been proposed but haven’t been implemented yet as forthcoming:
>
> -          OWASP writing style (Tool projects/Release Quality),
>
> -          Translation (Tools and Documentation/Release Quality),
>
> -          Bi-monthly periodic news (Tools and Documentation/non  
> specified Quality status),
>
> -          5 slide deck for OWASP Boot Camp project (Tools and  
> Documentation/Beta status),
>
> -          Attribution rules (Tools and Documentation/non specified  
> Quality status),
>
> -          Compulsory Project Skeleton/Frame (Tools and  
> Documentation/all Quality status),
>
> -           Reviewer role - addition and clarification,
>
> http://owaspsoc2008.wordpress.com/2008/07/15/assessment-guidance/
>
> -          Mentor role addition and definition.
>
> In addition, as far as I am concerned, a few more structural  
> comments have also been made. Even without pointing out alternative  
> technical solutions, at least a  couple of them have questioned the  
> rationale of working with tables in wiki text and others have  
> pointed out the willingness of having a project’s page similar to, f 
> or example, this one http://www.hdiv.org/.
>
>
>
> Having said all the above with the intention of giving you a picture  
> of the current situation, I ask for your contribution so as to  
> update the OWASP Assessment Criteria.
>
>
>
> In operational terms, I’ve replicated the Assessment Criteria page http://www.owasp.org/index.php/Category:OWASP_Project_Assessment_-_Upda 
> te and propose you introduce your changes directly on it. As soon as 
>  we finish the discussion phase, all the contributions will be moved 
>  to the original wiki page. With the goal of enhancing the discussio 
> n, I also propose you use this mailing list to inform which changes  
> are being proposed and the reason or goal for doing so. We are also  
> building a Google questionnaire to collect your opinions and contrib 
> utions and, as soon as it is finished, it will be sent off.
>
>
>
> Please do have into account that you proposals can have implications  
> in the assessment frame that we are currently using and, if it  
> happens, please present a compatible solution.
>
>
>
> To conclude, I would like to inform you that the Project’s Committee 
>  propose that, as soon as we finish this discussion, we establish as 
>  a rule to apply to all OWASP Projects that the quality categorizati 
> on must respect the revised assessment criteria which eventually wil 
> l mean that all projects not assessed under these rules will be plac 
> ed under Alpha Quality status.
>
>
>
> I thank you all in anticipation and look forward to having your  
> indispensable feedback.
>
> Regards,
>
>
>
> Paulo Coimbra,
>
> OWASP Project Manager
>
>
>
> _______________________________________________
> OWASP-Leaders mailing list
> OWASP-Leaders at lists.owasp.org
> https://lists.owasp.org/mailman/listinfo/owasp-leaders
-------------- next part --------------
An HTML attachment was scrubbed...
URL: https://lists.owasp.org/pipermail/owasp-leaders/attachments/20090305/d2f04bff/attachment.html 


More information about the OWASP-Leaders mailing list