[Owasp-leaders] FW: REQUESTFOR DECISION/CALL FOR CONTRIBUTIONS TO UPDATE THE ASSESSMENTCRITERIA

Eoin eoin.keary at owasp.org
Fri Mar 6 08:22:55 EST 2009


Hello,

for what its worth I agree with Mikes sentiments:

"I'd rather see people putting time/energy into tightening up their project
pages, tools, and project presentations/datasheets. An example are PHP and
.NET ESAPI, there's no published mapping of Java ESAPI to PHP/ESAPI, that
also should then identify which interfaces are being targeted for which
releases. I'm going to try to work with Andrew to fix that problem for PHP
since I may have a need for a PHP ESAPI for a customer engagement, but it's
still a good example. "

We need to focus on quality and completeness. This shall enable more
widespread adoption also.

Eoin



2009/3/6 Paulo Coimbra <paulo.coimbra at owasp.org>

>   *From:* Boberski, Michael [USA] [mailto:boberski_michael at bah.com]
> *Sent:* quinta-feira, 5 de Março de 2009 16:04
> *To:* paulo.coimbra at owasp.org
> *Subject:* RE: [Global_tools_and_project_committee] [Owasp-board] FW:
> REQUESTFOR DECISION/CALL FOR CONTRIBUTIONS TO UPDATE THE ASSESSMENTCRITERIA
>
>
>
> Paulo, I'm not subscribed to leaders using my Booz Allen email, and thus
> can't send to the list at the moment.
>
>
>
> Please feel free to forward my email, if you think it would be productive
> to trigger a discussion.
>
>
>
> Best,
>
>
>
> Mike B.
>
>
>
>
>  ------------------------------
>
> *From:* paulo coimbra [mailto:pcoimbra at owasp.org] *On Behalf Of *Paulo
> Coimbra
> *Sent:* Thursday, March 05, 2009 11:02 AM
> *To:* Boberski, Michael [USA]; 'Dave Wichers'; 'OWASP Foundation Board
> List'; global_tools_and_project_committee at lists.owasp.org
> *Subject:* RE: [Global_tools_and_project_committee] [Owasp-board] FW:
> REQUESTFOR DECISION/CALL FOR CONTRIBUTIONS TO UPDATE THE ASSESSMENTCRITERIA
>
> Mike,
>
>
>
> I thank your thoughts and, if I may, to trigger and open up the discussion,
> I suggest sending your email to the leaders’ mailing list.
>
>
>
> Regards,
>
>
>
> Paulo Coimbra,
>
> OWASP Project Manager <https://www.owasp.org/index.php/Main_Page>
>
>
>
> *From:* Boberski, Michael [USA] [mailto:boberski_michael at bah.com]
> *Sent:* quinta-feira, 5 de Março de 2009 13:29
> *To:* Dave Wichers; paulo.coimbra at owasp.org; OWASP Foundation Board List;
> global_tools_and_project_committee at lists.owasp.org
> *Subject:* RE: [Global_tools_and_project_committee] [Owasp-board] FW:
> REQUESTFOR DECISION/CALL FOR CONTRIBUTIONS TO UPDATE THE ASSESSMENTCRITERIA
>
>
>
> Team, OWASP is getting overly bureaucratic, it seems to me.
>
>
>
> I'd rather see people putting time/energy into tightening up their project
> pages, tools, and project presentations/datasheets. An example are PHP and
> .NET ESAPI, there's no published mapping of Java ESAPI to PHP/ESAPI, that
> also should then identify which interfaces are being targeted for which
> releases. I'm going to try to work with Andrew to fix that problem for PHP
> since I may have a need for a PHP ESAPI for a customer engagement, but it's
> still a good example.
>
>
>
> The more complete and professional a page/doc/tool looks, the easier it is
> to identify the status and content of a doc/tool, the easier is to figure
> out its usefulness and to promote its adoption. That a doc/tool has correct
> content or works is taken as a given, that is completely secondary to the
> initial figuring out if a doc/tool is a potential solution to one's
> problem of the day.
>
>
>
> I would also caution against downgrading projects, which is what one of the
> comments seems to imply could happen. If you must address some perceived
> contention over project assessment criteria, you should simply put dates
> against ratings, and identify the criteria version that a project was
> assessed against, then leave that rating alone as the criteria continues to
> evolve over time. That is what more well-established and formal testing
> programs for instance like Common Criteria and FIPS 140 do. I hope I am
> misreading comments on this point however.
>
>
>
> Best,
>
>
>
> Mike B.
>
>
>
>
>
>
>
> _______________________________________________
> OWASP-Leaders mailing list
> OWASP-Leaders at lists.owasp.org
> https://lists.owasp.org/mailman/listinfo/owasp-leaders
>
>


-- 
Eoin Keary CISSP CISA
https://www.owasp.org/index.php/OWASP_Ireland_AppSec_2009_Conference

OWASP Code Review Guide Lead Author
OWASP Ireland Chapter Lead
OWASP Global Committee Member (Industry)

Quis custodiet ipsos custodes
-------------- next part --------------
An HTML attachment was scrubbed...
URL: https://lists.owasp.org/pipermail/owasp-leaders/attachments/20090306/25f45fc1/attachment.html 


More information about the OWASP-Leaders mailing list