[Owasp-leaders] Last week to update project for OWASP Top Trumps

Mark Miller mark.miller at owasp.org
Mon Aug 18 19:58:37 UTC 2014


Simon,

Thanks for the clarification. Your comment to Colin, "*which use source
control", *is  relevant to the discussion here. It's wouldn't be fair to
create a deck with documentation projects and source control projects
playing against each other *unless we can find attributes  that are common
across both sets*.

There's two ways to go about it: Find common attributes or create two
decks. I'm not opposed to creating two decks, but if we can find viable
attributes that go across all projects it seems like it will be  a more fun
game.

Mark


On Mon, Aug 18, 2014 at 3:36 PM, psiinon <psiinon at gmail.com> wrote:

> Colin,
>
> Theres a simple solution to the AppSensor problem:
>
>    1. Sign up to https://www.openhub.net/
>    2. Go to https://www.openhub.net/p/appsensor
>    3. Click on "Become the first manager for appsensor
>    <https://www.openhub.net/p/appsensor/manages/new>"
>    4. Correct the details :D
>
> I think its the relevant project leaders responsibility to check the
> details for thie own projects, as they are the people who should know best.
>
> I'm one of the individuals who registered projects on OpenHub, and I didnt
> knowingly exclude any projects. The problem is knowing where to find all of
> the relevant data.
>
> Which "very active OWASP projects" *which use source control *are missing?
>
> Send me the openhub links or the source control details and I'll happily
> add them.
>
> Cheers,
>
> Simon
>
>
>
>
> On Mon, Aug 18, 2014 at 8:10 PM, Colin Watson <colin.watson at owasp.org>
> wrote:
>
>> Mark
>>
>> Very exciting. Can't wait to play!
>>
>> Regarding OpenHub, I wondered how the accuracy of the information there
>> will be checked? For example I know the page for AppSensor at
>> https://www.openhub.net/p/appsensor references v1 code from 2010-2011,
>> not the v2 code in progress. This has been reported previously to the
>> people who set this up. This would imply that other projects' details are
>> inaccurate too?
>>
>> Also AppSensor isn't a code-only project. It benefits from lots of other
>> non-code materials. Is this a code-only Top Trumps deck?  So I see SAMM is
>> listed at https://www.openhub.net/p/opensamm with "no recognizable code"
>> written across it. I am worried that will mean we will be showing SAMM as a
>> weak card/project - that isn't true.
>>
>> And some very active OWASP projects and some highly referenced OWASP
>> projects are not found in the 88 listed on OpenHun either. Do you know how
>> OWASP chose which projects to exclude from its portfolio?
>>
>> The former Global Projects Committee was able to query all projects
>> across the wiki, and report on release status.
>>
>> Colin
>>
>>
>>  On 18 August 2014 17:37, Mark Miller <mark.miller at owasp.org> wrote:
>>
>>> At the end of this week, we'll be taking six attributes from the active
>>> OWASP projects and using them to build the OWASP Top Trumps Project
>>> <https://www.owasp.org/index.php/OWASP_Top_Trumps_for_Projects> card
>>> game. If you haven't done so recently, please make sure your projects have
>>> been updated with the most current information so that your project card
>>> will be as strong and possible.
>>>
>>> Here's an example of a Top Trumps Star Wars deck:
>>>
>>>
>>>
>>> Thanks -- Mark
>>>
>>> --
>>>
>>>
>>
>> _______________________________________________
>> OWASP-Leaders mailing list
>> OWASP-Leaders at lists.owasp.org
>> https://lists.owasp.org/mailman/listinfo/owasp-leaders
>>
>>
>
>
> --
> OWASP ZAP <https://www.owasp.org/index.php/ZAP> Project leader
>



-- 
*Mark Miller, Senior Storyteller*
*Curator and Founder, Trusted Software Alliance*

*Host and Executive Producer, OWASP 24/7 Podcast ChannelCommunity Advocate,
Sonatype*

*Developers and Application Security: Who is Responsible?*
<https://www.surveymonkey.com/s/Developers_and_AppSec>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/owasp-leaders/attachments/20140818/e42703d8/attachment-0001.html>


More information about the OWASP-Leaders mailing list