[Owasp-leaders] Proposing new guidelines to start code/tool projects

Timur 'x' Khrotko (owasp) timur at owasp.org
Thu Aug 28 20:36:11 UTC 2014


Colin,

the very point of my suggestion you quoted is to use paid 3rd party
document gurus for know-how that remains explicit knowledge and skill of
our community (and not for contributions per document or for creatives).
The document guide/ may consist of:
- the requirements your text has to comply with in order to become owasp
document and remain like this
- how to write better technical texts and guides in theory
- and how not to write (eg. do not write lengthy texts for managers, etc.)
- how to organize your text (+templates)
- how to create texts in groups (google docs or wiki or markdown/git)
- how to deliver your content in 2015-2020 (how to make it accessible)
- how to create graphics and use infographics
- etc etc. but not too much, let it be accessible for lazy writers as well

So template is only a part of what I meant. However the (typo)graphical
design is also an important part, very good point.

Plus I propose to settle the quality criteria for documents (projects),
regarding their professional content and the actual delivery of the content.
(Plus I propose to have mentors, who among other things help new and
oldschool authors to take on.)

I try to be the advocate of two things: quality and accessibility.
- Accessibility is absolutely important in case of document projects, they
must be "foundable" (see the java.owasp.org thread and the audience
targeted draft of owasp.org), "googleable", they must be usable, and they
must be attractive (ease of use, understandable and practical, graphical,
supported by a youtube presentation).
- Quality is also applicable to the form of text (see the above guide how
to write), but first of all it relates to the high professional level of
the content (idea, advise, use) OWASP delivers to the masses, the dev and
appsec professionals, the ciso-s.

I understand why OWASP can not deliver and maintain professional sw tools
itself, but I believe it has to deliver top class document projects, as if
it was a MITRE sponsored or otherwise paid document manufacture. Or are we
only an appsec propaganda brand and platform to chat and produce PoC
projects?! It can be this or that, just lets agree on it, the old slogan of
making security visible does not imply what to do in 2015.

~timur

PS. Staff how order creative work should contract to get the graphical
source/master if possible, on terms that it can be reused for other owasp
purposes. Why is it not like this?! It is merely a question of price.
I use vector graphics from this file:
https://www.owasp.org/images/2/2b/Owasp_ISM8_FINAL.pdf ,)




On Thu, Aug 28, 2014 at 9:39 PM, Colin Watson <colin.watson at owasp.org>
wrote:

> Johanna
>
> Yes it is good those are shared, and I have used them before. But they
> represent a tiny proportion of the graphical design output. Quite
> disappointing.
>
> I am sure Timur and your ideas for resources to help project leaders
> is a better approach.
>
> Colin
>
>
>
>
> On 28 August 2014 20:30, johanna curiel curiel <johanna.curiel at owasp.org>
> wrote:
> > Colin
> >
> > I think this zip files contain some branding and logos, but indeed no
> > "Guideline book templates" I think...
> >
> >
> https://www.owasp.org/index.php/Category:OWASP_Project#tab=Brand_Resources
> >
> >
> > On Thu, Aug 28, 2014 at 3:23 PM, Colin Watson <colin.watson at owasp.org>
> > wrote:
> >>
> >> Timur
> >>
> >> > I suggest that even better spending would be to create professional
> >> > document
> >> > guideline for OWASP, how to create professional guides - it is not
> >> > rocket
> >> > science (even w/o PhD,)). Not only guide but QA criteria.
> >>
> >> OWASP has paid many agencies and contractors lots of money to do
> >> graphical design work, such as for corporate documents and events. But
> >> I have always been unable to get the source design files (Illustrator,
> >> InDesign, Quark etc) released. That makes it much harder for
> >> volunteers as we have to start from scratch each time. I thought
> >> "everything OWASP did is open", but that isn't the case for such
> >> things.
> >>
> >> It took me almost 3 years of begging and chasing to get hold of the
> >> 2008-9 guidebook cover files, and never managed to squeeze the files
> >> out of OWASP for the rest of the stuff that has been paid for. OWASP
> >> even paid for the design of web-resolution icons and logos, but OWASP
> >> doesn't have any master files, so we simply cannot use them in/on our
> >> documents or promotional materials. I am very reluctant therefore for
> >> OWASP to pay third parties for anything that is not open sourced. It
> >> ought to be one of the contract criteria.
> >>
> >> Colin
> >> _______________________________________________
> >> OWASP-Leaders mailing list
> >> OWASP-Leaders at lists.owasp.org
> >> https://lists.owasp.org/mailman/listinfo/owasp-leaders
> >
> >
> _______________________________________________
> OWASP-Leaders mailing list
> OWASP-Leaders at lists.owasp.org
> https://lists.owasp.org/mailman/listinfo/owasp-leaders
>

-- 
Email us to enforce secure link with your mail servers (domain).
This message may contain confidential information - you should handle it 
accordingly.
Ez a levél bizalmas információt tartalmazhat, és ekként kezelendő.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/owasp-leaders/attachments/20140828/4063e427/attachment.html>


More information about the OWASP-Leaders mailing list