<html xmlns:v="urn:schemas-microsoft-com:vml" xmlns:o="urn:schemas-microsoft-com:office:office" xmlns:w="urn:schemas-microsoft-com:office:word" xmlns:x="urn:schemas-microsoft-com:office:excel" xmlns:p="urn:schemas-microsoft-com:office:powerpoint" xmlns:a="urn:schemas-microsoft-com:office:access" xmlns:dt="uuid:C2F41010-65B3-11d1-A29F-00AA00C14882" xmlns:s="uuid:BDC6E3F0-6DA3-11d1-A2A3-00AA00C14882" xmlns:rs="urn:schemas-microsoft-com:rowset" xmlns:z="#RowsetSchema" xmlns:b="urn:schemas-microsoft-com:office:publisher" xmlns:ss="urn:schemas-microsoft-com:office:spreadsheet" xmlns:c="urn:schemas-microsoft-com:office:component:spreadsheet" xmlns:odc="urn:schemas-microsoft-com:office:odc" xmlns:oa="urn:schemas-microsoft-com:office:activation" xmlns:html="http://www.w3.org/TR/REC-html40" xmlns:q="http://schemas.xmlsoap.org/soap/envelope/" xmlns:D="DAV:" xmlns:mt="http://schemas.microsoft.com/sharepoint/soap/meetings/" xmlns:x2="http://schemas.microsoft.com/office/excel/2003/xml" xmlns:ois="http://schemas.microsoft.com/sharepoint/soap/ois/" xmlns:dir="http://schemas.microsoft.com/sharepoint/soap/directory/" xmlns:ds="http://www.w3.org/2000/09/xmldsig#" xmlns:dsp="http://schemas.microsoft.com/sharepoint/dsp" xmlns:udc="http://schemas.microsoft.com/data/udc" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:sub="http://schemas.microsoft.com/sharepoint/soap/2002/1/alerts/" xmlns:ec="http://www.w3.org/2001/04/xmlenc#" xmlns:sp="http://schemas.microsoft.com/sharepoint/" xmlns:sps="http://schemas.microsoft.com/sharepoint/soap/" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:udcs="http://schemas.microsoft.com/data/udc/soap" xmlns:udcxf="http://schemas.microsoft.com/data/udc/xmlfile" xmlns:udcp2p="http://schemas.microsoft.com/data/udc/parttopart" xmlns:wf="http://schemas.microsoft.com/sharepoint/soap/workflow/" xmlns:dsss="http://schemas.microsoft.com/office/2006/digsig-setup" xmlns:dssi="http://schemas.microsoft.com/office/2006/digsig" xmlns:mdssi="http://schemas.openxmlformats.org/package/2006/digital-signature" xmlns:mver="http://schemas.openxmlformats.org/markup-compatibility/2006" xmlns:m="http://schemas.microsoft.com/office/2004/12/omml" xmlns:mrels="http://schemas.openxmlformats.org/package/2006/relationships" xmlns:spwp="http://microsoft.com/sharepoint/webpartpages" xmlns:ex12t="http://schemas.microsoft.com/exchange/services/2006/types" xmlns:ex12m="http://schemas.microsoft.com/exchange/services/2006/messages" xmlns:pptsl="http://schemas.microsoft.com/sharepoint/soap/SlideLibrary/" xmlns:spsl="http://microsoft.com/webservices/SharePointPortalServer/PublishedLinksService" xmlns:Z="urn:schemas-microsoft-com:" xmlns:st="&#1;" xmlns="http://www.w3.org/TR/REC-html40">

<head>
<meta http-equiv=Content-Type content="text/html; charset=us-ascii">
<meta name=Generator content="Microsoft Word 12 (filtered medium)">
<style>
<!--
 /* Font Definitions */
 @font-face
        {font-family:"Cambria Math";
        panose-1:2 4 5 3 5 4 6 3 2 4;}
@font-face
        {font-family:Calibri;
        panose-1:2 15 5 2 2 2 4 3 2 4;}
@font-face
        {font-family:Tahoma;
        panose-1:2 11 6 4 3 5 4 4 2 4;}
 /* Style Definitions */
 p.MsoNormal, li.MsoNormal, div.MsoNormal
        {margin:0cm;
        margin-bottom:.0001pt;
        font-size:11.0pt;
        font-family:"Calibri","sans-serif";}
a:link, span.MsoHyperlink
        {mso-style-priority:99;
        color:blue;
        text-decoration:underline;}
a:visited, span.MsoHyperlinkFollowed
        {mso-style-priority:99;
        color:purple;
        text-decoration:underline;}
p.MsoListParagraph, li.MsoListParagraph, div.MsoListParagraph
        {mso-style-priority:34;
        margin-top:0cm;
        margin-right:0cm;
        margin-bottom:10.0pt;
        margin-left:36.0pt;
        line-height:115%;
        font-size:11.0pt;
        font-family:"Calibri","sans-serif";}
span.EmailStyle18
        {mso-style-type:personal;
        font-family:"Calibri","sans-serif";
        color:windowtext;}
span.EmailStyle19
        {mso-style-type:personal;
        font-family:"Calibri","sans-serif";
        color:#1F497D;}
span.EmailStyle20
        {mso-style-type:personal;
        font-family:"Calibri","sans-serif";
        color:#1F497D;}
span.EmailStyle21
        {mso-style-type:personal;
        font-family:"Calibri","sans-serif";
        color:#1F497D;}
span.EmailStyle22
        {mso-style-type:personal-reply;
        font-family:"Calibri","sans-serif";
        color:#1F497D;}
.MsoChpDefault
        {mso-style-type:export-only;
        font-size:10.0pt;}
@page Section1
        {size:612.0pt 792.0pt;
        margin:72.0pt 72.0pt 72.0pt 72.0pt;}
div.Section1
        {page:Section1;}
 /* List Definitions */
 @list l0
        {mso-list-id:1183057671;
        mso-list-type:hybrid;
        mso-list-template-ids:-1825021652 168619142 134807555 134807557 134807553 134807555 134807557 134807553 134807555 134807557;}
@list l0:level1
        {mso-level-start-at:0;
        mso-level-number-format:bullet;
        mso-level-text:-;
        mso-level-tab-stop:none;
        mso-level-number-position:left;
        text-indent:-18.0pt;
        font-family:"Calibri","sans-serif";
        mso-fareast-font-family:Calibri;
        mso-bidi-font-family:"Times New Roman";}
@list l0:level2
        {mso-level-tab-stop:72.0pt;
        mso-level-number-position:left;
        text-indent:-18.0pt;}
@list l0:level3
        {mso-level-tab-stop:108.0pt;
        mso-level-number-position:left;
        text-indent:-18.0pt;}
@list l0:level4
        {mso-level-tab-stop:144.0pt;
        mso-level-number-position:left;
        text-indent:-18.0pt;}
@list l0:level5
        {mso-level-tab-stop:180.0pt;
        mso-level-number-position:left;
        text-indent:-18.0pt;}
@list l0:level6
        {mso-level-tab-stop:216.0pt;
        mso-level-number-position:left;
        text-indent:-18.0pt;}
@list l0:level7
        {mso-level-tab-stop:252.0pt;
        mso-level-number-position:left;
        text-indent:-18.0pt;}
@list l0:level8
        {mso-level-tab-stop:288.0pt;
        mso-level-number-position:left;
        text-indent:-18.0pt;}
@list l0:level9
        {mso-level-tab-stop:324.0pt;
        mso-level-number-position:left;
        text-indent:-18.0pt;}
ol
        {margin-bottom:0cm;}
ul
        {margin-bottom:0cm;}
-->
</style>
<!--[if gte mso 9]><xml>
 <o:shapedefaults v:ext="edit" spidmax="1026" />
</xml><![endif]--><!--[if gte mso 9]><xml>
 <o:shapelayout v:ext="edit">
  <o:idmap v:ext="edit" data="1" />
 </o:shapelayout></xml><![endif]-->
</head>

<body lang=EN-GB link=blue vlink=purple>

<div class=Section1>

<p class=MsoNormal style='text-align:justify'>Hello Leaders,<o:p></o:p></p>

<p class=MsoNormal style='text-align:justify'><o:p>&nbsp;</o:p></p>

<p class=MsoNormal style='text-align:justify'>I hope you are well. <o:p></o:p></p>

<p class=MsoNormal style='text-align:justify'><o:p>&nbsp;</o:p></p>

<p class=MsoNormal style='text-align:justify'>You better than anyone else know
that OWASP as an organization has been built by your continuous open
contributions both by defining its mission, organizational structure, rules and
procedures and by leading the application security projects that are its core
of activity.<o:p></o:p></p>

<p class=MsoNormal style='text-align:justify'><o:p>&nbsp;</o:p></p>

<p class=MsoNormal style='text-align:justify'>In my today&#8217;s call for
contributions, procedures regarding projects development&#8217;s stage
assessment are the main issue.<o:p></o:p></p>

<p class=MsoNormal style='text-align:justify'><o:p>&nbsp;</o:p></p>

<p class=MsoNormal style='text-align:justify'>As you may know, a system to
evaluate OWASP projects is already in use and actually consists in both a set
of criteria <a
href="http://www.owasp.org/index.php/Category:OWASP_Project_Assessment">http://www.owasp.org/index.php/Category:OWASP_Project_Assessment</a>
and a skeleton/frame to implement it <a
href="http://www.owasp.org/index.php/OWASP_Live_CD_2008_Project_-_Assessment_Frame">http://www.owasp.org/index.php/OWASP_Live_CD_2008_Project_-_Assessment_Frame</a>
.<o:p></o:p></p>

<p class=MsoNormal style='text-align:justify'><o:p>&nbsp;</o:p></p>

<p class=MsoNormal style='text-align:justify'>With other few subsequent modifications,
this set of criteria has mainly resulted of a <span style='font-size:10.0pt;
font-family:"Tahoma","sans-serif"'>vigorous</span> discussion held through this
mailing list almost a year ago and since then it has been used in all newly set
up projects. <o:p></o:p></p>

<p class=MsoNormal style='text-align:justify'><o:p>&nbsp;</o:p></p>

<p class=MsoNormal style='text-align:justify'>Since then this issue has been
discussed consecutively in several different contexts. In our Summit, for
example, even if we haven&#8217;t committed a specific slot of time to deal
with this matter, it has collaterally arisen throughout many project&#8217;s
presentations. In addition, I regularly receive from OWASP Board requests to
make modifications, a systemic reflection is being held within the
Project&#8217;s Committee and, as result of my daily handling of projects under
review, I am obtaining some feedback from project leaders and reviewers. <o:p></o:p></p>

<p class=MsoNormal style='text-align:justify'><o:p>&nbsp;</o:p></p>

<p class=MsoNormal style='text-align:justify'>Overall, the people with whom
I&#8217;ve discussed this issue usually say that the procedure can be improved
and IMHO<span style='color:#1F497D'>, </span>even if I think<b><i> </i></b>the
Assessment Criteria is working and actually has been of great help,<span
style='color:#1F497D'> </span>they are right<span style='color:#1F497D'>. </span><o:p></o:p></p>

<p class=MsoNormal style='text-align:justify'><o:p>&nbsp;</o:p></p>

<p class=MsoNormal style='text-align:justify'>From these discussions,
I&#8217;ve retained that a handful of criteria have been proposed but
haven&#8217;t been implemented yet as forthcoming:<o:p></o:p></p>

<p class=MsoListParagraph style='text-align:justify;text-indent:-18.0pt;
mso-list:l0 level1 lfo2'><![if !supportLists]><span style='mso-list:Ignore'>-<span
style='font:7.0pt "Times New Roman"'>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;
</span></span><![endif]>OWASP writing style (Tool projects/Release Quality),<o:p></o:p></p>

<p class=MsoListParagraph style='text-align:justify;text-indent:-18.0pt;
mso-list:l0 level1 lfo2'><![if !supportLists]><span style='mso-list:Ignore'>-<span
style='font:7.0pt "Times New Roman"'>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;
</span></span><![endif]>Translation (Tools and Documentation/Release Quality),<o:p></o:p></p>

<p class=MsoListParagraph style='text-align:justify;text-indent:-18.0pt;
mso-list:l0 level1 lfo2'><![if !supportLists]><span style='mso-list:Ignore'>-<span
style='font:7.0pt "Times New Roman"'>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;
</span></span><![endif]>Bi-monthly periodic news (Tools and Documentation/non
specified Quality status),<o:p></o:p></p>

<p class=MsoListParagraph style='text-align:justify;text-indent:-18.0pt;
mso-list:l0 level1 lfo2'><![if !supportLists]><span style='mso-list:Ignore'>-<span
style='font:7.0pt "Times New Roman"'>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;
</span></span><![endif]>5 slide deck for OWASP Boot Camp project (Tools and
Documentation/Beta status),<o:p></o:p></p>

<p class=MsoListParagraph style='text-align:justify;text-indent:-18.0pt;
mso-list:l0 level1 lfo2'><![if !supportLists]><span style='mso-list:Ignore'>-<span
style='font:7.0pt "Times New Roman"'>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;
</span></span><![endif]>Attribution rules (Tools and Documentation/non
specified Quality status), <o:p></o:p></p>

<p class=MsoListParagraph style='text-align:justify;text-indent:-18.0pt;
mso-list:l0 level1 lfo2'><![if !supportLists]><span style='mso-list:Ignore'>-<span
style='font:7.0pt "Times New Roman"'>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;
</span></span><![endif]>Compulsory Project Skeleton/Frame (Tools and
Documentation/all Quality status), <o:p></o:p></p>

<p class=MsoListParagraph style='text-align:justify;text-indent:-18.0pt;
mso-list:l0 level1 lfo2'><![if !supportLists]><span style='mso-list:Ignore'>-<span
style='font:7.0pt "Times New Roman"'>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;
</span></span><![endif]>&nbsp;Reviewer role - addition and clarification, <o:p></o:p></p>

<p class=MsoListParagraph style='text-align:justify'><a
href="http://owaspsoc2008.wordpress.com/2008/07/15/assessment-guidance/">http://owaspsoc2008.wordpress.com/2008/07/15/assessment-guidance/</a><o:p></o:p></p>

<p class=MsoListParagraph style='text-align:justify;text-indent:-18.0pt;
mso-list:l0 level1 lfo2'><![if !supportLists]><span style='mso-list:Ignore'>-<span
style='font:7.0pt "Times New Roman"'>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;
</span></span><![endif]>Mentor role addition and definition.<o:p></o:p></p>

<p class=MsoNormal style='text-align:justify'>In addition, as far as I am
concerned, a few more structural comments have also been made. Even without
pointing out alternative technical solutions, at least a&nbsp; couple of them
have questioned the rationale of working with tables in wiki text and others
have pointed out the willingness of having a project&#8217;s page similar to, <span
lang=EN-US>for example<span style='color:#1F497D'>,</span></span> this one <span
lang=EN-US style='color:#1F497D'><a href="http://www.hdiv.org/">http://www.hdiv.org/</a>.
</span><o:p></o:p></p>

<p class=MsoNormal style='text-align:justify'><o:p>&nbsp;</o:p></p>

<p class=MsoNormal style='text-align:justify'>Having said all the above with
the intention of giving you a picture of the current situation, I ask for your
contribution so as to update the OWASP Assessment Criteria. <o:p></o:p></p>

<p class=MsoNormal style='text-align:justify'><o:p>&nbsp;</o:p></p>

<p class=MsoNormal style='text-align:justify'>In operational terms, I&#8217;ve
replicated the Assessment Criteria page <a
href="http://www.owasp.org/index.php/Category:OWASP_Project_Assessment_-_Update">http://www.owasp.org/index.php/Category:OWASP_Project_Assessment_-_Update</a>
and propose you introduce your changes directly on it. As soon as we finish the
discussion phase, all the contributions will be moved to the original wiki
page. With the goal of enhancing the discussion, I also propose you use this
mailing list to inform which changes are being proposed and the reason or goal
for doing so. We are also building a Google questionnaire to collect your
opinions and contributions and, as soon as it is finished, it will be sent off.<o:p></o:p></p>

<p class=MsoNormal style='text-align:justify'><o:p>&nbsp;</o:p></p>

<p class=MsoNormal style='text-align:justify'>Please do have into account that
you proposals can have implications in the assessment frame that we are
currently using and, if it happens, please present a compatible solution.&nbsp;
<o:p></o:p></p>

<p class=MsoNormal style='text-align:justify'><span style='color:#1F497D'><o:p>&nbsp;</o:p></span></p>

<p class=MsoNormal style='text-align:justify'>To conclude, I would like to
inform you that the Project&#8217;s Committee propose that, as soon as we
finish this discussion, we establish as a rule to apply to all OWASP Projects
that the quality categorization must respect the revised assessment criteria
which eventually will mean that all projects not assessed under these rules
will be placed under Alpha Quality status. <o:p></o:p></p>

<p class=MsoNormal style='text-align:justify'><b><i><span style='color:#1F497D'><o:p>&nbsp;</o:p></span></i></b></p>

<p class=MsoNormal style='text-align:justify'>I thank you all in anticipation
and look forward to having your indispensable feedback.<o:p></o:p></p>

<p class=MsoNormal style='text-align:justify'>Regards,<o:p></o:p></p>

<p class=MsoNormal><o:p>&nbsp;</o:p></p>

<p class=MsoNormal><span lang=PT>Paulo Coimbra,<o:p></o:p></span></p>

<p class=MsoNormal><span lang=PT><a
href="https://www.owasp.org/index.php/Main_Page">OWASP Project Manager</a><o:p></o:p></span></p>

<p class=MsoNormal><o:p>&nbsp;</o:p></p>

</div>

</body>

</html>