[Owasp-o2-platform] O2 - Moving Forward

dinis cruz dinis.cruz at owasp.org
Fri Nov 27 05:27:34 EST 2009

(CCing the owasp-o2-platform list :)  (others see Daniel's spot-on comments

Hey Daniel, don't worry about talking openly about O2, my current objective
is to make O2 usable and consumable by the rest of the community, and we
will only get there if O2 users are as demanding on O2 as you are :)

I really like the idea of having a main O2 module which is the first module
new users are exposed to (then as they get more experienced they can be
exposed to the other modules).

Although I agree with you that we need a LOT more documentation in O2, the
problem is that there is SO much functionality and features in O2, that the
problem is where to start.

My development model for O2 has always been* 'only develop or solve issues
that have a real short-term usage scenario'* (i.e. only work on an active
problem who has an 'immediate active user' ).

This means that based on the feedback on this list there are 4 areas where I
can see some traction from your side:

   - New simple GUI for new users (as Daniel and Rohit have talked about).
   See http://code.google.com/p/o2platform/issues/detail?id=8
   - O2's current Framework Support: Namely Spring MVC and Struts
   - Using Microsoft CAT.NET within O2
   - O2's .NET and JAVA CirData capabilities: Create CirData from .NET
   Assemblies & Java classes. Creating Traces from CirData, Applying Source ->
   Sink rules, viewing source code from CIR, etc...

Regarding the issues Daniel raised (Documentation, Installation, Use and
Support), I think that the best way forward is to get a couple solid
use-cases working, and then for each of those use cases handle
its: Documentation, Installation (which could be common to all), Use and

What do you think?

Dinis Cruz

2009/11/27 daniel cuthbert <daniel.cuthbert at owasp.org>

> hey,
> Ok have been spending some time thinking about how this project has to move
> forward in order for it to be widely accepted and used. Don't take this too
> personally, I'm fully aware of the time and considerable effort you've put
> into the project. I just feel these basic steps need to be addressed before
> O2 becomes more commonly used.
> 1: Documentation
> You cannot, and I really cannot stress this enough, use a PDF of a
> presentation for a howto page. Presentations, by nature, are meant to
> include snippets of information on the slide. The presenter is then supposed
> to talk about what he/she has on the slide. Dinis, I have no idea what O2 is
> from the Appsec PDF, this is a major problem faced by many.
> O2 needs to have a series of documents explaining what it does, why it
> would benefit you, the tester and also how to use it. This is a problem
> often faced by developers. You've spent the time developing it and assume
> that others automatically know what is going on. This is not the case here.
> The documentation should be in an easy to understand language, make use of
> diagrams and be as helpful as possible. Placing code on a page without any
> explanation what the code is, why it is there or what i'm supposed to do
> isn't going to help alleviate the initial stress of not knowing.
> 2: Installation
> The current architecture of having 16 individual installers isn't workable.
> I understand this project started off as a series of small scripts, but
> evolution dictates that a single entity is required before anyone can use
> it. There needs to be a central application framework, which then allows
> users to install modules as needed. I, as an end user, do not want 16 icons
> on my desktop. Also, where is the documentation for each module? Why was it
> not installed into the windows application task bar
> 3: Use
> This is your biggest hurdle. No-one, bar a very small minority, know how to
> use this. This is madness, I too am still confused as how some things work.
> There are no examples on the project homepage or guides explaining how the
> tool works.
> 4: Support network
> When the above three issues are sorted, the next stage will be a support
> network. The vast amount of questions will be solved by fixing the basics
> such as lack of documentation, gui issues etc but eventually a fully
> functional mailing list/support function is needed.
> As I mentioned, I'm happy to help you with this project but we need to do a
> big chunk of work to get it in a format that everyone can start using, in
> the current guise, that is why the adoption rate is so low.
> Thoughts?
-------------- next part --------------
An HTML attachment was scrubbed...
URL: https://lists.owasp.org/pipermail/owasp-o2-platform/attachments/20091127/4b322c83/attachment.html 

More information about the Owasp-o2-platform mailing list