[Owasp-o2-platform] O2 - Moving Forward

daniel cuthbert daniel.cuthbert at owasp.org
Fri Nov 27 06:31:51 EST 2009


hey,

The GUI idea sounds like a promising start. 99% of the time, a user will
struggle with a technology when it's really hard to use. The first 10
minutes spent with the app needs to be as helpful as possible, otherwise it
will be ignored.

Obviously documentation gets created on what is available. Right now,
creating any documentation on the 16 modules available would be a time
consuming task, if the GUI is being developed. Rather let's put our effort
into making that first step work and then go about the documentation.

Do you have an idea of when the dev on the GUI will start?


2009/11/27 daniel cuthbert <daniel.cuthbert at owasp.org>

> hey,
>
> The GUI idea sounds like a promising start. 99% of the time, a user will
> struggle with a technology when it's really hard to use. The first 10
> minutes spent with the app needs to be as helpful as possible, otherwise it
> will be ignored.
>
> Obviously documentation gets created on what is available. Right now,
> creating any documentation on the 16 modules available would be a time
> consuming task, if the GUI is being developed. Rather let's put our effort
> into making that first step work and then go about the documentation.
>
> Do you have an idea of when the dev on the GUI will start?
>
>
> 2009/11/27 dinis cruz <dinis.cruz at owasp.org>
>
> (CCing the owasp-o2-platform list :)  (others see Daniel's spot-on comments
>> below))
>>
>> Hey Daniel, don't worry about talking openly about O2, my current
>> objective is to make O2 usable and consumable by the rest of the community,
>> and we will only get there if O2 users are as demanding on O2 as you are :)
>>
>> I really like the idea of having a main O2 module which is the first
>> module new users are exposed to (then as they get more experienced they can
>> be exposed to the other modules).
>>
>> Although I agree with you that we need a LOT more documentation in O2, the
>> problem is that there is SO much functionality and features in O2, that the
>> problem is where to start.
>>
>> My development model for O2 has always been* 'only develop or solve
>> issues that have a real short-term usage scenario'* (i.e. only work on an
>> active problem who has an 'immediate active user' ).
>>
>> This means that based on the feedback on this list there are 4 areas where
>> I can see some traction from your side:
>>
>>    - New simple GUI for new users (as Daniel and Rohit have talked
>>    about). See http://code.google.com/p/o2platform/issues/detail?id=8
>>    - O2's current Framework Support: Namely Spring MVC and Struts
>>    - Using Microsoft CAT.NET within O2
>>    - O2's .NET and JAVA CirData capabilities: Create CirData from .NET
>>    Assemblies & Java classes. Creating Traces from CirData, Applying Source ->
>>    Sink rules, viewing source code from CIR, etc...
>>
>> Regarding the issues Daniel raised (Documentation, Installation, Use and
>> Support), I think that the best way forward is to get a couple solid
>> use-cases working, and then for each of those use cases handle
>> its: Documentation, Installation (which could be common to all), Use and
>> Support
>>
>> What do you think?
>>
>> Dinis Cruz
>>
>> 2009/11/27 daniel cuthbert <daniel.cuthbert at owasp.org>
>>
>> hey,
>>>
>>> Ok have been spending some time thinking about how this project has to
>>> move forward in order for it to be widely accepted and used. Don't take this
>>> too personally, I'm fully aware of the time and considerable effort you've
>>> put into the project. I just feel these basic steps need to be addressed
>>> before O2 becomes more commonly used.
>>>
>>> 1: Documentation
>>>
>>> You cannot, and I really cannot stress this enough, use a PDF of a
>>> presentation for a howto page. Presentations, by nature, are meant to
>>> include snippets of information on the slide. The presenter is then supposed
>>> to talk about what he/she has on the slide. Dinis, I have no idea what O2 is
>>> from the Appsec PDF, this is a major problem faced by many.
>>>
>>> O2 needs to have a series of documents explaining what it does, why it
>>> would benefit you, the tester and also how to use it. This is a problem
>>> often faced by developers. You've spent the time developing it and assume
>>> that others automatically know what is going on. This is not the case here.
>>>
>>> The documentation should be in an easy to understand language, make use
>>> of diagrams and be as helpful as possible. Placing code on a page without
>>> any explanation what the code is, why it is there or what i'm supposed to do
>>> isn't going to help alleviate the initial stress of not knowing.
>>>
>>> 2: Installation
>>>
>>> The current architecture of having 16 individual installers isn't
>>> workable. I understand this project started off as a series of small
>>> scripts, but evolution dictates that a single entity is required before
>>> anyone can use it. There needs to be a central application framework, which
>>> then allows users to install modules as needed. I, as an end user, do not
>>> want 16 icons on my desktop. Also, where is the documentation for each
>>> module? Why was it not installed into the windows application task bar
>>>
>>> 3: Use
>>>
>>> This is your biggest hurdle. No-one, bar a very small minority, know how
>>> to use this. This is madness, I too am still confused as how some things
>>> work. There are no examples on the project homepage or guides explaining how
>>> the tool works.
>>>
>>> 4: Support network
>>>
>>> When the above three issues are sorted, the next stage will be a support
>>> network. The vast amount of questions will be solved by fixing the basics
>>> such as lack of documentation, gui issues etc but eventually a fully
>>> functional mailing list/support function is needed.
>>>
>>> As I mentioned, I'm happy to help you with this project but we need to do
>>> a big chunk of work to get it in a format that everyone can start using, in
>>> the current guise, that is why the adoption rate is so low.
>>>
>>> Thoughts?
>>>
>>>
>>>
>>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: https://lists.owasp.org/pipermail/owasp-o2-platform/attachments/20091127/7bf5e031/attachment.html 


More information about the Owasp-o2-platform mailing list