[Owasp-standards] PCI-WASS constraints and goals

owasp-standards-admin at lists.sourceforge.net owasp-standards-admin at lists.sourceforge.net
Thu Dec 22 06:47:25 EST 2005


Quick answers to quick questions... (I like that :) )

The project is just getting started.  I wrote the strawman document about a
month ago and it's been knocking around doing some minor edits and changes.
It's taken a bit of time to get the OWASP page up, and this list, but as I
know things are slowing down in some companies for the holidays, I figured
now would be a good time to kick off discussions.

I'm fully expecting it to be torn apart with people saying "you should do
this", or "you're an idiot :)  The plan that I have is to watch discussions
until the new year, then collate all the recommendations/responses into a
post, and punt it back to the list.  Based on reaction, I'll then create
another doc and see where it leads us.  I've no intention of assigning
"tasks" yet, because I want this first stage to be pretty organic.  Once we
start to see some agreement on the requirements and the checks needed for
the requirements, I might start asking for volenteers to write them up and
bring them into better shape.

No "end" timeframe yet, but I'd like to get another doc ready by Jan.  From
there we should start to see what the timeline of the project could look
like.

So far, the "team" is myself, and Vivek Chudgar (who I don't think has
subscribed to the list yet, although I believe he might be on vacation at
the moment).  Lyal and yourself seem quite vocal and willing to discuss the
good/bad points, so consider yourself welcome to the team :)  Everyone else
subscribed on this list is also part-and-parsel of this project, so the more
the merrier as far as I'm concerned at the moment.

Cheers,
Mike,


On 12/21/05, owasp-standards-admin at lists.sourceforge.net <
owasp-standards-admin at lists.sourceforge.net> wrote:
>
>  Mike,
>
> Sounds great I agree about keeping this project high-level and having a
> testable list of requirements would be helpful I think to anyone building
> applications around credit card processing etc.
>
> So where is the project up to?, Do you need people to get involved and
> how?
>
> Is someone starting to enhance the strawman document and assigning
> different taks?
>
>
>
> I suppose what I would like to see is timeframes and
> goals/responsibilities for the project. EG lets get the project rolling.
>
> I think talking about the issues definitely needs to happen though I would
> like to see something starting to happen from enhancing and drafting a
> format.
>
>
>
> I am more then keen to get involved in the project if the project team
> wishes..
>
> (Btw who is the project team?)
>
>
>
> Regards
>
> Justin
>
>
>  ------------------------------
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.owasp.org/pipermail/owasp-standards/attachments/20051222/f8b8be6a/attachment.html 


More information about the Owasp-standards mailing list