[Owasp-standards] No updates

owasp-standards-admin at lists.sourceforge.net owasp-standards-admin at lists.sourceforge.net
Fri Jan 20 14:11:24 EST 2006

Yep, it has been quiet recently :)  There's not been much traffic for me to
respond to, and as I've been busy in my real job, I've not been able to work
on the next version of the document yet (although initially I did plan not
to look at it until the end of the month).

With the next version of the document, I currently have a few issues I'm
working though.  Firstly, I need to consolidate all the comments we've had
on the list and plan out what's good, bad, and needs changing with what we
currently have.  As most of the comments (from my perspective - I may be
wrong, and I'll need to go through the archives again) are at a higher level
about the intention of the project and where it fits in, I may have to scrap
what we have and start again on a different track - I'd like to get peoples
thoughts on this.  I don't what a highly descriptive document like the owasp
testing guide, nor something brief and generic like the top 10.

On a related note, I was contacted a couple of weeks ago from
representatives from Visa and MasterCard.  Initially they had reservations
about the project, but from reading the posts and talking about the
intentions of the project they feel that it's a good, and timely, idea.
Once of the immediate things that came out of that conversation was removing
PCI from the project description - something I've done on the OWASP project
web pages, and posted a message to the list about.  They were concerned with
the possibility of confusion with the project being endorsed by them.  I was
happy to comply with this request as I was only using PCI as a frame of
reference and to give the project context, not to claim any involvement with

Also, Visa/MC would like to be involved in the initial stages of
development, rather than just at the end where we were going to propose the
output of the project as an addition to the current standards to them.  I
think having them involved at the beginning is great as they will be able to
point out the things they are most concerned about as well as provide input
on what will and wont work.  It's clear that they understand the project
isn't solely about credit-card processing systems, but gauging the security
of websites in general, however getting their insight wherever possible can
only benefit the project.  I'm currently waiting on getting a round-table
discussion set up to see how we can take participation further.

Well, that's about all I have for a status update on the project.  I'll
post details as and when I get them.


On 1/18/06, owasp-standards-admin at lists.sourceforge.net
<owasp-standards-admin at lists.sourceforge.net>
> Hi All,
> Its been very quite. May i know where we are now! I mean when is the next
> version of document will be out for review.....
> Thanks
> Ahmed Shahzad
> -------------------------------------------------------
> This SF.net email is sponsored by: Splunk Inc. Do you grep through log
> files
> for problems?  Stop!  Download the new AJAX search engine that makes
> searching your log files as easy as surfing the  web.  DOWNLOAD SPLUNK!
> http://sel.as-us.falkag.net/sel?cmd=lnk&kid=103432&bid=230486&dat=121642
> _______________________________________________
> Owasp-standards mailing list
> Owasp-standards at lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/owasp-standards
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.owasp.org/pipermail/owasp-standards/attachments/20060120/bd71f2ff/attachment.html 

More information about the Owasp-standards mailing list