[Owasp-testing] v5?

Benjamin Robinson benjamin.robinson at gmail.com
Tue Jan 16 17:38:54 UTC 2018


I have a push hanging out there against the repo... I think we need to come
up with a plan of attack.

I think the current version is quite good, and a lot of the content is
reusable. Major action items:

Review the categories/control families and see if we are good with them
(survey?).
Review the individual tests and see if they are redundant/relevant
(survey?).
Determine new control families and new tests (git has a start for this,
sort of).
Sign-up for authoring tests.

We also need to plan on people NOT being completely committed. We can use
Git's ticketing for workstream, but somehow need to age things out. The
largest part requiring collaboration will be coming up with this plan. So
who is in charge? How do we feel about creating a couple surveys to get a
sense of what needs attention?



On Thu, Jan 11, 2018 at 12:56 AM, Tushar Vartak <tusharvartak at me.com> wrote:

> Hi,
>
> I will be available and can definitely allocate time
>
> Regards,
>
>
> Tushar vartak
>
> On Jan 11, 2018, at 12:54 PM, Dimitri Fousekis <dimitri at bitcrack.net>
> wrote:
>
> Ill be be available.
>
> Thx.
>
> Dimitri Fousekis
>
> On 10 Jan 2018, at 21:50, R M <kingthorin at hotmail.com> wrote:
>
> Hey Mat, I think I get where you're coming from.
>
> Is there a particular delivery date we're trying to hit?
> Can we allow the project o be more free-form? i.e.: Announce the github
> repo as open for business and get people started on editing/writing
> (contributing) and publish later when things are actually far enough along?
> See how that goes and announce a timeline later. Or re-evaluate the
> approach after 6mo. Or _____ (I'm sure there are different ways to tackle
> it.)
>
> Whatever form it takes, I know I'm ready to contribute some
> writing/editing time in the next 6mo.
>
> Rick
>
>
> ------------------------------
> *From:* Matteo Meucci <matteo.meucci at owasp.org>
> *Sent:* January 10, 2018 8:50 AM
> *To:* R M; owasp-testing at lists.owasp.org
> *Subject:* Re: [Owasp-testing] v5?
>
> Hi,
> thank you for your follow up.
>
> So, we did some discussion last summer after the OWASP Summit.
>
> Chris created the github project, but at moment we need to set up a team
> that really wants to help to create a new version.
> The problem here is that many people say "I want to contribute" but really
> a few are able to produce something.
>
> So the question is, may we set up a team of 5-10p that really want to
> contribute to the project? If you want to jump in, you must be available to
> contribute in the next 6 months.
>
> Thanks,
> Mat
>
>
>
> On 10/01/2018 14:04, R M wrote:
>
> So what's the scoop?
>
> https://twitter.com/kingthorin_rm/status/950417838375915520
> "*@owasp <https://twitter.com/owasp> @matteo_meucci
> <https://twitter.com/matteo_meucci> what's going on with Testing Guide v5?
> There was some talk about it last
> summer:  http://lists.owasp.org/pipermail/owasp-testing/
> <http://lists.owasp.org/pipermail/owasp-testing/> but the mailing list
> seems dead since then. A repo seems to have been setup 7mo
> ago https://github.com/OWASP/OWASP-Testing-Guide-v5
> <https://github.com/OWASP/OWASP-Testing-Guide-v5> Is it ready for business?*
> "
>
>
> https://twitter.com/matteo_meucci/status/950421772314337282
>
>
> _______________________________________________
> Owasp-testing mailing listOwasp-testing at lists.owasp.orghttps://lists.owasp.org/mailman/listinfo/owasp-testing
>
>
> _______________________________________________
> Owasp-testing mailing list
> Owasp-testing at lists.owasp.org
> https://lists.owasp.org/mailman/listinfo/owasp-testing
>
>
> Disclaimer: Mauritius - The contents of this email are DC-2 Classified.
> All Other Countries - The information contained in this communication is
> intended solely for use by the individual or entity to whom it is
> addressed. It may contain proprietary material, confidential information
> and/or be subject to legal privilege. Use and/or distribution of this
> communication by others is prohibited. Bitcrack Group Mauritius Ltd
> (Bitcrack Cyber Security Pty Ltd) and it's subsidiaries are neither liable
> for the proper and complete transmission of the information contained in
> this communication nor for any delay in its receipt nor for any special,
> incidental or consequential damages of any nature whatsoever resulting from
> receipt or use of this communication. Opinions, conclusions and other
> information on this message that do not relate to the official business of
> Bitcrack Group Ltd (Bitcrack Cyber Security) shall be understood as neither
> given nor endorsed by it.
> _______________________________________________
> Owasp-testing mailing list
> Owasp-testing at lists.owasp.org
> https://lists.owasp.org/mailman/listinfo/owasp-testing
>
>
>
> _______________________________________________
> Owasp-testing mailing list
> Owasp-testing at lists.owasp.org
> https://lists.owasp.org/mailman/listinfo/owasp-testing
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/owasp-testing/attachments/20180116/cec898f2/attachment.html>


More information about the Owasp-testing mailing list