This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit https://owasp.org
Difference between revisions of "OWASP Project Reviewers Database"
(→PAST REVIEWS/REVIEWERS) |
|||
(69 intermediate revisions by 2 users not shown) | |||
Line 1: | Line 1: | ||
− | + | ==== Reviewers Drive Overview ==== | |
− | { | + | {| style="width:100%" border="0" cellpadding="1" align="left" |
− | + | |- | |
− | + | | style="width:100%" valign="middle" height="30" bgcolor="#CCCCEE" align="center" colspan="1" rowspan="1" | | |
− | + | '''Reviewers drive's goal and methodology explanation''' | |
− | + | |- | |
+ | | style="width:100%" valign="middle" height="200" bgcolor="#EEEEEE" align="left" colspan="0" rowspan="0" | | ||
+ | *'''New Drive for Project Reviewers'''<br> | ||
+ | You may or may not have noticed, but as of the assessment criteria v2, each release will require at least three reviews as it moves from beta to stable. This reintroduces problems we have had in the past finding reviewers for these projects. In addition, at least one of these reviewers should be from the GPC. Based on the last GPC call on Monday, November 23, I am going to spear-head a drive for centralizing the collection and recruitment of OWASP Project reviewers. The general idea for this is to create a pool of known-good persons that can be pulled in when a reviewer is not supplied by the project lead. There are several phases I am planning to implement in order to streamline this. | ||
+ | #Thanks to Paulo, this is already done: Create a sane tracking page where reviewers can register, allowing us to easily find them when needed. You can find a preliminary view of this [http://www.owasp.org/index.php/OWASP_Project_Reviewers_Database#tab=Project_Reviewers.2FVolunteers here]. | ||
+ | #Launch a campaign to recruit as many reviewers as possible: | ||
+ | ##Parse the wiki for existing reviewers that have been active in the last 24 months, as them if they are willing to participate in future reviews, | ||
+ | ##Create a new “how to get involved” page on the wiki with detailed information on what levels of involvement are available within OWASP, to include “Benefits”. “Time commitment”, and “Role” type metrics, | ||
+ | ## Add information regarding the new review campaign in OWASP media, such as mailing lists, conferences, and the newsletter, | ||
+ | #Create a mandatory rotation for all members of the GPC, so that each member will be involved in reviews as they come available. | ||
+ | #Create a review template guide so that reviewers have an idea of what is expected of them. A great example of a top notch review can be seen by Matt Tesauro on JbroFuzz 1.7 [http://www.owasp.org/index.php/Category:OWASP_JBroFuzz_Project_-_Version_1.7_Release_-_Assessment#tab=First_Reviewer here] and [https://docs.google.com/Doc?docid=0ATb3QwFMHCXrZGdubjI3ZHNfNWhkejdkY2Rj&hl=en here]. | ||
− | + | These are merely early thoughts of how I’d like to see this formulated. Feedback is, as always, welcome. | |
− | |||
− | |||
− | |||
− | |||
− | + | Brad Causey (OWASP Global Committee Member) | |
− | |||
− | |||
− | |||
− | |||
− | + | http://globalprojectscommittee.wordpress.com/2009/11/27/new-drive-for-project-reviewers/ | |
− | | | + | |} |
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | | | + | ==== Project Reviewers/Volunteers ==== |
− | | | + | {{:Template:OWASP_Reviewers_Volunteers/Columns}} |
− | | | + | {{:GPC_Project_Reviewers/Volunteer_1 | OWASP_Reviewers_Volunteers/Row}} |
− | | | + | {{:GPC_Project_Reviewers/Volunteer_2 | OWASP_Reviewers_Volunteers/Row}} |
− | | | + | {{:GPC_Project_Reviewers/Volunteer_3 | OWASP_Reviewers_Volunteers/Row}} |
+ | {{:GPC_Project_Reviewers/Volunteer_4 | OWASP_Reviewers_Volunteers/Row}} | ||
+ | {{:GPC_Project_Reviewers/Volunteer_5 | OWASP_Reviewers_Volunteers/Row}} | ||
+ | {{:GPC_Project_Reviewers/Volunteer_6 | OWASP_Reviewers_Volunteers/Row}} | ||
+ | {{:GPC_Project_Reviewers/Volunteer_7 | OWASP_Reviewers_Volunteers/Row}} | ||
+ | {{:GPC_Project_Reviewers/Volunteer_8 | OWASP_Reviewers_Volunteers/Row}} | ||
+ | {{:GPC_Project_Reviewers/Volunteer_9 | OWASP_Reviewers_Volunteers/Row}} | ||
+ | {{:GPC_Project_Reviewers/Volunteer_10 | OWASP_Reviewers_Volunteers/Row}} | ||
+ | {{:GPC_Project_Reviewers/Volunteer_11 | OWASP_Reviewers_Volunteers/Row}} | ||
+ | {{:GPC_Project_Reviewers/Volunteer_12 | OWASP_Reviewers_Volunteers/Row}} | ||
+ | {{:GPC_Project_Reviewers/Volunteer_13 | OWASP_Reviewers_Volunteers/Row}} | ||
+ | {{:GPC_Project_Reviewers/Volunteer_14 | OWASP_Reviewers_Volunteers/Row}} | ||
+ | {{:GPC_Project_Reviewers/Volunteer_15 | OWASP_Reviewers_Volunteers/Row}} | ||
− | | | + | |} |
− | |||
− | |||
− | |||
− | |||
− | + | <br> | |
− | |||
− | |||
− | |||
− | |||
− | + | ==== Past Reviews/Reviewers ==== | |
− | + | {{:Template:OWASP_Project_Assessment/Columns}} | |
− | |||
− | |||
− | |||
− | + | {{:GPC_Project_Assessment/OWASP Live CD | OWASP_Project_Assessment/Row}} | |
− | + | {{:GPC_Project_Assessment/OWASP Testing Guide | OWASP Project Assessment/Row}} | |
− | + | {{:GPC_Project_Assessment/OWASP Ruby on Rails | OWASP Project Assessment/Row}} | |
− | + | {{:GPC_Project_Assessment/OWASP Code Review | OWASP Project Assessment/Row}} | |
− | {{:GPC_Project_Assessment/OWASP Live CD | OWASP_Project_Assessment/Row}} | + | {{:GPC Project Assessment/OWASP AntiSamy .NET | OWASP Project Assessment/Row}} |
− | {{:GPC_Project_Assessment/OWASP Testing Guide | + | {{:GPC Project Assessment/OWASP .NET | OWASP Project Assessment/Row}} |
− | {{:GPC_Project_Assessment/OWASP Ruby on Rails | + | {{:GPC Project Assessment/OWASP Review Project | OWASP Project Assessment/Row}} |
− | {{:GPC_Project_Assessment/OWASP Code Review | + | {{:GPC Project Assessment/OWASP AppSensor | OWASP Project Assessment/Row}} |
− | {{:GPC Project Assessment/OWASP AntiSamy .NET | + | {{:GPC_Project_Assessment/OWASP Backend Security | OWASP_Project_Assessment/Row}} |
− | {{:GPC Project Assessment/ | + | {{:GPC_Project_Assessment/OWASP Securing WebGoat using ModSecurity | OWASP_Project_Assessment/Row}} |
+ | {{:GPC_Project_Assessment/OWASP Teachable Static Analysis Workbench | OWASP_Project_Assessment/Row}} | ||
+ | {{:GPC_Project_Assessment/OWASP Access Control Rules Tester | OWASP_Project_Assessment/Row}} | ||
+ | {{:GPC_Project_Assessment/OWASP Skavenger | OWASP_Project_Assessment/Row}} | ||
+ | {{:GPC_Project_Assessment/OWASP OpenSign Server | OWASP_Project_Assessment/Row}} | ||
+ | {{:GPC_Project_Assessment/OWASP Code Crawler | OWASP_Project_Assessment/Row}} | ||
+ | {{:GPC_Project_Assessment/OWASP OpenPGP Extensions for HTTP | OWASP_Project_Assessment/Row}} | ||
+ | {{:GPC_Project_Assessment/OWASP ASVS | OWASP_Project_Assessment/Row}} | ||
+ | {{:GPC_Project_Assessment/OWASP Classic ASP Security | OWASP_Project_Assessment/Row}} | ||
+ | {{:GPC_Project_Assessment/OWASP JSP Testing Tool | OWASP_Project_Assessment/Row}} | ||
+ | {{:GPC_Project_Assessment/OWASP SQLiBENCH | OWASP_Project_Assessment/Row}} | ||
+ | {{:GPC_Project_Assessment/OWASP Spanish | OWASP_Project_Assessment/Row}} | ||
+ | {{:GPC_Project_Assessment/OWASP Internationalization | OWASP_Project_Assessment/Row}} | ||
+ | {{:GPC_Project_Assessment/w3af | OWASP_Project_Assessment/Row}} | ||
+ | {{:GPC_Project_Assessment/OWASP Orizon | OWASP_Project_Assessment/Row}} | ||
+ | {{:GPC_Project_Assessment/OWASP ASDR | OWASP_Project_Assessment/Row}} | ||
+ | {{:GPC_Project_Assessment/OWASP Application Security Tool Benchmarking Environment | OWASP_Project_Assessment/Row}} | ||
+ | {{:GPC_Project_Assessment/OWASP Education | OWASP_Project_Assessment/Row}} | ||
+ | {{:GPC_Project_Assessment/OWASP Python Static Analysis | OWASP_Project_Assessment/Row}} | ||
+ | {{:GPC_Project_Assessment/OWASP JBroFuzz | OWASP_Project_Assessment/Row}} | ||
+ | {{:GPC_Project_Assessment/OWASP EnDe | OWASP_Project_Assessment/Row}} | ||
+ | {{:GPC_Project_Assessment/OWASP ModSecurity Core Rule Set | OWASP_Project_Assessment/Row}} | ||
+ | {{:GPC_Project_Assessment/OWASP Vicnum | OWASP_Project_Assessment/Row}} | ||
+ | {{:GPC_Project_Assessment/OWASP Content Validation using Java Annotations | OWASP_Project_Assessment/Row}} | ||
+ | {{:GPC_Project_Assessment/OWASP Top Ten | OWASP_Project_Assessment/Row}} | ||
+ | {{:GPC_Project_Assessment/OWASP Secure Coding Practices - Quick Reference Guide | OWASP_Project_Assessment/Row}} | ||
+ | {{:GPC Project Assessment/OWASP Secure Coding Practices - Quick Reference Guide - SCP v2 | OWASP_Project_Assessment/Row}} | ||
+ | {{:GPC Project Assessment/OWASP HTTP Post Tool - HttpDosTool3 | OWASP_Project_Assessment/Row}} | ||
|} | |} | ||
+ | __NOTOC__ | ||
+ | <headertabs/> |
Latest revision as of 22:38, 26 November 2010
Reviewers Drive Overview
Reviewers drive's goal and methodology explanation |
You may or may not have noticed, but as of the assessment criteria v2, each release will require at least three reviews as it moves from beta to stable. This reintroduces problems we have had in the past finding reviewers for these projects. In addition, at least one of these reviewers should be from the GPC. Based on the last GPC call on Monday, November 23, I am going to spear-head a drive for centralizing the collection and recruitment of OWASP Project reviewers. The general idea for this is to create a pool of known-good persons that can be pulled in when a reviewer is not supplied by the project lead. There are several phases I am planning to implement in order to streamline this.
These are merely early thoughts of how I’d like to see this formulated. Feedback is, as always, welcome. Brad Causey (OWASP Global Committee Member) http://globalprojectscommittee.wordpress.com/2009/11/27/new-drive-for-project-reviewers/ |
Project Reviewers/Volunteers
Volunteer Reviewer Identification, Interests and Commitments | ||||
Name | Projects I would be interested in reviewing | Projects currently reviewing | Projects reviewed | |
view edit | Paulo Coimbra (as an example) @ | Code Review, Testing and Firewalls. | ||
view edit | Jocelyn Aubert @ | Best practices, Code Review, Testing, OWASP Secure Coding Practices - Quick Reference Guide | N/A | N/A |
view edit | James McGovern @ | Anything of interest to CIO, CISO and Chief Architect audience | N/A | N/A |
view edit | Ludovic Petit @ | OWASP Secure Coding Practices - Quick Reference Guide, Top Ten, and same as James | N/A | N/A |
view edit | Michael Scovetta @ | OWASP Secure Coding Practices - Quick Reference Guide, best practices, code review, templates | N/A | N/A |
view edit | Sherif Koussa @ | Secure Coding Guidelines, Secure Code Reviews, Secure Development Lifecycle | N/A | N/A |
view edit | Sébastien Gioria @ | CodeReview, Testing, Top10, ASVS, Education materials | N/A | N/A |
view edit | Aung Khant @ | "OWASP Secure Coding Practices Quick Reference Guide", "OWASP Testing Project" | N/A | N/A |
view edit | Gandhi Aryavalli @ | Code Compliance, Static Secure Code Analysis, Top 10, Reverse Engineering, Dynamic Analysis, Malware Research, Network Enumerations, or anything of interest of OWASP in Information Security that makes an impact in bringing awareness to IT in the field of Security Science | N/A | N/A |
view edit | Volunteer 10 | N/A | N/A | |
view edit | Volunteer 11 | N/A | N/A | |
view edit | Volunteer 12 | N/A | N/A | |
view edit | Volunteer 13 | N/A | N/A | |
view edit | Volunteer 14 | N/A | N/A | |
view edit | Volunteer 15 | N/A | N/A |