This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit https://owasp.org
Difference between revisions of "OWASP Project Reviewers Database"
Line 7: | Line 7: | ||
|- | |- | ||
| style="width:100%" valign="middle" height="200" bgcolor="#EEEEEE" align="left" colspan="0" rowspan="0" | | | style="width:100%" valign="middle" height="200" bgcolor="#EEEEEE" align="left" colspan="0" rowspan="0" | | ||
− | *New Drive for Project Reviewers You may or may not have noticed, but as of the assessment criteria v2, each release will require at least three reviews as it moves from beta to stable. This reintroduces problems we have had in the past finding reviewers for these projects. In addition, at least one of these reviewers should be from the GPC. Based on the last GPC call on Monday, November 23, I am going to spear-head a drive for centralizing the collection and recruitment of OWASP Project reviewers. The general idea for this is to create a pool of known-good persons that can be pulled in when a reviewer is not supplied by the project lead. There are several phases I am planning to implement in order to streamline this. | + | *'''New Drive for Project Reviewers'''<br> |
− | #Thanks to Paulo, this is already done: Create a sane tracking page where reviewers can register, allowing us to easily find them when needed. You can find a preliminary view of this | + | You may or may not have noticed, but as of the assessment criteria v2, each release will require at least three reviews as it moves from beta to stable. This reintroduces problems we have had in the past finding reviewers for these projects. In addition, at least one of these reviewers should be from the GPC. Based on the last GPC call on Monday, November 23, I am going to spear-head a drive for centralizing the collection and recruitment of OWASP Project reviewers. The general idea for this is to create a pool of known-good persons that can be pulled in when a reviewer is not supplied by the project lead. There are several phases I am planning to implement in order to streamline this. |
+ | #Thanks to Paulo, this is already done: Create a sane tracking page where reviewers can register, allowing us to easily find them when needed. You can find a preliminary view of this [http://www.owasp.org/index.php/OWASP_Project_Reviewers_Database#tab=Project_Reviewers.2FVolunteers here]. | ||
#Launch a campaign to recruit as many reviewers as possible: | #Launch a campaign to recruit as many reviewers as possible: | ||
− | ##Parse the wiki for existing reviewers that have been active in the last 24 months, as them if they are willing to participate in future reviews | + | ##Parse the wiki for existing reviewers that have been active in the last 24 months, as them if they are willing to participate in future reviews, |
− | ##Create a new “how to get involved” page on the wiki with detailed information on what levels of involvement are available within OWASP, to include “Benefits”. “Time commitment”, and “Role” type metrics | + | ##Create a new “how to get involved” page on the wiki with detailed information on what levels of involvement are available within OWASP, to include “Benefits”. “Time commitment”, and “Role” type metrics, |
− | ## Add information regarding the new review campaign in OWASP media, such as mailing lists, conferences, and the newsletter | + | ## Add information regarding the new review campaign in OWASP media, such as mailing lists, conferences, and the newsletter, |
#Create a mandatory rotation for all members of the GPC, so that each member will be involved in reviews as they come available. | #Create a mandatory rotation for all members of the GPC, so that each member will be involved in reviews as they come available. | ||
#Create a review template guide so that reviewers have an idea of what is expected of them. A great example of a top notch review can be seen by Matt Tesauro on JbroFuzz 1.7 [http://www.owasp.org/index.php/Category:OWASP_JBroFuzz_Project_-_Version_1.7_Release_-_Assessment#Stable_Release_Review_of_the_OWASP_JBroFuzz_Project_-_Release_1.7 here] and [https://docs.google.com/Doc?docid=0ATb3QwFMHCXrZGdubjI3ZHNfNWhkejdkY2Rj&hl=en here]. | #Create a review template guide so that reviewers have an idea of what is expected of them. A great example of a top notch review can be seen by Matt Tesauro on JbroFuzz 1.7 [http://www.owasp.org/index.php/Category:OWASP_JBroFuzz_Project_-_Version_1.7_Release_-_Assessment#Stable_Release_Review_of_the_OWASP_JBroFuzz_Project_-_Release_1.7 here] and [https://docs.google.com/Doc?docid=0ATb3QwFMHCXrZGdubjI3ZHNfNWhkejdkY2Rj&hl=en here]. |
Revision as of 11:41, 30 August 2010
Reviewers Drive Overview
Reviewers drive's goal and methodology explanation |
You may or may not have noticed, but as of the assessment criteria v2, each release will require at least three reviews as it moves from beta to stable. This reintroduces problems we have had in the past finding reviewers for these projects. In addition, at least one of these reviewers should be from the GPC. Based on the last GPC call on Monday, November 23, I am going to spear-head a drive for centralizing the collection and recruitment of OWASP Project reviewers. The general idea for this is to create a pool of known-good persons that can be pulled in when a reviewer is not supplied by the project lead. There are several phases I am planning to implement in order to streamline this.
These are merely early thoughts of how I’d like to see this formulated. Feedback is, as always, welcome. Brad Causey (OWASP Global Committee Member) http://globalprojectscommittee.wordpress.com/2009/11/27/new-drive-for-project-reviewers/ |
Project Reviewers/Volunteers
Volunteer Reviewer Identification, Interests and Commitments | ||||
Name | Projects I would be interested in reviewing | Projects currently reviewing | Projects reviewed | |
view edit | Paulo Coimbra (as an example) @ | Code Review, Testing and Firewalls. | ||
view edit | Jocelyn Aubert @ | Best practices, Code Review, Testing, OWASP Secure Coding Practices - Quick Reference Guide | N/A | N/A |
view edit | James McGovern @ | Anything of interest to CIO, CISO and Chief Architect audience | N/A | N/A |
view edit | Ludovic Petit @ | OWASP Secure Coding Practices - Quick Reference Guide, Top Ten, and same as James | N/A | N/A |
view edit | Michael Scovetta @ | OWASP Secure Coding Practices - Quick Reference Guide, best practices, code review, templates | N/A | N/A |
view edit | Sherif Koussa @ | Secure Coding Guidelines, Secure Code Reviews, Secure Development Lifecycle | N/A | N/A |
view edit | Sébastien Gioria @ | CodeReview, Testing, Top10, ASVS, Education materials | N/A | N/A |
view edit | Aung Khant @ | "OWASP Secure Coding Practices Quick Reference Guide", "OWASP Testing Project" | N/A | N/A |
view edit | Gandhi Aryavalli @ | Code Compliance, Static Secure Code Analysis, Top 10, Reverse Engineering, Dynamic Analysis, Malware Research, Network Enumerations, or anything of interest of OWASP in Information Security that makes an impact in bringing awareness to IT in the field of Security Science | N/A | N/A |
view edit | Volunteer 10 | N/A | N/A |