This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit https://owasp.org

OWASP Project Reviewers Database

From OWASP
Revision as of 11:29, 30 August 2010 by Paulo Coimbra (talk | contribs)

Jump to: navigation, search

Reviewers Drive Overview

Reviewers drive's goal and methodology explanation

  • New Drive for Project Reviewers You may or may not have noticed, but as of the assessment criteria v2, each release will require at least three reviews as it moves from beta to stable. This reintroduces problems we have had in the past finding reviewers for these projects. In addition, at least one of these reviewers should be from the GPC. Based on the last GPC call on Monday, November 23, I am going to spear-head a drive for centralizing the collection and recruitment of OWASP Project reviewers. The general idea for this is to create a pool of known-good persons that can be pulled in when a reviewer is not supplied by the project lead. There are several phases I am planning to implement in order to streamline this.
  1. Thanks to Paulo, this is already done: Create a sane tracking page where reviewers can register, allowing us to easily find them when needed. You can find a preliminary view of this here: http://www.owasp.org/index.php/OWASP_Project_Reviewers_Database.
  2. Launch a campaign to recruit as many reviewers as possible:

a. Parse the wiki for existing reviewers that have been active in the last 24 months, as them if they are willing to participate in future reviews b. Create a new “how to get involved” page on the wiki with detailed information on what levels of involvement are available within OWASP, to include “Benefits”. “Time commitment”, and “Role” type metrics c. Add information regarding the new review campaign in OWASP media, such as mailing lists, conferences, and the newsletter 3. Create a mandatory rotation for all members of the GPC, so that each member will be involved in reviews as they come available. 4. Create a review template guide so that reviewers have an idea of what is expected of them. A great example of a top notch review can be seen by Matt Tesauro on JbroFuzz 1.7 here: http://www.owasp.org/index.php/Category:OWASP_JBroFuzz_Project_-_Version_1.7_Release_-_Assessment#Stable_Release_Review_of_the_OWASP_JBroFuzz_Project_-_Release_1.7 and here: https://docs.google.com/Doc?docid=0ATb3QwFMHCXrZGdubjI3ZHNfNWhkejdkY2Rj&hl=en

These are merely early thoughts of how I’d like to see this formulated. Feedback is, as always, welcome.

Brad Causey (OWASP Global Committee Member)

http://globalprojectscommittee.wordpress.com/2009/11/27/new-drive-for-project-reviewers/


Project Reviewers/Volunteers

Volunteer Reviewer Identification, Interests and Commitments
Name Projects I would be interested in reviewing Projects currently reviewing Projects reviewed
view edit Paulo Coimbra (as an example) @ Code Review, Testing and Firewalls.
view edit Jocelyn Aubert @ Best practices, Code Review, Testing, OWASP Secure Coding Practices - Quick Reference Guide N/A N/A
view edit James McGovern @ Anything of interest to CIO, CISO and Chief Architect audience N/A N/A
view edit Ludovic Petit @ OWASP Secure Coding Practices - Quick Reference Guide, Top Ten, and same as James N/A N/A
view edit Michael Scovetta @ OWASP Secure Coding Practices - Quick Reference Guide, best practices, code review, templates N/A N/A
view edit Sherif Koussa @ Secure Coding Guidelines, Secure Code Reviews, Secure Development Lifecycle N/A N/A
view edit Sébastien Gioria @ CodeReview, Testing, Top10, ASVS, Education materials N/A N/A
view edit Aung Khant @ "OWASP Secure Coding Practices Quick Reference Guide", "OWASP Testing Project" N/A N/A
view edit Gandhi Aryavalli @ Code Compliance, Static Secure Code Analysis, Top 10, Reverse Engineering, Dynamic Analysis, Malware Research, Network Enumerations, or anything of interest of OWASP in Information Security that makes an impact in bringing awareness to IT in the field of Security Science N/A N/A
view edit Volunteer 10 N/A N/A


Past Reviews/Reviewers

Project Name Review
First Reviewer Second Reviewer GPC/Board Reviewer Version
Name Starting
Date 		Closing
Date &
Link 		Name Starting
Date 		Closing
Date &
Link 		Name Starting
Date 		Closing
Date &
Link
Live CD Project Dustin Dykes @ 29/06/2008 15/09/2008 Kent Poots @ 26/06/2008 14/09/2008 Sebastien D. @ 8/10/2008 8/10/2008 v1.0
Testing Guide Nam Nguyen @ 06/07/2008 18/10/2008 Kevin Fuller @ 29/07/2008 21/10/2008 Sebastien D. @ 07/01/2009 07/01/2009 v1.0
Ruby on Rails A. Shireman @ 23/11/2008 23/11/2008 Steve Jones @ 26/10/2008 23/11/2008 Sesbastien D. @ 31/01/2009 31/01/2009 v1.0
Code Review Rahim Jina @ 02/11/2008 03/12/2008 P. S. Kumar @ 03/11/2008 03/12/2008 Jeff Williams @ 04/01/2009 04/01/2009 v1.0
AntiSamy .NET E. Ribičić's @ 29/08/2008 29/08/2008 Marcin W. @ 01/10/2008 29/03/2009 Jeff Williams @ 20/03/2009 20/03/2009 v1.0
.NET Eoin Keary @ 24/03/2009 24/03/2009 Gary Burns @ 08/05/2009 08/05/2009 Dinis Cruz @ 02/06/2009 02/06/2009 v1.0
Review of OWASP Projects Alexander Fry @ 01/11/2008 22/12/2008 Marco Morana @ 01/11/2008 22/12/200/ Sebastien D. @ 07/01/2009 07/01/2009 v1.0
AppSensor Eric Sheridan @ 01/11/2008 01/11/2008 Randy Janinda @ 01/11/2008 01/11/2008 v1.0
Backend Security E. Ribičić @ 05/11/2008 05/11/2008 Josh Sweeney @ 10/12/2008 10/12/2008 v1.0
Securing WebGoat using ModSecurity Ivan Ristic @ 29/10/2008 29/10/2008 Christian Folini @ 27/10/2008 27/10/2008 v1.0
Teachable Static Analysis Workbench Alexander Fry @ 01/11/2008 16/01/2009 M. Coates @ 25/11/2008 22/01/2009 v1.0
Access Control Rules Tester S. Antoniewicz @ 02/02/2009 04/02/2009 Min Chen @ 03/11/2008 03/11/2008 v1.0
Skavenger Rogan Dawes @ 27/02/2009 27/02/2009 A. Hoffmann @ 06/11/2008 06/11/2008 v1.0
OpenSign Server Pierre Parrend @ 08/02/2009 27/02/2009 Gary Burns @ 30/10/2008 06/03/2009 v1.0
Code Crawler Eoin Keary @ 18/02/2009 16/03/2009 Matteo Meucci @ 15/03/2009 17/03/2009 v1.0
OpenPGP Extensions for HTTP Mark Roxberry @ 17/03/2009 17/03/2009 Brad Causey @ 16/03/2009 16/03/2009 v1.0
ASVS Jeff Williams @ 11/12/2008 11/12/2008 Pierre Parrend @ 26/10/2008 14/12/2008 v1.0
Classic ASP Security E. Ribičić @ 17/04/2009 17/04/2009 Fabio Cerullo @ 11/05/2009 11/05/2009 v1.0
JSP Testing Tool Mark Kerzner @ 03/11/2008 06/02/2009 F. Fujikawa @ 16/02/2009 04/03/2009 v1.0
SQLiBENCH F. Mavituna @ 04/11/2008 04/11/2008 Kevin Fuller @ 03/11/2008 03/11/2008 v1.0
Spanish Fabio Cerullo @ 24/09/2008 24/09/2008 Rodrigo M. @ 27/10/2008 27/10/2008 v1.0
Internationalization Fabio Cerullo @ 24/09/2008 24/09/2008 Rodrigo M. @ 05/09/2008 01/11/2008 v1.0
w3af A. Riancho @ 15/10/2008 15/10/2008 A. Hoffmann @ 28/10/2008 28/10/2008 v1.0
Orizon Eoin Keary @ 14/11/2008 14/11/2008 Sebastien D. @ 16/03/2009 16/03/2009 v1.0
ASDR Leonardo C. @ 13/11/2008 16/02/2009 v1.0
Application Security Tool Benchmarking Environment Mark Roxberry @ 25/02/2009 25/02/2009 Mike de Libero @ 23/02/2009 16/03/2009 v1.0
Education Nam Nguyen @ 04/11/2008 04/11/2008 v1.0
Python Static Analysis Nam Nguyen @ 04/11/2008 04/11/2008 v1.0
JBroFuzz Subere @ 27/09/2009 27/09/2009 Matt Tesauro @ 24/10/2009 24/10/2009 Leonardo M. @ 21/10/2009 21/10/2009 v2.0
EnDe Achim H. @ 28/10/2009 30/10/2009 A. Riancho @ 28/10/2009 Unfinished Brad Causey @ 28/10/2009 Unfinished v2.0
ModSecurity Core Rule Set Ryan Barnett @ 24/11/2009 05/02/2010 Ivan Ristic @ 24/11/2009 31 March 2010 Leonardo C. 24/11/2009 20/08/2010 v2.0
Vicnum Mordecai K. @ 24/09/2009 20/01/2010 Greg P. @ 24/09/2009 18/01/2010 Tom Brennan @ 24/09/2009 Unfinished v2.0
Content Validation using Java Annotations Dag Hovland @ 21/09/2009 21/09/2009 Dinis Cruz @ 01/12/2009 Unfinished Matt Tesauro @ 01/12/2009 Unfinished v2.0
Top Ten Dave Wichers @  ? Unfinished TBD  ? Unfinished Jason Li @  ? Unfinished v2.0
Retrieved from "https://wiki.owasp.org/index.php?title=OWASP_Project_Reviewers_Database&oldid=88183"