OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.

 


Help: OASIS Mailing Lists Help | MarkMail Help

was message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]

Subject: OASIS WAS Meeting - Thursday 1pm EST

With the inaugural meeting of the WAS Technical Committee on Thursday at 12pm EST, I just wanted to drop you all a note as a reminder, and seed a few thoughts to stimulate your interest. The dial in numbers are online at http://www.oasis-open.org. If for any reason you can’t get in, please email me using mark@curphey.com . 

This inaugural meeting is an introductory one, and the real work will start in earnest at the next TC meeting to be scheduled two weeks from tomorrows date.

As you know we have divided our work into three main streams;

•	Classification Scheme
•	Risk Ranking Model
•	XML Schema

Classification Scheme
By developing a classification scheme, we will unit the industry and provide a common consistent dialect from which to further communicate. This may seem like an easy problem to solve but from an earlier OWASP project called ASAC (Application Security Attack Components) it is fraught with semantics. 

There will be some heavy lifting in terms of documenting issues and ensuring that they are written precisely and in a common format and style. This work will of course be re-used by the other components.

Risk Ranking Model
I dream of the day when I read an advisory and can make a judgment on its severity based on a set of known repeatable criteria !

XML Schema
The core of our work embedding the initial two streams, WAS has huge potential. The initial work of OWASP VulnXML and some subsequent work several people have done to extend it have been really impressive. 

Administration Thoughts for the 2nd Meeting
At the 2nd meeting I would like to suggest we nominate Technical Leads for each section of the work. These people will drive the core work, with myself helping organize and co-ordinate. If anyone is interesting in an active role for any of the streams perhaps they could start thinking through and ensuring they have the time to commit.

Document formats are always contentious, especially for a group that is made up of a lot of open source contributors. I will make a proposal for document formats and templates for everyone to review by the 2nd meeting.

I would also like to publish a project plan using MS Project. Effectively a master timeline with individual tasks split out and assigned to contributors. This will enable us to track our aggressive deliverable times and ensure we deliver on time.

I would also like to assign individuals to keep track of other projects such as AVDL and DTMF. If you are interested and ideally a member of both groups, perhaps you could think about how you would liaise between the groups and keep WAS updated of other efforts.

Very much looking forward to talking to you on Thursday for our introductions and then getting underway working together on this exciting and important project.

Kind regards,

Mark

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]