SECTG Deliverables
49 views
Skip to first unread message
Pádraic Brady
Sep 5, 2012, 10:43:54 AM9/5/12
to se...@googlegroups.com
Hi all,
I'm deliberately skipping the obligatory Goals/Objectives email for the time being to focus on something more basic that is likely to end up informing what those Goals/Objectives would be anyway. So my topic for today is: Deliverables.
Yes, even the TG must have those. If you are not involved in a Deliverable, don't worry. It's not the sole point of the TG!
As I said earlier, the idea behind creating the TG was to bring people together interested in sharing information, pooling resources, and complaining to each other ;). I think we managed that last one today! I also stated that it was not the TG's goal to control member's contributions. The point here is that while the TG can offer its own key resources online, nobody is anchored into handing over personal projects that they are either currently maintaining or, in the future, will be working on. This is sort of a goal in itself - the TG supports member endeavors (if they are good ones!) without preconditions.
So, deliverables. A Deliverable, in the TG sense, would be any concrete public offering of source code or writing that we intend to actively develop, support or publicise. In other words, putting the TG's authority behind it as a public recommendation. Two examples have been mentioned in previous emails.
1. Chris Cornutt has a new article site for PHP Security at http://websec.io (Contributions welcome!)
2. I have a PHP Security book in progress at http://phpsecurity.readthedocs.org
Any other suggestions of sites, libraries, blogs and so on are welcome. Just note that they must be PHP specific and appear to be a useful resource. These two are pre-existing, so I'll include a third suggested earlier by Sky and a fourth. These do not currently exist and are entirely contingent on having sufficient volunteers contributing their time.
3. A "Planet" site aggregating good security blog posts or links.
4. A SECTG website
There's four deliverables in total. We shouldn't overreach, obviously, but if anyone is willing to contribute to 3 and 4 or can suggest other resources (whether existing or not) that might qualify, fire away! It needn't be something huge either. I have a small library I might propose in the future - assuming I get to it in between this book.
On the book, this is not a private book writing effort. It's an open project, written in restructured text and versioned on Github. I'll announce it more publicly next week. The original concept was to both create a reference book and remove one major obstacle to the TG. So, if you were worried about replicating OWASP or WASC's wiki - don't. I'm well prepared to write the entire book myself even if public contributions are minimal. It's been going surprisingly well - a few obvious gaps and such in Chapters which is fine for its progress over the past month.
Note: All the above are suggestions for discussion - look them over and raise any points/suggestions you want. We can hold a popular vote for each on a separate date next week if there's interest.
I'm deliberately skipping the obligatory Goals/Objectives email for the time being to focus on something more basic that is likely to end up informing what those Goals/Objectives would be anyway. So my topic for today is: Deliverables.
Yes, even the TG must have those. If you are not involved in a Deliverable, don't worry. It's not the sole point of the TG!
As I said earlier, the idea behind creating the TG was to bring people together interested in sharing information, pooling resources, and complaining to each other ;). I think we managed that last one today! I also stated that it was not the TG's goal to control member's contributions. The point here is that while the TG can offer its own key resources online, nobody is anchored into handing over personal projects that they are either currently maintaining or, in the future, will be working on. This is sort of a goal in itself - the TG supports member endeavors (if they are good ones!) without preconditions.
So, deliverables. A Deliverable, in the TG sense, would be any concrete public offering of source code or writing that we intend to actively develop, support or publicise. In other words, putting the TG's authority behind it as a public recommendation. Two examples have been mentioned in previous emails.
1. Chris Cornutt has a new article site for PHP Security at http://websec.io (Contributions welcome!)
2. I have a PHP Security book in progress at http://phpsecurity.readthedocs.org
Any other suggestions of sites, libraries, blogs and so on are welcome. Just note that they must be PHP specific and appear to be a useful resource. These two are pre-existing, so I'll include a third suggested earlier by Sky and a fourth. These do not currently exist and are entirely contingent on having sufficient volunteers contributing their time.
3. A "Planet" site aggregating good security blog posts or links.
4. A SECTG website
There's four deliverables in total. We shouldn't overreach, obviously, but if anyone is willing to contribute to 3 and 4 or can suggest other resources (whether existing or not) that might qualify, fire away! It needn't be something huge either. I have a small library I might propose in the future - assuming I get to it in between this book.
On the book, this is not a private book writing effort. It's an open project, written in restructured text and versioned on Github. I'll announce it more publicly next week. The original concept was to both create a reference book and remove one major obstacle to the TG. So, if you were worried about replicating OWASP or WASC's wiki - don't. I'm well prepared to write the entire book myself even if public contributions are minimal. It's been going surprisingly well - a few obvious gaps and such in Chapters which is fine for its progress over the past month.
Note: All the above are suggestions for discussion - look them over and raise any points/suggestions you want. We can hold a popular vote for each on a separate date next week if there's interest.
Reply all
Reply to author
Forward
0 new messages