aspose file tools*
The moose likes Security and the fly likes OWASP - Questions Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login


Win a copy of Spring in Action this week in the Spring forum!
JavaRanch » Java Forums » Engineering » Security
Bookmark "OWASP - Questions" Watch "OWASP - Questions" New topic
Author

OWASP - Questions

Raghavan Muthu
Ranch Hand

Joined: Apr 20, 2006
Posts: 3344

Hello OWASP Team,

Overall it is an excellent idea and a project. I feel that it is a "must to have" and "must to visit" resource for any person into the IT industry. It is well categorized as per the designation (developer, architect etc.,). Also glad seeing the categories of principle such as "Defense in Depth", "Run with Least security" etc.,

Thank you for the idea and the project.

I had been looking at the Java side as I am a Java EE developer

I have a couple of queries.

1. What exactly are the percentages mentioned in your website? Does that show the amount of completeness of the article?

2. If any member is submitting the article, is the genuineness and the error free nature of the article is getting reviewed by OWASP? If so, what exactly is the process you follow. Just on my own interest.

3. If being applied the practices suggested in OWASP, is there any copyrights need to be mentioned (like Creative Commons etc)? or is it out of all that?

4. When all the articles are available for free viewing and downloading, why membership is charged? Are you having any student chapters? I think I can get one started.

5. How about staring a local user chapter? Say, we have a team of people working together and sharing the similar interests. We formed an User Group. Are there any concessions on the membership for a team (bulk)?

6. Are there any special corporate discounts, if being approached from an Organization perspective?

7. Can the articles be quoted as a reference in the personal blogs, articles? Should one have to obtain a special permission OR simply mentioning it by siting your website as a reference should suffice?


Thanks in advance.

Everything has got its own deadline including one's EGO!
[CodeBarn] [Java Concepts-easily] [Corey's articles] [SCJP-SUN] [Servlet Examples] [Java Beginners FAQ] [Sun-Java Tutorials] [Java Coding Guidelines]
Jc Li
Owasp member
Greenhorn

Joined: Feb 08, 2011
Posts: 8
1. What exactly are the percentages mentioned in your website? Does that show the amount of completeness of the article?


What percentages are you referring to? Can you be more specific?

2. If any member is submitting the article, is the genuineness and the error free nature of the article is getting reviewed by OWASP? If so, what exactly is the process you follow. Just on my own interest.


OWASP is a volunteer organization made up of application security professionals that donate their time to creating useful security resources for the world. We currently utilize MediaWiki for our web presence and as you might imagine, there are a lot of advantages and disadvantages to having an open wiki.

We do not have a formal review process for every individual wiki page. However, all of our OWASP projects (http://www.owasp.org/index.php/Category:OWASP_Project) are generally centered around specific wiki pages. Individual projects are maintained by their respective leaders whom take responsibility for establishing a review process from their user community and the greater OWASP community at large.

We are in the process of establishing a more centralized and consistent project review process, but in general, the top tier OWASP projects (from the link above) are the projects that receive the most review by the community.

3. If being applied the practices suggested in OWASP, is there any copyrights need to be mentioned (like Creative Commons etc)? or is it out of all that?


The content of the OWASP Wiki (and by extension, most of the OWASP Documentation Projects) are licensed using Creative Commons Share Alike; each individual OWASP code project chooses a FLOSS-compatible license. See http://www.owasp.org/index.php/OWASP_Licenses for more information.

4. When all the articles are available for free viewing and downloading, why membership is charged? Are you having any student chapters? I think I can get one started.


Membership is not a "charge" persay - it is more of a donation by a member of the community to recognize the value of OWASP. One of the core, founding principles of OWASP is that ALL resources will always be open and freely available to everyone --- we explicitly do NOT have any "special" materials that are available only to "members". See http://www.owasp.org/index.php/Membership for more information.

OWASP Members do receive some other benefits such as discounts to official OWASP conferences (see http://www.owasp.org/index.php/Member_Offers).

5. How about staring a local user chapter? Say, we have a team of people working together and sharing the similar interests. We formed an User Group. Are there any concessions on the membership for a team (bulk)?


Anyone can start a local chapter (see http://www.owasp.org/index.php/Category:OWASP_Chapter#Starting_a_Chapter). Again, "membership" is not required to start or join a chapter or meeting. The fundamental nature of OWASP is that it is an open organization.

Therefore, there is no need for chapters to have bulk membership. However, our current membership allocation model is that persons that become Members will have their membership fees partially allocated to their local chapter. The local chapter leader, can then utilize those funds to help support local events for his or her chapter (in addition to seeking funds from the OWASP Foundation to support a local event).

I realize the term "member" is somewhat confusing and we are actively working on evolving the OWASP Membership model to hopefully clarify this confusion.

6. Are there any special corporate discounts, if being approached from an Organization perspective?


We have a separate Corporate Membership model (see http://www.owasp.org/index.php/Membership#Categories_of_Membership_.26_Supporters). We also work closely with organizations that want to provide specific support to understand how they want to support OWASP and in turn how OWASP should recognize the supporting organization. Kate Hartmann and the OWASP Global Membership Committee

7. Can the articles be quoted as a reference in the personal blogs, articles? Should one have to obtain a special permission OR simply mentioning it by siting your website as a reference should suffice?


All website content on the owasp.org site is licensed using Creative Commons Share Alike (see link mentioned above). I'm not a lawyer, but I believe that means as long as you cite and attribute the source URL, you are free to quote whatever content you would like from the OWASP website.

Hope that helps!

-Jason
OWASP Global Projects Committee Chair
Pradeep bhatt
Ranch Hand

Joined: Feb 27, 2002
Posts: 8919

Can anyone become member of OWSAP? what is the criteria ?


Groovy
Jc Li
Owasp member
Greenhorn

Joined: Feb 08, 2011
Posts: 8
Pradeep bhatt wrote:Can anyone become member of OWSAP? what is the criteria ?


Anyone can join the OWASP community for free simply by participating in mailing lists, attending chapter meetings, etc. There is no criteria to being part of the OWASP community.

There is "OWASP Membership" (http://www.owasp.org/index.php/Membership), which is a donation to the OWASP Foundation, but it does not "buy" you anything special in OWASP. As mentioned above, you do get some discounts (http://www.owasp.org/index.php/Member_Offers) but there is no special privileges or materials that you get by being a member.

Think of it like National Public Radio - OWASP is providing a public service and the "OWASP Membership" is like our version of a fundraising drive.

-Jason
OWASP Global Projects Committee Chair
Raghavan Muthu
Ranch Hand

Joined: Apr 20, 2006
Posts: 3344

Thank you Jc Li for the answers. I shall read the contents in the URL you had provided and get back to you for any further clarifications.
 
It is sorta covered in the JavaRanch Style Guide.
 
subject: OWASP - Questions