On Thu, Jul 30, 2015 at 12:04 PM, Tony Turner <tony.turner@owasp.org> wrote: > Definitely Christian. Feel free to stop by the OWASP booth at Black Hat and > we can discuss the project. So far I have not received any responses on that > other thread other than direct replies of encouragement, but no relevant or > useful dialogue. I'll update the group if that changes as it's very relevant > for planned future WAFEC activities. Thanks. Tony and I discussed the draft minutes between ourselves and they are (in my words): 1. We would like to know more history of the creation of WAFEC v1 aside from what is documented in the mailing list archive from 2011 2. The roadmap will be broken into multiple minor and major releases rather than a single major release. 3. Tony published the roadmap at https://www.owasp.org/index.php/WASC_OWASP_Web_Application_Firewall_Evaluation_Criteria_Project#tab=Roadmap and the time allocated for the the Release Candidate (RC) will be extended to avoid a similar issue with the OWASP Top Ten 2013 release. 4. We welcome additional contributions to Section 1 through 5 aside from what has been published at https://github.com/cmlh/WAFEC. 5. We agreed that each section will be peer reviewed but a different contributor to that of the author(s). 6. Tony is in the process of correlating the proposed changes of v1, the draft v2 and https://github.com/cmlh/WAFEC into a Google Doc. Once this finalised then it will be open to the public. 7. The migration to MediaWiki and/or PBWorks will be agreed upon once Google Docs is finalised. 8. We discussed funding, such as Tony travelling to present or funding contributors not directly involved with a WAF vendor i.e. end users such as myself. We need guidance as to how donations are accepted and distributed by WASC since I and other OWASP Project Leaders distrust the OWASP Foundation? -- Regards, Christian Heinrich http://cmlh.id.au/contact