Thursday, July 23, 2009

ORG2 currently lives at Google Project Hosting:

The vision:

ORG2 will be a reporting tool that sets the standard for reporting tools.

I spend a great deal of time when I put together reports, proposals and documentation in general. I believe that documentation is one of the most important tasks we do as professionals and a reflection on our professionalism. Because of this, I will invest the time to seek out the best of class documents, or the industry standard template.

For example, when I started out as a software developer I was asked to produce a design document. First question that I asked was, what is the standard? Does the company that requested the design use a standard template? At the time, no, there was no standard at the company. So my next step was to look beyond the company. Using the power of the internets I found several decent documents and proposals. Some of these documents seem to follow a pattern and I was able to narrow my search to find that pattern. Turns out IEEE 830 is the pro forma standard and so it became my source. I tailored it for the company and my timeline, but I at least had some idea of what proposals and designs could include.

That was over a decade ago.

Today, I have a folder of templates that I use to maintain my professional standard. I have comprehensive Technical Design Document templates, templates for Executive Summaries, Threat Models, Analysis Results and other business forms. I have various disparate applications that I use to create documents and reports. Beyond my personal process, my clients have similar needs and similar “organization” techniques and challenges.

A little better for sure, but not optimal.

I see ORG2 as an opportunity to create an optimal tool for documentation to replace my manual, inefficient method.

The vision is to create a Reporting Framework with components for specialized data collection, comprehensive reporting libraries, checklists, knowledgebases, visualization tools, wikis, notetaking and collaboration tools. More detail and brainstorming on each of these areas will follow this blog.

On top of this framework, “Report Providers” will be created and can be plugged in for specialized documentation. For our first report provider, we will rebuild the Penetration Tester tool produced in the original ORG application as a proof of concept.

We hope to continue to use the framework to develop other report providers for OWASP. We are looking at Secure Development Lifecycle documentation and potential for an SDL Report Provider. Beyond OWASP, the ORG can be leveraged for a myriad of reporting and documentation needs and it’s my hope that ORG will be the gold standard of documentation tools.

Pie in the sky, over ambitious, maybe. Potential for a great tool, definitely. I can’t wait to see this come to life. Tags: ,,