This is the CRS newsletter covering the period from Early September until today.
We held our monthly community chat. We had quite a few people stop by. Special thanks to our active participants:
- dune73
- fzipi
- csanders
- franbuehler
- lifeforms
- emphazer
- fgs
- squared
- spartantri
- ossie
- buddyleer
During the chat we discussed the following
- We will be moving our agenda document to GitHub. In this way all active participants will be easily able to add comments and tag PR’s in an efficient manner. We’ll open the “Agenda Issue” one week before out next meeting.
- There has been a bottleneck in terms of reviews. In order to address this we’ll be assigning responsible contributors to oversee the smooth flow of issues through the PR process. These contributors will be assigned at monthly meetings. Additionally, in order to give more timely feedback we are encouraging the system of using Github’s reaction system.
- A number of PR’s were given responsible overseers:
- Some recognition was given to franbuehler for a whopping PR on the disassembly of SQLi rules (PR #907)
- We are 13% done with the technical milestone work for CRS 3.1. However given the amount of contributed PR’s we will likely release prior to all that work being completed.
- There is interest in starting a project to measure rule performance automatically as part of acceptance testing. This will be undertaken soon.
- Verizon Digital Media Services graciously offered to host coreruleset.org behind their CDN. While we don’t have a tremendous amount of users, we are going to test out the functionality
The next community chats will be held on the following dates:
- Nov 6, 2017, 20:30 CET (14:30 EST, 19:30 GMT)
- Dec 4, 2017, 20:30 CET
- January 8, 2017 20:30 CET (Note: The change from our normal schedule)
We had a number of talks on Core Rule Set topics at OWASP AppSec USA. We will post video links when they are made available.
Some nice new blog posts have come out on coreruleset.org
- How You Can Help the CRS Project
- Writing FTW test cases for OWASP CRS
- OptionsBleed Defenses
- CRS Project Nominated for Swiss DINACon Award
Chaim Sanders
