This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit https://owasp.org

Projects Reboot 2012 - OWASP Eliminate Vulnerable Code

From OWASP
Jump to: navigation, search

1) Project name: Eliminate Vulnerable Code Project[[1]]

2) Description: Eliminate Vulnerable Code Project is geared at identifying and removing vulnerable code samples from the public domain. The project has 4 main areas of interest:

i) Internet Web Forums

ii) Educational Institutions

iii) Printed Materials

iv) Open source software


3) Project Team Leader: Waqas Nazir and we already have about 15 contributors for the project.

4) Re boot type: Type 1

5) Goals of the reboot: The goals for the reboot are divided into the following main areas:

i) Internet Web Forums: The Evc Probe scanner needs more rules to be added to scan for other development languages. Currently it is only looking for a small set of issues in .NET and Java code. The hope is to add 50 more checks.

ii) Educational Institutions: Work with at least two educational institutions to review their software development curriculums to identify any insecure code being used to teach developers.

iii) Printed Materials: Review at least one software development book to identify any insecure code being used as references.

iv) Open source software: Identify 1 high impact open source software to begin static analysis and manual review with the help of OWASP members.

v) Prime sponsor: List OWASP as a prime sponsor on [2]


6) Timeline: The timeline for the aforementioned goals is as follows:

i) Internet Web Forums:

50 % milestone = 25 new checks (August 30th, 2012).

100 % milestone = 50 new checks (September 15th, 2012).


ii) Educational Institutions:

50 % milestone = work with and complete analysis of first curriculum

100 % milestone = work with and complete analysis of second curriculum


iii) Printed Materials:

100 % milestone = Identify and work on one software development book to identify insecure code being used as reference.


iv) Open source software:

50 % milestone = Identify 1 high impact open source software for review and create the review team with OWASP leaders (August 15th, 2012).

100 % milestone = Document and complete initial analysis (September 30th, 2012)


v) Prime sponsor: 100 % milestone = List OWASP as a prime sponsor on | https://evc.digitsec.com/sponsor.aspx


7) Budget:

USD 10 K for prime sponsorship of EVC Project.

Sponsorship benefits are listed here: [3]

25 % of the funds will go for developing new checks for the Evc Probe scanner.

50 % of the funds will go for the development of the review process for educational institutions, printed materials, and open source software.

25 % will go towards organizing the reviews and co-ordination of the review activities.