This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit https://owasp.org
Difference between revisions of "Category:OWASP Open Review Project"
From OWASP
Dancornell (talk | contribs) |
|||
| Line 7: | Line 7: | ||
== Overview == | == Overview == | ||
| − | We are surrounded by open source software. Not only the open source software all of us use, also many of the commercial applications contain open source libraries. Think of server and desktop software, but don't forget routers, cars, phones | + | We are surrounded by open source software. Not only the open source software all of us use, also many of the commercial applications contain open source libraries. Think of server and desktop software, but don't forget routers, cars, phones. Open source is everywhere. |
| − | The OWASP Open Review Project (ORPRO) exists to act as a resource | + | The OWASP Open Review Project (ORPRO) exists to act as a resource providing automated static analysis of OWASP projects. |
| − | Fortify Software has made their [ | + | Fortify Software has made their [https://www.fortify.com/products/fortify-on-demand/index.html Fortify on Demand (FoD) technology] available to OWASP projects at [http://owasp.fortifyondemand.com owasp.fortifyondemand.com]. |
== Project Goals == | == Project Goals == | ||
| − | * Provide an independent security review of | + | * Provide an independent security review of OWASP projects with a record of what has been reviewed and by whom in order to best communicate the security state of the projects. At the current time this includes automated review of OWASP project code |
| − | |||
* Engage in responsible disclosure of any security vulnerabilities discovered | * Engage in responsible disclosure of any security vulnerabilities discovered | ||
| Line 22: | Line 21: | ||
* Initial tool selection and implementation: September 2008 (completed) | * Initial tool selection and implementation: September 2008 (completed) | ||
* Roll out automated review capabilities for a limited set of projects: September 2008 (completed) | * Roll out automated review capabilities for a limited set of projects: September 2008 (completed) | ||
| − | * First reviews: October 2008 | + | * First reviews: October 2008 |
| − | + | * Shutter original project:June 2011 | |
| − | + | * Re-start project using Fortify on Demand rather than Fortify SCA: August 2011 | |
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | * | ||
| − | * | ||
| − | |||
== News == | == News == | ||
* '''5 June 2008''' OWASP ORPRO launched | * '''5 June 2008''' OWASP ORPRO launched | ||
* '''12 September 2008''' [http://owasp.fortify.com/ owasp.fortify.com] made available as a public beta for automated source code review of open source projects | * '''12 September 2008''' [http://owasp.fortify.com/ owasp.fortify.com] made available as a public beta for automated source code review of open source projects | ||
| + | * '''16 August 2011''' Project re-launched using Fortify on Demand rather than Fortify SCA | ||
== Get involved == | == Get involved == | ||
| − | + | We want OWASP project leaders to submit their projects for review. If you run an OWASP project and are interested in participating, please email the mailing list. | |
| − | |||
| − | We | ||
Please go to https://lists.owasp.org/mailman/listinfo/open-review-project to subscribe to the list. You can post to the ORPRO mailing list by emailing [mailto:[email protected] [email protected]]. | Please go to https://lists.owasp.org/mailman/listinfo/open-review-project to subscribe to the list. You can post to the ORPRO mailing list by emailing [mailto:[email protected] [email protected]]. | ||
== People == | == People == | ||
| − | Project leads: | + | Project leads: [[User:Dancornell|Dan Cornell]]. |
| − | Contributors: [http://www.fortify.com Fortify Software] has generously made their | + | Contributors: [http://www.fortify.com Fortify Software] has generously made their Fortify on Demand (FoD) technology available for use by OWASP projects at [http://owasp.fortifyondemand.com/ owasp.fortifyondemand.com]. |
[[Category:OWASP Project]] | [[Category:OWASP Project]] | ||
Revision as of 21:00, 16 August 2011
|
This Project has been discontinued and therefore marked by the OWASP Global Projects Committee as an Inactive one. |
| |
Click here to return to OWASP Projects page.
Click here to see (& edit, if wanted) the template.
| PROJECT IDENTIFICATION | ||||||
|---|---|---|---|---|---|---|
| Project Name | OWASP Open Review Project (ORPRO) | |||||
| Short Project Description | The OWASP Open Review Project (ORPRO) is a project to openly check open source libraries and software that are vital to most commercial and non-commercial apps around. | |||||
| Email Contacts | Project Leaders Mario de Boer Dan Cornell |
Project Contributors (if applicable) Name&Email |
Mailing List/subscribe | First Reviewer Name |
Second Reviewer Name |
OWASP Board Member (if applicable) Name&Email |
| PROJECT MAIN LINKS | |||||
|---|---|---|---|---|---|
| |||||
| SPONSORS & GUIDELINES | |||||
|---|---|---|---|---|---|
| Fortify Software | Guidelines/Roadmap | ||||
| ASSESSMENT AND REVIEW PROCESS | ||||
|---|---|---|---|---|
| Review/Reviewer | Author's Self Evaluation (applicable for Alpha Quality & further) |
First Reviewer (applicable for Alpha Quality & further) |
Second Reviewer (applicable for Beta Quality & further) |
OWASP Board Member (applicable just for Release Quality) |
| First Review | Objectives & Deliveries reached? Not yet (To update) --------- Which status has been reached? Alpha Status - (To update) --------- See&Edit: First Review/SelfEvaluation (A) |
Objectives & Deliveries reached? Not yet (To update) --------- Which status has been reached? Alpha Status - (To update) --------- See&Edit: First Review/1st Reviewer (B) |
Objectives & Deliveries reached? Yes/No (To update) --------- Which status has been reached? Alpha Status - (To update) --------- See&Edit: First Review/2nd Reviewer (C) |
Objectives & Deliveries reached? Yes/No (To update) --------- Which status has been reached? Alpha Status - (To update) --------- See/Edit: First Review/Board Member (D) |
Overview
We are surrounded by open source software. Not only the open source software all of us use, also many of the commercial applications contain open source libraries. Think of server and desktop software, but don't forget routers, cars, phones. Open source is everywhere.
The OWASP Open Review Project (ORPRO) exists to act as a resource providing automated static analysis of OWASP projects.
Fortify Software has made their Fortify on Demand (FoD) technology available to OWASP projects at owasp.fortifyondemand.com.
Project Goals
- Provide an independent security review of OWASP projects with a record of what has been reviewed and by whom in order to best communicate the security state of the projects. At the current time this includes automated review of OWASP project code
- Engage in responsible disclosure of any security vulnerabilities discovered
Project Planning
- Settle overlap between OWASP projects: August 2008 (completed)
- Initial tool selection and implementation: September 2008 (completed)
- Roll out automated review capabilities for a limited set of projects: September 2008 (completed)
- First reviews: October 2008
- Shutter original project:June 2011
- Re-start project using Fortify on Demand rather than Fortify SCA: August 2011
News
- 5 June 2008 OWASP ORPRO launched
- 12 September 2008 owasp.fortify.com made available as a public beta for automated source code review of open source projects
- 16 August 2011 Project re-launched using Fortify on Demand rather than Fortify SCA
Get involved
We want OWASP project leaders to submit their projects for review. If you run an OWASP project and are interested in participating, please email the mailing list.
Please go to https://lists.owasp.org/mailman/listinfo/open-review-project to subscribe to the list. You can post to the ORPRO mailing list by emailing [email protected].
People
Project leads: Dan Cornell.
Contributors: Fortify Software has generously made their Fortify on Demand (FoD) technology available for use by OWASP projects at owasp.fortifyondemand.com.
This category currently contains no pages or media.
