This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit https://owasp.org

Difference between revisions of "OWASP Good Component Practices Project"

From OWASP
Jump to: navigation, search
m
m
Line 8: Line 8:
  
 
<ol>
 
<ol>
   <li>Provenance of the component, where does it come from?</li>
+
   <li>Selection of the component and where it come from (provenance)</li>
 
   <li>Integration of the component into the development environment</li>
 
   <li>Integration of the component into the development environment</li>
 
   <li>Integration of the component into the production environment</li>
 
   <li>Integration of the component into the production environment</li>

Revision as of 22:05, 24 April 2013

Main

This project will document a set of best practices for managing component vulnerability at three main gateways.

Gateways of Component Vulnerability

When establishing a framework for Good Component Practices, there are three gateways at which a vulnerability may occur:

  1. Selection of the component and where it come from (provenance)
  2. Integration of the component into the development environment
  3. Integration of the component into the production environment

We will look at each level of vulnerability and establish a series of best practices for managing the component usage at that level

Mark Miller 22:04, 24 April 2013 (UTC)

Project About

PROJECT INFO
What does this OWASP project offer you?
RELEASE(S) INFO
What releases are available for this project?
what is this project?
Name: OWASP Good Component Practices Project (home page)
Purpose: Good Component Practice is one of the most over looked silver bullets in the Open Source arsenal. Because of business pressure, we have found that companies are willing to risk using unverified open source components, trading off security for enhanced speed in development.

This project will use community input to document an industry acceptable process for the creation, maintenance and use of open source components.

License: Creative Commons Attribution ShareAlike 3.0 License (best for documentation projects)
who is working on this project?
Project Leader(s):
  • Mark Miller @
Project Contributor(s):
  • Trusted Software Alliance
  • Sonatype
how can you learn more?
Project Pamphlet: Not Yet Created
Project Presentation:
Mailing list: Mailing List Archives
Project Roadmap: View
Key Contacts
  • Contact Mark Miller @ to contribute to this project
  • Contact Mark Miller @ to review or sponsor this project
current release
Not Yet Published
last reviewed release
Not Yet Reviewed


other releases