This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit https://owasp.org
Difference between revisions of "OWASP Good Component Practices Project"
From OWASP
Mark Miller (talk | contribs) m |
Mark Miller (talk | contribs) m |
||
| Line 3: | Line 3: | ||
This project will document a set of best practices for managing component vulnerability at three main gateways. | This project will document a set of best practices for managing component vulnerability at three main gateways. | ||
| − | + | == Gateways of Component Vulnerability == | |
When establishing a framework for Good Component Practices, there are three gateways at which a vulnerability may occur: | When establishing a framework for Good Component Practices, there are three gateways at which a vulnerability may occur: | ||
| − | + | #Selection of the component and where it came from (provenance)</li> | |
| − | + | #Integration of the component into the development environment</li> | |
| − | + | #Integration and maintenance of the component within the production environment</li> | |
| − | |||
| − | |||
We will look at each level of vulnerability and establish a series of best practices for managing the component usage at that level. The conclusion of the project will be a set of best practices for managing open source components as part of a larger application within an enterprise system. | We will look at each level of vulnerability and establish a series of best practices for managing the component usage at that level. The conclusion of the project will be a set of best practices for managing open source components as part of a larger application within an enterprise system. | ||
[[User:Mark Miller|Mark Miller]] 22:04, 24 April 2013 (UTC) | [[User:Mark Miller|Mark Miller]] 22:04, 24 April 2013 (UTC) | ||
| + | |||
| + | == Simplified Framework for Component Vulnerability Management == | ||
| + | |||
| + | ==== Component Selection ==== | ||
| + | |||
| + | ==== Integration into Development Environment ==== | ||
| + | |||
| + | ==== Integration and Maintenance within Production Environment ==== | ||
| + | |||
=Project About= | =Project About= | ||
Revision as of 15:41, 25 April 2013
Main
This project will document a set of best practices for managing component vulnerability at three main gateways.
Gateways of Component Vulnerability
When establishing a framework for Good Component Practices, there are three gateways at which a vulnerability may occur:
- Selection of the component and where it came from (provenance)</li>
- Integration of the component into the development environment</li>
- Integration and maintenance of the component within the production environment</li>
We will look at each level of vulnerability and establish a series of best practices for managing the component usage at that level. The conclusion of the project will be a set of best practices for managing open source components as part of a larger application within an enterprise system.
Mark Miller 22:04, 24 April 2013 (UTC)
Simplified Framework for Component Vulnerability Management
Component Selection
Integration into Development Environment
Integration and Maintenance within Production Environment
Project About
| PROJECT INFO What does this OWASP project offer you? |
RELEASE(S) INFO What releases are available for this project? | |||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
| |||||||||||||||||||||||||||||||||||||
