This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit https://owasp.org
Difference between revisions of "SpoC 007 - Orizon Project - Progress Page"
From OWASP
(New page: === News === 13<sup>th</sup> July 2007 - The project status as Spoc 2007 start is summarized in the following: <ul> <li>java sources are translated into XML using JDK6 APIs;</li> <li>Oriz...) |
|||
| Line 52: | Line 52: | ||
<tr> | <tr> | ||
<td>Static analysis</td> | <td>Static analysis</td> | ||
| − | <td> | + | <td>50%</td> |
| − | <td>0. | + | <td>0.45</td> |
| − | <td>August 2007 (the | + | <td>August 2007 (the end of)</td> |
</tr> | </tr> | ||
<tr> | <tr> | ||
<td>Dynamic analysis</td> | <td>Dynamic analysis</td> | ||
<td>0%</td> | <td>0%</td> | ||
| − | <td>0. | + | <td>0.50</td> |
| − | <td> | + | <td>September 2007</td> |
</tr> | </tr> | ||
<tr> | <tr> | ||
<td>Creating a library with 30 checks included</td> | <td>Creating a library with 30 checks included</td> | ||
| − | <td> | + | <td>15%</td> |
| − | <td>0. | + | <td>0.50</td> |
<td>September 2007 (mid of)</td> | <td>September 2007 (mid of)</td> | ||
</tr> | </tr> | ||
| Line 71: | Line 71: | ||
<td>Support for C language</td> | <td>Support for C language</td> | ||
<td>0%</td> | <td>0%</td> | ||
| − | <td>0. | + | <td>0.60</td> |
| − | <td> | + | <td>November 2007</td> |
</tr> | </tr> | ||
<tr> | <tr> | ||
<td>Capability to export results in XML with customizable CSS</td> | <td>Capability to export results in XML with customizable CSS</td> | ||
<td>0%</td> | <td>0%</td> | ||
| − | <td>0. | + | <td>0.50</td> |
| − | <td> | + | <td>September 2007</td> |
</tr> | </tr> | ||
</table> | </table> | ||
Revision as of 13:20, 22 August 2007
News
13th July 2007 - The project status as Spoc 2007 start is summarized in the following:
- java sources are translated into XML using JDK6 APIs;
- Orizon classes are in a refactoring stage in order to reflect a better approach in design phase;
- library containing checks is now a Zip file instead of a plain XML file. The library file will contain "receipts", XML files containing security checks grouped by category.
What is missing by now is some checks. I'm looking the web in order to collect "coding best practices" and trying to formalize them in XML.
Next actions
| Id | Description | Priority | Blocking? |
|---|---|---|---|
| OR-1 | Collecting safe coding best practices | High | No |
| OR-2 | Creating APIs for XML reports | Low | No |
| OR-3 | Creating code to handle dynamic test cases generation | Medium | No |
SpoC 2007 Goals
| Goal | Completeness (%) | Included in Orizon release | Estimated inclusion time |
|---|---|---|---|
| Static analysis | 50% | 0.45 | August 2007 (the end of) |
| Dynamic analysis | 0% | 0.50 | September 2007 |
| Creating a library with 30 checks included | 15% | 0.50 | September 2007 (mid of) |
| Support for C language | 0% | 0.60 | November 2007 |
| Capability to export results in XML with customizable CSS | 0% | 0.50 | September 2007 |
