This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit https://owasp.org

Difference between revisions of "Project Information:template Source Code Review OWASP Projects - Final Review - Second Reviewer - F"

From OWASP
Jump to: navigation, search
Line 53: Line 53:
 
2. Having into consideration the [[:Category:OWASP Project Assessment|OWASP Project Assessment Methodology]] which criteria, if any, haven’t been fulfilled in terms of '''Beta Quality''' status?
 
2. Having into consideration the [[:Category:OWASP Project Assessment|OWASP Project Assessment Methodology]] which criteria, if any, haven’t been fulfilled in terms of '''Beta Quality''' status?
 
  | colspan="2" style="width:75%; background:#cccccc" align="left"|
 
  | colspan="2" style="width:75%; background:#cccccc" align="left"|
 +
Probably producing documentation is more a Beta objective? That could be related to produce security issues metrics to compare projects with their baseline
 
  |-  
 
  |-  
 
  | style="width:25%; background:#7B8ABD" align="center"|  
 
  | style="width:25%; background:#7B8ABD" align="center"|  
 
3. Having into consideration the [[:Category:OWASP Project Assessment|OWASP Project Assessment Methodology]] which criteria, if any, haven’t been fulfilled in terms of '''Release Quality''' status?
 
3. Having into consideration the [[:Category:OWASP Project Assessment|OWASP Project Assessment Methodology]] which criteria, if any, haven’t been fulfilled in terms of '''Release Quality''' status?
 
  | colspan="2" style="width:75%; background:#cccccc" align="left"|
 
  | colspan="2" style="width:75%; background:#cccccc" align="left"|
 +
I would think a release status for this project would involve a documented process and procecure for baseline source code analysis metrics, analysis and reporting.
 
  |-   
 
  |-   
 
  | style="width:25%; background:#7B8ABD" align="center"|
 
  | style="width:25%; background:#7B8ABD" align="center"|
Line 62: Line 64:
 
  | colspan="2" style="width:75%; background:#cccccc" align="left"|
 
  | colspan="2" style="width:75%; background:#cccccc" align="left"|
 
|}
 
|}
 +
I suggest to document the results of the analysis to be referred in other OWASP guides.

Revision as of 22:30, 1 November 2008

Clik here to return to the previous page.

FINAL REVIEW
PART I

Project Deliveries & Objectives

OWASP Source Code Review OWASP-Projects Project's Deliveries & Objectives

QUESTIONS ANSWERS

1. At what extent have the project deliveries & objectives been accomplished? Having in consideration the assumed ones, please exemplify writing down those of them that haven't been realised.

  1. Re-Verified that the workflow for introducing static analysis into OWASP projects has been created.
  2. Re-Verified that ?? OWASP projects have been submitted to be analyzed on the owasp.fortify.com site to establish an OWASP baseline.
  3. Re-Verified that the project has submitted the ?? most popular open source PHP projects to be analyzed on the owasp.fortify.com site to establish an open source baseline.

2. At what extent have the project deliveries & objectives been accomplished? Having in consideration the assumed ones, please quantify in terms of percentage.

  1. Workflow for introducing static analysis into OWASP projects (100%).
  2. Analyzed ?? OWASP projects (100%).
  3. Analyzed ?? most popular open source PHP projects on owasp.fortify.com (100%).

3. Please do use the right hand side column to provide advice and make work suggestions.

A little summary/report of the number of the OWASP vs other projects being baselined would have been nice to have as a reference.

PART II

Assessment Criteria

OWASP Project Assessment Criteria

QUESTIONS ANSWERS

1. Having into consideration the OWASP Project Assessment Methodology which criteria, if any, haven’t been fulfilled in terms of Alpha Quality status?

Basic requirements are satisfied considering that this is not a software release project but rather a project engagement project to use a tool

2. Having into consideration the OWASP Project Assessment Methodology which criteria, if any, haven’t been fulfilled in terms of Beta Quality status?

Probably producing documentation is more a Beta objective? That could be related to produce security issues metrics to compare projects with their baseline

3. Having into consideration the OWASP Project Assessment Methodology which criteria, if any, haven’t been fulfilled in terms of Release Quality status?

I would think a release status for this project would involve a documented process and procecure for baseline source code analysis metrics, analysis and reporting.

4. Please do use the right hand side column to provide advice and make work suggestions.

I suggest to document the results of the analysis to be referred in other OWASP guides.

Retrieved from "https://wiki.owasp.org/index.php?title=Project_Information:template_Source_Code_Review_OWASP_Projects_-_Final_Review_-_Second_Reviewer_-_F&oldid=45391"