This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit https://owasp.org
Difference between revisions of "Category talk:OWASP RFP-Criteria"
Joe Aguirre (talk | contribs) |
Joe Aguirre (talk | contribs) |
||
| Line 22: | Line 22: | ||
7. Some additional ideas that may be useful could be: options for user administration, supported federated identity management solutions, access control granularity, and scan scheduling. [[User:Joe Aguirre|Joe Aguirre]] 15:36, 20 April 2010 (UTC) | 7. Some additional ideas that may be useful could be: options for user administration, supported federated identity management solutions, access control granularity, and scan scheduling. [[User:Joe Aguirre|Joe Aguirre]] 15:36, 20 April 2010 (UTC) | ||
| + | <br> | ||
| + | |||
| + | 8. Question #25 - Instead of listing the WASC categories, it would be cleaner to provide links to both the WASC and OWASP Top Ten lists. [[User:Joe Aguirre|Joe Aguirre]] 20:44, 21 April 2010 (UTC) | ||
<br> | <br> | ||
Revision as of 20:44, 21 April 2010
PURPOSE
List of questions/discussion points for the project.
Are these questions for use during the market survey or product evaluation steps of an acquisition? --Walter Houser 20:00, 16 April 2010 (UTC)
1. Describe the implementation process for your product/service - is software or hardware required? Vendor training? Consulting? Any additional personnel costs on customer side? How many personnel are needed? What are their skill sets and expereince levels. --Walter Houser 20:16, 16 April 2010 (UTC) The time to implement is meaningful only in the context of the amount and quality of resources and their costs.
2. Do you have a training and support program for your product or service? Is it required? If so, what is the typical amount of time and cost associated with training/education? --Walter Houser 20:23, 16 April 2010 (UTC) The saleman will always answer yes to "Can you...?" questions.
4. What is the most challenging element ...? Too softball a question. --Walter Houser 20:08, 16 April 2010 (UTC) Ask instead
4. What are the critical success factors for ...
ADDITIONAL LINKS
5. Does the product/service integrate with any IPS solutions(custom filters)? Joe Aguirre 20:10, 19 April 2010 (UTC)
6. Related to question #11, asking how "all existing vulnerabilities" are discovered may need to be revisited. It may make more sense to ask how the product/solution increases its vulnerability identification rate relative to the competition. Joe Aguirre 20:10, 19 April 2010 (UTC)
7. Some additional ideas that may be useful could be: options for user administration, supported federated identity management solutions, access control granularity, and scan scheduling. Joe Aguirre 15:36, 20 April 2010 (UTC)
8. Question #25 - Instead of listing the WASC categories, it would be cleaner to provide links to both the WASC and OWASP Top Ten lists. Joe Aguirre 20:44, 21 April 2010 (UTC)
