This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit https://owasp.org
Project Information:template OpenSign Server Project - Final Review - Second Reviewer - F
Clik here to return to the previous page.
FINAL REVIEW | ||
---|---|---|
PART I | ||
Project Deliveries & Objectives |
||
QUESTIONS | ANSWERS | |
1. At what extent have the project deliveries & objectives been accomplished? Having in consideration the assumed ones, please exemplify writing down those of them that haven't been realised. |
-> ok
-> code download and verification is not available in the OSSJClient. Verification of the certificate is therefore performed independently of the signed code (one step is missing in the process).
-> ok
-> available, but completeness of features should be validated
-> User documentation has been completed. -> The demonstration could be more explicit related to the integration of the tools in the software deployment process. The role of entities (certificate, CSR) could be explained more precisely, so as to enable developpers with limited security knowledge to use the tool. For instance: integrate the documentation (opendsign-concept.doc ...) in the demo slides. Documentation in the code repository contains the original design doc rather than the current dev/use documentation. OK | |
2. At what extent have the project deliveries & objectives been accomplished? Having in consideration the assumed ones, please quantify in terms of percentage. |
100 %
50%
90 %
70 % | |
3. Please do use the right hand side column to provide advice and make work suggestions. |
Second comments:
for the server and the client - AGREE
Final Review Extending the OSSJClient with code download and verification feature would provide a important added value for a reasonnable work overhead. It could therefore be done in priority. | |
PART II | ||
Assessment Criteria |
||
QUESTIONS | ANSWERS | |
1. Having into consideration the OWASP Project Assessment Methodology which criteria, if any, haven’t been fulfilled in terms of Alpha Quality status? |
||
2. Having into consideration the OWASP Project Assessment Methodology which criteria, if any, haven’t been fulfilled in terms of Beta Quality status? |
OK | |
3. Having into consideration the OWASP Project Assessment Methodology which criteria, if any, haven’t been fulfilled in terms of Release Quality status? |
OK | |
4. Please do use the right hand side column to provide advice and make work suggestions. |