This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit https://owasp.org
Difference between revisions of "Project Information:template Application Security Verification Standard - Final Review - Second Reviewer - F"
| Line 18: | Line 18: | ||
1. At what extent have the project deliveries & objectives been accomplished? Having in consideration [[OWASP Summer of Code 2008 Applications#OWASP Application Security Verification Standard|'''the assumed ones''']], please exemplify writing down those of them that haven't been realised. | 1. At what extent have the project deliveries & objectives been accomplished? Having in consideration [[OWASP Summer of Code 2008 Applications#OWASP Application Security Verification Standard|'''the assumed ones''']], please exemplify writing down those of them that haven't been realised. | ||
| colspan="2" style="width:75%; background:#cccccc" align="left"| | | colspan="2" style="width:75%; background:#cccccc" align="left"| | ||
| + | '''The opportunity, challenges, issues or need your proposal addresses''' | ||
| + | |||
| + | OWASP is looking for a commercially-workable open standard for performing application security verification efforts. The problem is that there is a huge range in the coverage and level of rigor available in the market, and consumers have no way to tell the difference between someone just running a grep tool, and someone doing painstaking code review and manual testing. So, a standard is needed. | ||
| + | |||
| + | ''Comment: The draft proposes a standard of high quality which is adequate and suitable for use in commercial projects''. | ||
| + | |||
| + | '''Objectives or ways in which you will meet the goal(s)''' | ||
| + | |||
| + | The applicant’s proposal will address the above challenges as follows: | ||
| + | The applicant will define an evaluation framework that may be used to conduct OWASP Application Security Verification Standard certifications. | ||
| + | The applicant will define an OWASP Application Security Verification Standard which defines levels that applications may be certified against. | ||
| + | |||
| + | ''Comments: Those goals are met''. | ||
| + | |||
| + | '''Long-term vision for the project''' | ||
| + | |||
| + | The long-term vision for the project is to normalize the range in the coverage and level of rigor available in the market when it comes to performing application security verification. | ||
| + | |||
| + | ''Comments: The ASVS Draft proposes a comprehensive document which can fully play this role and be a support for making this vision a reality. The actual fullfillment of the vision will depend on the dissemination of the work and of its actual efficiency for web application projects''. | ||
| + | |||
|- | |- | ||
| style="width:25%; background:#7B8ABD" align="center"| | | style="width:25%; background:#7B8ABD" align="center"| | ||
2. At what extent have the project deliveries & objectives been accomplished? Having in consideration [[OWASP Summer of Code 2008 Applications#OWASP Application Security Verification Standard|'''the assumed ones''']], please quantify in terms of percentage. | 2. At what extent have the project deliveries & objectives been accomplished? Having in consideration [[OWASP Summer of Code 2008 Applications#OWASP Application Security Verification Standard|'''the assumed ones''']], please quantify in terms of percentage. | ||
| colspan="2" style="width:75%; background:#cccccc" align="left"| | | colspan="2" style="width:75%; background:#cccccc" align="left"| | ||
| + | '''The opportunity, challenges, issues or need your proposal addresses''' | ||
| + | |||
| + | 100% | ||
| + | |||
| + | '''Objectives or ways in which you will meet the goal(s)''' | ||
| + | |||
| + | 100% | ||
| + | |||
| + | '''Long-term vision for the project''' | ||
| + | |||
| + | 50% (Dissemination would be the remaining 50%, and do not pertain to the OWASP Summer of Code time frame). | ||
|- | |- | ||
| style="width:25%; background:#7B8ABD" align="center"| | | style="width:25%; background:#7B8ABD" align="center"| | ||
Revision as of 16:20, 14 December 2008
Clik here to return to the previous page.
| FINAL REVIEW | ||
|---|---|---|
| PART I | ||
|
Project Deliveries & Objectives |
OWASP Application Security Verification Standard Project's Deliveries & Objectives | |
| QUESTIONS | ANSWERS | |
|
1. At what extent have the project deliveries & objectives been accomplished? Having in consideration the assumed ones, please exemplify writing down those of them that haven't been realised. |
The opportunity, challenges, issues or need your proposal addresses OWASP is looking for a commercially-workable open standard for performing application security verification efforts. The problem is that there is a huge range in the coverage and level of rigor available in the market, and consumers have no way to tell the difference between someone just running a grep tool, and someone doing painstaking code review and manual testing. So, a standard is needed. Comment: The draft proposes a standard of high quality which is adequate and suitable for use in commercial projects. Objectives or ways in which you will meet the goal(s) The applicant’s proposal will address the above challenges as follows: The applicant will define an evaluation framework that may be used to conduct OWASP Application Security Verification Standard certifications. The applicant will define an OWASP Application Security Verification Standard which defines levels that applications may be certified against. Comments: Those goals are met. Long-term vision for the project The long-term vision for the project is to normalize the range in the coverage and level of rigor available in the market when it comes to performing application security verification. Comments: The ASVS Draft proposes a comprehensive document which can fully play this role and be a support for making this vision a reality. The actual fullfillment of the vision will depend on the dissemination of the work and of its actual efficiency for web application projects. | |
|
2. At what extent have the project deliveries & objectives been accomplished? Having in consideration the assumed ones, please quantify in terms of percentage. |
The opportunity, challenges, issues or need your proposal addresses 100% Objectives or ways in which you will meet the goal(s) 100% Long-term vision for the project 50% (Dissemination would be the remaining 50%, and do not pertain to the OWASP Summer of Code time frame). | |
|
3. Please do use the right hand side column to provide advice and make work suggestions. |
||
| PART II | ||
|
Assessment Criteria |
||
| QUESTIONS | ANSWERS | |
|
1. Having into consideration the OWASP Project Assessment Methodology which criteria, if any, haven’t been fulfilled in terms of Alpha Quality status? |
||
|
2. Having into consideration the OWASP Project Assessment Methodology which criteria, if any, haven’t been fulfilled in terms of Beta Quality status? |
||
|
3. Having into consideration the OWASP Project Assessment Methodology which criteria, if any, haven’t been fulfilled in terms of Release Quality status? |
||
|
4. Please do use the right hand side column to provide advice and make work suggestions. |
||
