This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit https://owasp.org

Project Information:template Code Review Project - Final Review - OWASP Board Member - G

From OWASP
Revision as of 15:11, 4 January 2009 by Jeff Williams (talk | contribs)

(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to: navigation, search

Clik here to return to the previous page.

FINAL REVIEW
PART I

Project Deliveries & Objectives

OWASP Code Review Guide V1.1 Project's Deliveries & Objectives

QUESTIONS ANSWERS

1. At what extent have the project deliveries & objectives been accomplished? Having in consideration the assumed ones, please exemplify writing down those of them that haven't been realised.

The project goals have been completed. There is more work to do to create an excellent guide to code review, but the document is useful at this point.

2. At what extent have the project deliveries & objectives been accomplished? Having in consideration the assumed ones, please quantify in terms of percentage.

100%

3. Please do use the right hand side column to provide advice and make work suggestions.

For each security area, the guide needs to provide more details about the process of 1) identifying what security controls *should* be in place, 2) how to find the security controls, 3) how to verify that the security control is properly implemented, and 4) how to ensure that the security controls have been used in all the appropriate places. The current guidance is often incomplete. I recommend that the ASVS be used as a model for identifying what needs to be covered in each section.
PART II

Assessment Criteria

OWASP Project Assessment Criteria

QUESTIONS ANSWERS

1. Having into consideration the OWASP Project Assessment Methodology which criteria, if any, haven’t been fulfilled in terms of Alpha Quality status?

none

2. Having into consideration the OWASP Project Assessment Methodology which criteria, if any, haven’t been fulfilled in terms of Beta Quality status?

none

3. Having into consideration the OWASP Project Assessment Methodology which criteria, if any, haven’t been fulfilled in terms of Release Quality status?

I haven't yet seen the final presentation. Check the documentation project requirements.

4. Please do use the right hand side column to provide advice and make work suggestions.

I strongly recommend that we really try to build a team to work on this guide. Having a single lead is difficult and time consuming.