This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit https://owasp.org

Project Information:template OpenSign Server Project - Final Review - Self Evaluation - B

From OWASP
Revision as of 09:19, 25 February 2009 by Philipp Potisk (talk | contribs)

(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to: navigation, search

Clik here to return to the previous page.

FINAL REVIEW
PART I

Project Deliveries & Objectives

OWASP OpenSign Server Project's Deliveries & Objectives

QUESTIONS ANSWERS

1. At what extent have the project deliveries & objectives been accomplished? Having in consideration the assumed ones, please exemplify writing down those of them that haven't been realised.

At this point the core functionality of the OpenSign project has been developed and tested. This includes the issuing and verifying of certificates within a client server infrastructure. Users must be authenticated and approved by an issuer to use the issuing-service. The issuing is done easily by making use of the client application or online via a web-form. However, OpenSign is not an independent solution for code signing yet. It relies on java-keytool (or an application with the same intention) to generate the client side keys and the certificate sign requests. There is no graphical interface for the client in place. Also the support of .NET code signing was not taken into account yet.

2. At what extent have the project deliveries & objectives been accomplished? Having in consideration the assumed ones, please quantify in terms of percentage.

OpenSign Server: 80%

Client Tools – OSSJClient: 90%

Documentation: 80%

3. What kind of help is required either from the Reviewers or from the OWASP Community?

none

PART II

Assessment Criteria

OWASP Project Assessment Criteria

QUESTIONS ANSWERS

1. Having into consideration the OWASP Project Assessment Methodology which criteria, if any, haven’t been fulfilled in terms of Alpha Quality status?

2. Having into consideration the OWASP Project Assessment Methodology which criteria, if any, haven’t been fulfilled in terms of Beta Quality status?

3. Having into consideration the OWASP Project Assessment Methodology which criteria, if any, haven’t been fulfilled in terms of Release Quality status?

  • Be run through Fortify Software's open source review (if appropriate) and FindBugs

4. What kind of help is required either from the Reviewers or from the OWASP Community?