This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit https://owasp.org

Project Information:template Source Code Review OWASP Projects - 50 Review - Self Evaluation - A

From OWASP
Revision as of 18:03, 26 June 2008 by Walden (talk | contribs)

Jump to: navigation, search

Click here to return to the previous page.

50% REVIEW PROCESS

Project Deliveries & Objectives

OWASP Source Code Review OWASP-Projects Project's Deliveries & Objectives

QUESTIONS ANSWERS

1. To what extent have the project deliveries & objectives been accomplished? Having in consideration the assumed ones, please exemplify writing down those of them that haven't been realised.

  1. Team finalized (Maureen Doyle, James Walden, Michael Whelan.)
  2. Projects selected for initial analysis (AntiSamy, WebScarab, OWASP Enterprise Security API (ESAPI) Project)
  3. Preliminary workflow.
  4. No projects submitted to Fortify Open Source Review, as Fortify is updating the application. We have talked extensively with Fortify and OWASP about the changes and how they match our workflow.

2. To what extent have the project deliveries & objectives been accomplished? Having in consideration the assumed ones, please quantify in terms of percentage.

The current status of tasks planned for the end of June is:

  1. Team finalized (100%)
  2. Projects selected (100%)
  3. Preliminary workflow (100%)
  4. Projects submitted (0%)

Since the Fortify open source review is not currently accepting projects, we have not been able to submit any projects. However, we are currently analyzing the following tools using Fortify's commercial source code analyzer (SCA) tool.

  1. AntiSamy
  2. WebScarab
  3. OWASP Enterprise Security API (ESAPI) Project

The updated version of Fortify's web site will allow us to upload the FPR files generated by this tool to create projects immediately, instead of waiting a week. The following tasks remain to be done:

  1. Revise workflow based on reviews.
  2. Submit initial project to Fortify site once its online for testing.
  3. Submit 3 OWASP projects as continuously analyzed projects on Fortify site.
  4. Select additional OWASP and non-OWASP projects to analyze.

3. What kind of help is required either from the Reviewers or from the OWASP Community?

We need feedback and direction on the preliminary workflow.