This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit https://owasp.org

Difference between revisions of "Project Information:template Source Code Review OWASP Projects - Final Review - Self Evaluation - B"

From OWASP
Jump to: navigation, search
Line 20: Line 20:
 
The major project objectives have been accomplished:
 
The major project objectives have been accomplished:
 
# We have finalized the workflow for introducing static analysis into OWASP projects.
 
# We have finalized the workflow for introducing static analysis into OWASP projects.
# We have submitted the 25 most popular open source PHP projects to the be analyzed on the owasp.fortify.com site to establish a baseline.
+
# We have submitted 10 OWASP projects to be analyzed on the owasp.fortify.com site to establish an OWASP baseline.
 +
# We have submitted the 25 most popular open source PHP projects to the be analyzed on the owasp.fortify.com site to establish an open source baseline.
 
  |-
 
  |-
 
  | style="width:25%; background:#7B8ABD" align="center"|  
 
  | style="width:25%; background:#7B8ABD" align="center"|  
Line 27: Line 28:
 
We spent the time since the project midpoint submitting projects to the owasp.fortify.com site.  The current status of tasks is:
 
We spent the time since the project midpoint submitting projects to the owasp.fortify.com site.  The current status of tasks is:
 
# Workflow for introducing static analysis into OWASP projects (100%).
 
# Workflow for introducing static analysis into OWASP projects (100%).
 +
# Analyzed 10 OWASP projects (100%).
 
# Analyzed 25 most popular open source PHP projects on owasp.fortify.com (100%).
 
# Analyzed 25 most popular open source PHP projects on owasp.fortify.com (100%).
 
  |-  
 
  |-  

Revision as of 03:07, 31 October 2008

Clik here to return to the previous page.

FINAL REVIEW
PART I

Project Deliveries & Objectives

OWASP Source Code Review OWASP-Projects Project's Deliveries & Objectives

QUESTIONS ANSWERS

1. At what extent have the project deliveries & objectives been accomplished? Having in consideration the assumed ones, please exemplify writing down those of them that haven't been realised.

The major project objectives have been accomplished:

  1. We have finalized the workflow for introducing static analysis into OWASP projects.
  2. We have submitted 10 OWASP projects to be analyzed on the owasp.fortify.com site to establish an OWASP baseline.
  3. We have submitted the 25 most popular open source PHP projects to the be analyzed on the owasp.fortify.com site to establish an open source baseline.

2. At what extent have the project deliveries & objectives been accomplished? Having in consideration the assumed ones, please quantify in terms of percentage.

We spent the time since the project midpoint submitting projects to the owasp.fortify.com site. The current status of tasks is:

  1. Workflow for introducing static analysis into OWASP projects (100%).
  2. Analyzed 10 OWASP projects (100%).
  3. Analyzed 25 most popular open source PHP projects on owasp.fortify.com (100%).

3. What kind of help is required either from the Reviewers or from the OWASP Community?

PART II

Assessment Criteria

OWASP Project Assessment Criteria

QUESTIONS ANSWERS

1. Having into consideration the OWASP Project Assessment Methodology which criteria, if any, haven’t been fulfilled in terms of Alpha Quality status?

All Alpha criteria are fulfilled.

2. Having into consideration the OWASP Project Assessment Methodology which criteria, if any, haven’t been fulfilled in terms of Beta Quality status?

The documentation needs to be expanded and links added to the code review guide.

3. Having into consideration the OWASP Project Assessment Methodology which criteria, if any, haven’t been fulfilled in terms of Release Quality status?

We will add the OWASP EU Summit presentation to fulfill that requirement once it's ready.

4. What kind of help is required either from the Reviewers or from the OWASP Community?

To ensure that this project leads to continuing improvement in the security of OWASP projects, we need more OWASP project leaders to incorporate static analysis into their project's software development lifecycle. We have received only one volunteer who was willing to take the time to incorporate static analysis into his project: Yiannis, project leader of the JBroFuzz project. We can analyze OWASP projects on our own, but it's important to include static analysis as part of the lifecycle.