This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit https://owasp.org

Difference between revisions of "Projects Reboot 2012 - OWASP Eliminate Vulnerable Code"

From OWASP
Jump to: navigation, search
Line 12: Line 12:
  
  
3) '''Project Team Leader:''' [[Waqas_Nazir]] and we already have about 15 contributors for the project.
+
3) '''Project Team Leader:''' [[User:Waqas_Nazir]] and we already have about 15 contributors for the project.
  
 
4) '''Re boot type:''' Type 1  
 
4) '''Re boot type:''' Type 1  

Revision as of 21:20, 25 July 2012

1) Project name: Eliminate_Vulnerable_Code_Project[[1]]

2) Description: Eliminate Vulnerable Code Project is geared at identifying and removing vulnerable code samples from the public domain. The project has 4 main areas of interest:

i) Internet Web Forums

ii) Educational Institutions

iii) Printed Materials

iv) Open source software


3) Project Team Leader: User:Waqas_Nazir and we already have about 15 contributors for the project.

4) Re boot type: Type 1

5) Goals of the reboot: The goals for the reboot are divided into the following main areas:

i) Internet Web Forums: The Evc Probe scanner needs more rules to be added to scan for other development languages. Currently it is only looking for a small set of issues in .NET and Java code. The hope is to add 50 more checks.

ii) Educational Institutions: Work with at least two educational institutions to review their software development curriculums to identify any insecure code being used to teach developers.

iii) Printed Materials: Review at least one software development book to identify any insecure code being used as references.

iv) Open source software: Identify 1 high impact open source software to begin static analysis and manual review with the help of OWASP members.

v) Prime sponsor: List OWASP as a prime sponsor on [2]


6) Timeline: The timeline for the aforementioned goals is as follows:

i) Internet Web Forums:

50 % milestone = 25 new checks (August 30th, 2012).

100 % milestone = 50 new checks (September 15th, 2012).


ii) Educational Institutions:

50 % milestone = work with and complete analysis of first curriculum

100 % milestone = work with and complete analysis of second curriculum


iii) Printed Materials:

100 % milestone = Identify and work on one software development book to identify insecure code being used as reference.


iv) Open source software:

50 % milestone = Identify 1 high impact open source software for review and create the review team with OWASP leaders (August 15th, 2012).

100 % milestone = Document and complete initial analysis (September 30th, 2012)


v) Prime sponsor: 100 % milestone = List OWASP as a prime sponsor on [3]


7) Budget:

USD 10 K for prime sponsorship of EVC Project.

Sponsorship benefits are listed here: [4]

25 % of the funds will go for developing new checks for the Evc Probe scanner.

50 % of the funds will go for the development of the review process for educational institutions, printed materials, and open source software.

25 % will go towards organizing the reviews and co-ordination of the review activities.