Category:OWASP Open Review Project
We are surrounded by open source software. Not only the open source software all of us use, also many of the commercial applications contain open source libraries. Think of server and desktop software, but don't forget routers, cars, phones. Open source is everywhere.
The OWASP Open Review Project (ORPRO) exists to act as a resource providing automated static analysis of OWASP projects.
- Provide an independent security review of OWASP projects with a record of what has been reviewed and by whom in order to best communicate the security state of the projects. At the current time this includes automated review of OWASP project code
- Engage in responsible disclosure of any security vulnerabilities discovered
- Settle overlap between OWASP projects: August 2008 (completed)
- Initial tool selection and implementation: September 2008 (completed)
- Roll out automated review capabilities for a limited set of projects: September 2008 (completed)
- First reviews: October 2008
- Shutter original project:June 2011
- Re-start project using Fortify on Demand rather than Fortify SCA: August 2011
- 5 June 2008 OWASP ORPRO launched
- 12 September 2008 owasp.fortify.com made available as a public beta for automated source code review of open source projects
- 16 August 2011 Project re-launched using Fortify on Demand rather than Fortify SCA
We want OWASP project leaders to submit their projects for review. If you run an OWASP project and are interested in participating, please email the mailing list.
Please go to https://lists.owasp.org/mailman/listinfo/open-review-project to subscribe to the list. You can post to the ORPRO mailing list by emailing firstname.lastname@example.org.
Project leads: Dan Cornell.
| PROJECT INFO
What does this OWASP project offer you?
| RELEASE(S) INFO|
What releases are available for this project?
This category currently contains no pages or media.