OWASP Security JDI Process

From OWASP
Jump to: navigation, search

The process of developing tried and tested instructions is as follow:

First Draft

JDIs should be started with a stub article linked from the table in the JDIs page using the pro-forma page as a template.

This will typically be based on the authors practical experience as a developer or security specialist.

At this stage, the JDI does not have to be complete or particularly well written, but it must provide the bones of a practical solution.

Drafted

The project will endeavour to engage suitable subject matter experts to assist in completing and refining the first draft.

Once the first draft has been reviewed and revised and meets the requirements defined in the pro-forma page, the status may be changed to Drafted, at which point is is ready for review.

Reviewed

The JDI is then editorially reviewed by an independent reviewer and, after any necessary changes have been made, the status changed to Reviewed.

Amongst other things the review should ensure that

  • All sections are complete per the pro-forma
  • All links work

Tested

To progress to the final status of Tested it is necessary for an independent developer to use the JDI, to feedback, and for that feedback to be reviewed and incorporated.