Difference between revisions of "Category:OWASP Open Review Project"

From OWASP
Jump to: navigation, search
Line 1: Line 1:
{{:Project Information:template Open Review Project}}
 
  
 +
== Overview ==
 +
We are surrounded by open source. Not only the open source software all of us use, also many of the commercial applications contain open source libraries. And in our routers, our cars, our phones, everywhere...
 +
In the OWASP Open Review Project (ORPRO) we perform open reviews of open source projects. We focus on security, are independent, and use the excellent deliverables from other OWASP projects to achieve traceable assurance statements on the security of the code. Users, both individuals and integrators, may benefit from ORPRO’s results.
  
  
[[Category:OWASP Project]]
+
== Project Goals ==
 +
* Independent security review of open source projects;
 +
* Centrally managed;
 +
* Independent statement on what is reviewed and by whom, leading a form of assurance that the software is free from security bugs;
 +
* Analysis beyond code review, including digging into hard algorithms (compression, crypto, etc);
 +
* Responsible disclosure of any security vulnerabilities discovered.

Revision as of 14:12, 5 June 2008

Overview

We are surrounded by open source. Not only the open source software all of us use, also many of the commercial applications contain open source libraries. And in our routers, our cars, our phones, everywhere... In the OWASP Open Review Project (ORPRO) we perform open reviews of open source projects. We focus on security, are independent, and use the excellent deliverables from other OWASP projects to achieve traceable assurance statements on the security of the code. Users, both individuals and integrators, may benefit from ORPRO’s results.


Project Goals

  • Independent security review of open source projects;
  • Centrally managed;
  • Independent statement on what is reviewed and by whom, leading a form of assurance that the software is free from security bugs;
  • Analysis beyond code review, including digging into hard algorithms (compression, crypto, etc);
  • Responsible disclosure of any security vulnerabilities discovered.

This category currently contains no pages or media.