OWASP Security JDI Process
The process of developing tried and tested instructions is as follow:
This will typically be based on the authors practical experience as a developer or security specialist.
At this stage, the JDI does not have to be complete or particularly well written, but it must provide the bones of a practical solution.
The project will endeavour to engage suitable subject matter experts to assist in completing and refining the first draft.
Once the first draft has been reviewed and revised and meets the requirements defined in the pro-forma page, the status may be changed to Drafted, at which point is is ready for review.
The JDI is then editorially reviewed by an independent reviewer and, after any necessary changes have been made, the status changed to Reviewed.
Amongst other things the review should ensure that
- All sections are complete per the pro-forma
- All links work
To progress to the final status of Tested it is necessary for an independent developer to use the JDI, to feedback, and for that feedback to be reviewed and incorporated.