Project Information:template Application Security Verification Standard - 50 Review - Self Evaluation - A

From OWASP
Revision as of 11:18, 23 June 2008 by Pauloc (Talk | contribs)

(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to: navigation, search

Click here to return to the previous page.

50% REVIEW PROCESS

Project Deliveries & Objectives

OWASP Application Security Verification Standard Project's Deliveries & Objectives

QUESTIONS ANSWERS

1. At what extent have the project deliveries & objectives been accomplished? Having in consideration the assumed ones, please exemplify writing down those of them that haven't been realised.

Originally-proposed separate certification standard and scheme documents have been collapsed into a single ASVS document.

2. At what extent have the project deliveries & objectives been accomplished? Having in consideration the assumed ones, please quantify in terms of percentage.

An initial draft of the proposed standard has been written. In the initial draft, a proposed set of criteria is defined, and a proposed certification framework is defined. Please see the main ASVS project page for the initial draft of the ASVS.

3. What kind of help is required either from the Reviewers or from the OWASP Community?

  • The OWASP Foundation must provide feedback about the certification framework, to determine if what is proposed is viable given OWASP's status as a non-profit, and other potential restrictions/requirements the author is not aware of, so that further refinements can be made as necessary. Otherwise, there will be no ability to conduct a trial evaluation. Please provide comments on sections: "Process" and "Where To Go From Here".
  • The OWASP reviewers and the OWASP community may offer their domain expertise to further refine the proposed set of ESAPI-derived criteria. Please provide comments on sections "Methodology" and sections "V1" thru "V5". Once the approach to V5 is further refined, the author wil apply the approach as a template to remaining sections "V6" thru "V16".
  • Please email specific comments or questions comments to the author directly for discussion and consideration. Please use the ASVS project mailing list to solicit input from the community as appropriate. The author will make available upon email request a Word version of the document so that comments can be made in-line using the Word track-changes and comments features.