Difference between revisions of "Project Information:template Application Security Verification Standard - Final Review - Second Reviewer - F"

From OWASP
Jump to: navigation, search
 
Line 73: Line 73:
 
1. Having into consideration the [[:Category:OWASP Project Assessment|OWASP Project Assessment Methodology]] which criteria, if any, haven’t been fulfilled in terms of '''Alpha Quality''' status?
 
1. Having into consideration the [[:Category:OWASP Project Assessment|OWASP Project Assessment Methodology]] which criteria, if any, haven’t been fulfilled in terms of '''Alpha Quality''' status?
 
  | colspan="2" style="width:75%; background:#cccccc" align="left"|
 
  | colspan="2" style="width:75%; background:#cccccc" align="left"|
 +
 +
None.
 
  |-
 
  |-
 
  | style="width:25%; background:#7B8ABD" align="center"|  
 
  | style="width:25%; background:#7B8ABD" align="center"|  
 
2. Having into consideration the [[:Category:OWASP Project Assessment|OWASP Project Assessment Methodology]] which criteria, if any, haven’t been fulfilled in terms of '''Beta Quality''' status?
 
2. Having into consideration the [[:Category:OWASP Project Assessment|OWASP Project Assessment Methodology]] which criteria, if any, haven’t been fulfilled in terms of '''Beta Quality''' status?
 
  | colspan="2" style="width:75%; background:#cccccc" align="left"|
 
  | colspan="2" style="width:75%; background:#cccccc" align="left"|
 +
None
 +
 +
* The Beta version of the OWASP Application Security Verification Standard 2008 – Web Application Edition, should comply with following quality criteria according to the OWASP Project Assessment guidelines:
 +
 +
- All Alpha Quality Requirements
 +
 +
''Have been asserted in the first review round.''
 +
 +
- The document seems sufficiently or substantially complete with respect to the topic or process it is intended to cover.
 +
 +
''It is. The remarks from my previous comments are solved.''
 +
 +
- All wiki content has been reviewed by a technical editor to ensure that English grammar is correct, understandable, and the content flows well.
 +
''OK. No particular comment, the online documentation is of quality.''
 +
 +
- Clear efforts to interlink this document to other appropriate Beta and Release Quality OWASP Documentation and Tools projects have been made.
 +
 +
'' OK (reference to the Owasp Top Ten, etc.)''
 +
 +
* When approved to be Beta Quality: Update the link to it on: the OWASP Project page and update its project quality tag on its project page to be Beta.
 +
 +
''OK.''
 +
 
  |-  
 
  |-  
 
  | style="width:25%; background:#7B8ABD" align="center"|  
 
  | style="width:25%; background:#7B8ABD" align="center"|  
 
3. Having into consideration the [[:Category:OWASP Project Assessment|OWASP Project Assessment Methodology]] which criteria, if any, haven’t been fulfilled in terms of '''Release Quality''' status?
 
3. Having into consideration the [[:Category:OWASP Project Assessment|OWASP Project Assessment Methodology]] which criteria, if any, haven’t been fulfilled in terms of '''Release Quality''' status?
 
  | colspan="2" style="width:75%; background:#cccccc" align="left"|
 
  | colspan="2" style="width:75%; background:#cccccc" align="left"|
 +
 +
Following aspects are to be checked:
 +
 +
- Compliance to the Owasp Writing Style
 +
 +
- Availability at the OWASP Lulu Bookstore
 +
 +
- Maybe experience reports with the ASVS would be a plus to validate it or decide to bring still further improvements to the ASVS Standard Beta Quality Draft before releasing it as a 'Release Quality' document.
 +
 
  |-   
 
  |-   
 
  | style="width:25%; background:#7B8ABD" align="center"|
 
  | style="width:25%; background:#7B8ABD" align="center"|
 
4. Please do use the right hand side column to provide advice and make work suggestions.
 
4. Please do use the right hand side column to provide advice and make work suggestions.
 
  | colspan="2" style="width:75%; background:#cccccc" align="left"|
 
  | colspan="2" style="width:75%; background:#cccccc" align="left"|
 +
None.
 
|}
 
|}

Latest revision as of 11:25, 14 December 2008

Clik here to return to the previous page.

FINAL REVIEW
PART I

Project Deliveries & Objectives

OWASP Application Security Verification Standard Project's Deliveries & Objectives

QUESTIONS ANSWERS

1. At what extent have the project deliveries & objectives been accomplished? Having in consideration the assumed ones, please exemplify writing down those of them that haven't been realised.

The opportunity, challenges, issues or need your proposal addresses

OWASP is looking for a commercially-workable open standard for performing application security verification efforts. The problem is that there is a huge range in the coverage and level of rigor available in the market, and consumers have no way to tell the difference between someone just running a grep tool, and someone doing painstaking code review and manual testing. So, a standard is needed.

Comment: The draft proposes a standard of high quality which is adequate and suitable for use in commercial projects.

Objectives or ways in which you will meet the goal(s)

The applicant’s proposal will address the above challenges as follows: The applicant will define an evaluation framework that may be used to conduct OWASP Application Security Verification Standard certifications. The applicant will define an OWASP Application Security Verification Standard which defines levels that applications may be certified against.

Comments: Those goals are met.

Long-term vision for the project

The long-term vision for the project is to normalize the range in the coverage and level of rigor available in the market when it comes to performing application security verification.

Comments: The ASVS Draft proposes a comprehensive document which can fully play this role and be a support for making this vision a reality. The actual fullfillment of the vision will depend on the dissemination of the work and of its actual efficiency for web application projects.

2. At what extent have the project deliveries & objectives been accomplished? Having in consideration the assumed ones, please quantify in terms of percentage.

The opportunity, challenges, issues or need your proposal addresses

100%

Objectives or ways in which you will meet the goal(s)

100%

Long-term vision for the project

50% (Dissemination would be the remaining 50%, and do not pertain to the OWASP Summer of Code time frame).

3. Please do use the right hand side column to provide advice and make work suggestions.

[Comments on the ASVS Draft, 2008/10/20 ]

PART II

Assessment Criteria

OWASP Project Assessment Criteria

QUESTIONS ANSWERS

1. Having into consideration the OWASP Project Assessment Methodology which criteria, if any, haven’t been fulfilled in terms of Alpha Quality status?

None.

2. Having into consideration the OWASP Project Assessment Methodology which criteria, if any, haven’t been fulfilled in terms of Beta Quality status?

None

  • The Beta version of the OWASP Application Security Verification Standard 2008 – Web Application Edition, should comply with following quality criteria according to the OWASP Project Assessment guidelines:

- All Alpha Quality Requirements

Have been asserted in the first review round.

- The document seems sufficiently or substantially complete with respect to the topic or process it is intended to cover.

It is. The remarks from my previous comments are solved.

- All wiki content has been reviewed by a technical editor to ensure that English grammar is correct, understandable, and the content flows well. OK. No particular comment, the online documentation is of quality.

- Clear efforts to interlink this document to other appropriate Beta and Release Quality OWASP Documentation and Tools projects have been made.

OK (reference to the Owasp Top Ten, etc.)

  • When approved to be Beta Quality: Update the link to it on: the OWASP Project page and update its project quality tag on its project page to be Beta.

OK.

3. Having into consideration the OWASP Project Assessment Methodology which criteria, if any, haven’t been fulfilled in terms of Release Quality status?

Following aspects are to be checked:

- Compliance to the Owasp Writing Style

- Availability at the OWASP Lulu Bookstore

- Maybe experience reports with the ASVS would be a plus to validate it or decide to bring still further improvements to the ASVS Standard Beta Quality Draft before releasing it as a 'Release Quality' document.

4. Please do use the right hand side column to provide advice and make work suggestions.

None.