Difference between revisions of "Project Information:template Source Code Review OWASP Projects - 50 Review - Self Evaluation - A"

From OWASP
Jump to: navigation, search
Line 23: Line 23:
 
2. To what extent have the project deliveries & objectives been accomplished?  Having in consideration [[OWASP Summer of Code 2008 Applications - Need Futher Clarifications#Source Code Review OWASP Projects|'''the assumed ones''']], please quantify in terms of percentage.
 
2. To what extent have the project deliveries & objectives been accomplished?  Having in consideration [[OWASP Summer of Code 2008 Applications - Need Futher Clarifications#Source Code Review OWASP Projects|'''the assumed ones''']], please quantify in terms of percentage.
 
  | colspan="2" style="width:75%; background:#cccccc" align="left"|
 
  | colspan="2" style="width:75%; background:#cccccc" align="left"|
 +
The current status of tasks planned for the end of June is:
 
#Team finalized (100%)
 
#Team finalized (100%)
 
#Projects selected (100%)
 
#Projects selected (100%)
 
#Preliminary workflow (100%)
 
#Preliminary workflow (100%)
 
#Projects submitted (0%)
 
#Projects submitted (0%)
 +
Since the Fortify open source review is not currently accepting projects, we have not been able to submit any projects.  However, we are currently analyzing the following tools using Fortify's commercial source code analyzer (SCA) tool. 
 +
#AntiSamy
 +
#WebScarab
 +
#OWASP Enterprise Security API (ESAPI) Project
 +
The updated version of Fortify's web site will allow us to upload the FPR files generated by this tool to create projects immediately, instead of waiting a week.  The following tasks remain to be done:
 +
#Revise workflow based on reviews.
 +
#Submit initial project to Fortify site once its online for testing.
 +
#Submit 3 OWASP projects as continuously analyzed projects on Fortify site.
 +
#Select additional OWASP and non-OWASP projects to analyze.
 
  |-
 
  |-
 
  | style="width:25%; background:#7B8ABD" align="center"|
 
  | style="width:25%; background:#7B8ABD" align="center"|

Revision as of 13:03, 26 June 2008

Click here to return to the previous page.

50% REVIEW PROCESS

Project Deliveries & Objectives

OWASP Source Code Review OWASP-Projects Project's Deliveries & Objectives

QUESTIONS ANSWERS

1. To what extent have the project deliveries & objectives been accomplished? Having in consideration the assumed ones, please exemplify writing down those of them that haven't been realised.

  1. Team finalized (Maureen Doyle, James Walden, Michael Whelan.)
  2. Projects selected for initial analysis (AntiSamy, WebScarab, OWASP Enterprise Security API (ESAPI) Project)
  3. Preliminary workflow.
  4. No projects submitted to Fortify Open Source Review, as Fortify is updating the application. We have talked extensively with Fortify and OWASP about the changes and how they match our workflow.

2. To what extent have the project deliveries & objectives been accomplished? Having in consideration the assumed ones, please quantify in terms of percentage.

The current status of tasks planned for the end of June is:

  1. Team finalized (100%)
  2. Projects selected (100%)
  3. Preliminary workflow (100%)
  4. Projects submitted (0%)

Since the Fortify open source review is not currently accepting projects, we have not been able to submit any projects. However, we are currently analyzing the following tools using Fortify's commercial source code analyzer (SCA) tool.

  1. AntiSamy
  2. WebScarab
  3. OWASP Enterprise Security API (ESAPI) Project

The updated version of Fortify's web site will allow us to upload the FPR files generated by this tool to create projects immediately, instead of waiting a week. The following tasks remain to be done:

  1. Revise workflow based on reviews.
  2. Submit initial project to Fortify site once its online for testing.
  3. Submit 3 OWASP projects as continuously analyzed projects on Fortify site.
  4. Select additional OWASP and non-OWASP projects to analyze.

3. What kind of help is required either from the Reviewers or from the OWASP Community?

We need feedback and direction on the preliminary workflow.