Difference between revisions of "The Owasp Orizon Framework"

From OWASP
Jump to: navigation, search
(New page: A lot of open source projects exist in the wild performing static code review analysis. This is good, it means that source code testing for security issues is becoming a constraint. ''(co...)
 
Line 1: Line 1:
 +
[[OWASP Code Review Guide Table of Contents]]__TOC__
 +
[[Category:OWASP Code Review Project]]
 +
 
A lot of open source projects exist in the wild performing static code review analysis. This is good, it means that source code testing for security issues is becoming a constraint.
 
A lot of open source projects exist in the wild performing static code review analysis. This is good, it means that source code testing for security issues is becoming a constraint.
  
''(continue this evening)''
+
Such tools bring a lot of valuable points:
 +
* community support
 +
* source code freely available to anyone
 +
* costs
 +
 
 +
On the other side, these tools don't share the most valuable point among them: the security knowledge. All these tools have their own security library with a lot of checks contained into without sharing such knowledge.
 +
 
 +
In 2006 Owasp Orizon project is born to provide a common underlying layer to all opensource projects concern static analysis.

Revision as of 16:20, 2 September 2008

OWASP Code Review Guide Table of Contents

A lot of open source projects exist in the wild performing static code review analysis. This is good, it means that source code testing for security issues is becoming a constraint.

Such tools bring a lot of valuable points:

  • community support
  • source code freely available to anyone
  • costs

On the other side, these tools don't share the most valuable point among them: the security knowledge. All these tools have their own security library with a lot of checks contained into without sharing such knowledge.

In 2006 Owasp Orizon project is born to provide a common underlying layer to all opensource projects concern static analysis.