WebApp Sec mailing list archives
RE: WASC Announcement: Static Analysis Technologies Evaluation Criteria Published
From: "Debasis Mohanty" <dm.mailinglists () gmail com>
Date: Thu, 16 May 2013 22:00:10 +0530
Good initiative! I feel one of the important element that is missing is the "scoring mechanism". Based on what would you distinguish one product from the other? I created similar evaluation criteria nearly 7-8 years back for evaluating SCA products using a QFD. That was the time I was introduced to 6-sigma and thought a QFD is a best approach to have appropriate scoring for various pilot parameters. However I never released it to the public. The reason was, I wanted to make it a part of one of my secure SDLC initiative called (OSFSS) - www.coffeeandsecurity.com which got delayed for several reasons. Now since the cat is out, here is the SCA Pilot QFD http://www.coffeeandsecurity.com/resources/osfss/docs/SCA_QFDv0.1.pdf . The document is not complete yet and need to be updated. But the document does cover various parameters based on which an effective pilot could be done. -d -----Original Message----- From: listbounce () securityfocus com [mailto:listbounce () securityfocus com] On Behalf Of announcements () webappsec org Sent: 10 May 2013 23:56 To: pen-test () securityfocus com Subject: WASC Announcement: Static Analysis Technologies Evaluation Criteria Published The Web Application Security Consortium (WASC) is pleased to announce the Static Analysis Technologies Evaluation Criteria. The goal of the SATEC project is to create a vendor-neutral set of criteria to help guide application security professionals during the process of acquiring a static code analysis technology that is intended to be used during source-code driven security programs. This document provides a comprehensive list of criteria that should be considered during the evaluation process. WASC Static Analysis Technologies Evaluation Criteria http://projects.webappsec.org/Static%20Analysis%20Technologies%20Evaluation% 20Criteria This list is sponsored by Cenzic -------------------------------------- Let Us Hack You. Before Hackers Do! It's Finally Here - The Cenzic Website HealthCheck. FREE. Request Yours Now! http://www.cenzic.com/2009HClaunch_Securityfocus --------------------------------------
Current thread:
- WASC Announcement: Static Analysis Technologies Evaluation Criteria Published announcements (May 10)
- <Possible follow-ups>
- RE: WASC Announcement: Static Analysis Technologies Evaluation Criteria Published Debasis Mohanty (May 16)