WebApp Sec mailing list archives

RE: WASC Announcement: Static Analysis Technologies Evaluation Criteria Published

From: "Debasis Mohanty" <dm.mailinglists () gmail com>
Date: Thu, 16 May 2013 22:00:10 +0530

Good initiative! I feel one of the important element that is missing is the
"scoring mechanism". Based on what would you distinguish one product from
the other? 

I created similar evaluation criteria nearly 7-8 years back for evaluating
SCA products using a QFD. That was the time I was introduced to 6-sigma and
thought a QFD is a best approach to have appropriate scoring for various
pilot parameters. However I never released it to the public. The reason was,
I wanted to make it a part of one of my secure SDLC initiative called
(OSFSS) - www.coffeeandsecurity.com which got delayed for several reasons.
Now since the cat is out, here is the SCA Pilot QFD
http://www.coffeeandsecurity.com/resources/osfss/docs/SCA_QFDv0.1.pdf . The
document is not complete yet and need to be updated. But the document does
cover various parameters based on which an effective pilot could be done. 

-d

-----Original Message-----
From: listbounce () securityfocus com [mailto:listbounce () securityfocus com] On
Behalf Of announcements () webappsec org
Sent: 10 May 2013 23:56
To: pen-test () securityfocus com
Subject: WASC Announcement: Static Analysis Technologies Evaluation Criteria
Published

The Web Application Security Consortium (WASC) is pleased to announce the
Static Analysis Technologies Evaluation Criteria. The goal of the SATEC
project is to create a vendor-neutral set of criteria to help guide
application security professionals during the process of acquiring a static
code analysis technology that is intended to be used during source-code
driven security programs. This document provides a comprehensive list of
criteria that should be considered during the evaluation process. WASC
Static Analysis Technologies Evaluation Criteria
http://projects.webappsec.org/Static%20Analysis%20Technologies%20Evaluation%
20Criteria




This list is sponsored by Cenzic
--------------------------------------
Let Us Hack You. Before Hackers Do!
It's Finally Here - The Cenzic Website HealthCheck. FREE.
Request Yours Now! 
http://www.cenzic.com/2009HClaunch_Securityfocus
--------------------------------------

Current thread:

WASC Announcement: Static Analysis Technologies Evaluation Criteria Published announcements (May 10)
- <Possible follow-ups>
- RE: WASC Announcement: Static Analysis Technologies Evaluation Criteria Published Debasis Mohanty (May 16)