Home page logo
/

pen-test logo Penetration Testing mailing list archives

RE: WASC Announcement: Static Analysis Technologies Evaluation Criteria Published
From: "Debasis Mohanty" <dm.mailinglists () gmail com>
Date: Thu, 16 May 2013 22:00:10 +0530

Good initiative! I feel one of the important element that is missing is the
"scoring mechanism". Based on what would you distinguish one product from
the other? 

I created similar evaluation criteria nearly 7-8 years back for evaluating
SCA products using a QFD. That was the time I was introduced to 6-sigma and
thought a QFD is a best approach to have appropriate scoring for various
pilot parameters. However I never released it to the public. The reason was,
I wanted to make it a part of one of my secure SDLC initiative called
(OSFSS) - www.coffeeandsecurity.com which got delayed for several reasons.
Now since the cat is out, here is the SCA Pilot QFD
http://www.coffeeandsecurity.com/resources/osfss/docs/SCA_QFDv0.1.pdf . The
document is not complete yet and need to be updated. But the document does
cover various parameters based on which an effective pilot could be done. 

-d

-----Original Message-----
From: listbounce () securityfocus com [mailto:listbounce () securityfocus com] On
Behalf Of announcements () webappsec org
Sent: 10 May 2013 23:56
To: pen-test () securityfocus com
Subject: WASC Announcement: Static Analysis Technologies Evaluation Criteria
Published

The Web Application Security Consortium (WASC) is pleased to announce the
Static Analysis Technologies Evaluation Criteria. The goal of the SATEC
project is to create a vendor-neutral set of criteria to help guide
application security professionals during the process of acquiring a static
code analysis technology that is intended to be used during source-code
driven security programs. This document provides a comprehensive list of
criteria that should be considered during the evaluation process. WASC
Static Analysis Technologies Evaluation Criteria
http://projects.webappsec.org/Static%20Analysis%20Technologies%20Evaluation%
20Criteria


------------------------------------------------------------------------
This list is sponsored by: Information Assurance Certification Review Board

Prove to peers and potential employers without a doubt that you can actually do a proper penetration test. IACRB CPT 
and CEPT certs require a full practical examination in order to become certified. 

http://www.iacertification.org
------------------------------------------------------------------------


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]