Home page logo

pen-test logo Penetration Testing mailing list archives

RE: WASC Announcement: Static Analysis Technologies Evaluation Criteria Published
From: "Debasis Mohanty" <dm.mailinglists () gmail com>
Date: Thu, 16 May 2013 22:00:10 +0530

Good initiative! I feel one of the important element that is missing is the
"scoring mechanism". Based on what would you distinguish one product from
the other? 

I created similar evaluation criteria nearly 7-8 years back for evaluating
SCA products using a QFD. That was the time I was introduced to 6-sigma and
thought a QFD is a best approach to have appropriate scoring for various
pilot parameters. However I never released it to the public. The reason was,
I wanted to make it a part of one of my secure SDLC initiative called
(OSFSS) - www.coffeeandsecurity.com which got delayed for several reasons.
Now since the cat is out, here is the SCA Pilot QFD
http://www.coffeeandsecurity.com/resources/osfss/docs/SCA_QFDv0.1.pdf . The
document is not complete yet and need to be updated. But the document does
cover various parameters based on which an effective pilot could be done. 


-----Original Message-----
From: listbounce () securityfocus com [mailto:listbounce () securityfocus com] On
Behalf Of announcements () webappsec org
Sent: 10 May 2013 23:56
To: pen-test () securityfocus com
Subject: WASC Announcement: Static Analysis Technologies Evaluation Criteria

The Web Application Security Consortium (WASC) is pleased to announce the
Static Analysis Technologies Evaluation Criteria. The goal of the SATEC
project is to create a vendor-neutral set of criteria to help guide
application security professionals during the process of acquiring a static
code analysis technology that is intended to be used during source-code
driven security programs. This document provides a comprehensive list of
criteria that should be considered during the evaluation process. WASC
Static Analysis Technologies Evaluation Criteria

This list is sponsored by: Information Assurance Certification Review Board

Prove to peers and potential employers without a doubt that you can actually do a proper penetration test. IACRB CPT 
and CEPT certs require a full practical examination in order to become certified. 


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]