[Owasp-board] REQUEST FOR COMMENTS/FW: New Static Analysis Tool - "Yasca"

dinis cruz dinis.cruz at owasp.org
Fri Oct 24 15:42:03 UTC 2008


In fact what we have are multiple 'tents' where projects move from one to
the other based on their level of maturity, usability and value to out
community (based of course on
https://www.owasp.org/index.php/Category:OWASP_Project_Assessment )

Dinis

2008/10/24 Jeff Williams <jeff.williams at owasp.org>

>  Yes!  This is cool.  OWASP is a "big tent" – meaning that we can support
> many tools focused on a similar purpose.  We should not try to put all our
> effort behind one tool, but encourage a flourishing market of tools.  If we
> don't create a big tent, it will encourage other competing tents to form.
> So we should encourage EVERY appsec tool out there to fall under the OWASP
> umbrella and get some support!!!
>
>
>
> --Jeff
>
>
>
> *From:* owasp-board-bounces at lists.owasp.org [mailto:
> owasp-board-bounces at lists.owasp.org] *On Behalf Of *Seba
> *Sent:* Thursday, October 23, 2008 10:35 PM
> *To:* Dave Wichers
> *Cc:* OWASP Foundation Board List
> *Subject:* Re: [Owasp-board] REQUEST FOR COMMENTS/FW: New Static Analysis
> Tool - "Yasca"
>
>
>
> Look for synergies with the Orizon / Source code review projects?
>
>
>
> regards
>
>
>
> Seba
>
> On Thu, Oct 23, 2008 at 5:50 PM, Dave Wichers <dave.wichers at owasp.org>
> wrote:
>
> I don't have any objections. Do we have any other code analysis tools that
> compete with this? I think we do, and so we should try to get them to
> coordinate / work together.
>
>
>
> In fact, anytime we have multiple tools in the same category, we should try
> to get them to work together.
>
>
>
> -Dave
>
>
>
> *From:* owasp-board-bounces at lists.owasp.org [mailto:
> owasp-board-bounces at lists.owasp.org] *On Behalf Of *Paulo Coimbra
> *Sent:* Thursday, October 23, 2008 11:45 AM
> *To:* 'OWASP Foundation Board List'
> *Subject:* [Owasp-board] REQUEST FOR COMMENTS/FW: New Static Analysis Tool
> - "Yasca"
>
>
>
> Board,
>
>
>
> I am ready to set up this project. Any objections and/or instructions?
>
>
>
> Thanks,
>
>
>
> Paulo Coimbra,
>
> OWASP Project Manager <https://www.owasp.org/index.php/Main_Page>
>
>
>
> *From:* Michael V. Scovetta [mailto:michael.scovetta at gmail.com] *On Behalf
> Of *Michael V. Scovetta
> *Sent:* segunda-feira, 20 de Outubro de 2008 22:01
> *To:* paulo.coimbra at owasp.org
> *Cc:* 'Michael.scovetta at gmail.com'
> *Subject:* New Static Analysis Tool - "Yasca"
>
>
>
> Hi Paulo,
>
>
>
> I've written a new static analysis tool and would like to include it among
> the other OWASP projects. I've been involved with OWASP/NYC and plan to
> submit a presentation for upcoming conferences. Here is my quick
> introduction to Yasca. A PPT will be coming out soon.
>
>
>
> ---
>
>
>
> Yasca is a new static analysis tool designed to scan Java, C/C++,
> JavaScript, .NET, and other source code for security and code-quality
> issues. Yasca is easily extensible via a plugin-based architecture, so
> scanning PHP, Ruby, or other languages is as simple as coming up with rules
> or integrating external tools.
>
>
>
> Yasca includes plugins for the following open-source projects:
>
>      * FindBugs (http://findbugs.sourceforge.net/)
>
>      * PMD (http://pmd.sourceforge.net/)
>
>      * Jlint / antiC (http://artho.com/jlint/)
>
>
>
> Yasca also features a simple regular-expression plugin that allows new
> rules to be written in less than a minute. It includes many custom rules
> created specifically for Yasca, and additional rule-packs will be released
> soon.
>
>
>
> Yasca is hosted on SourceForge (http://sourceforge.net/projects/yasca)
> with additional information at http://yasca.org.
>
>
>
> Thank you,
>
>
>
> Mike Scovetta
>
>
>
>
> _______________________________________________
> Owasp-board mailing list
> Owasp-board at lists.owasp.org
> https://lists.owasp.org/mailman/listinfo/owasp-board
>
>
>
> _______________________________________________
> Owasp-board mailing list
> Owasp-board at lists.owasp.org
> https://lists.owasp.org/mailman/listinfo/owasp-board
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/owasp-board/attachments/20081024/749c110d/attachment-0002.html>


More information about the Owasp-board mailing list