[Owasp-codereview] Code Review Guide: Update

Paolo Perego thesp0nge at gmail.com
Fri May 30 04:58:58 EDT 2008


2008/5/29 Eoin <eoin.keary at owasp.org>:
[snip]
> Severity  * Effort required to fix  = Win Factor (Easy win to fix)
>  -> This maps to a grid severity Vs Effort (like a risk matrix) shaded areas
> should be addressed.

Eoin, don't you thinks that "Effort required to fix" it depends to non
predictable external factors such as (how many people the development
team is comprised from? how much skills the developers have?)? It will
be difficult (IMHO) to formalize a score for "fixing effort" in order
to use for our Win Factor score.

What's your opinion about this?

On about Taxonomy or Vulnerability categories, I started writing
something on paper yesterday and I hope in this weekend to populate
some part of the wikipage so Marco, I'll gave the link and than we can
start a thread in mailing list talking about this topic.

Ciao ciao
thesp0nge


More information about the Owasp-codereview mailing list