[Owasp-codereview] Code Review Guide: Update

Eoin eoin.keary at owasp.org
Fri May 30 08:38:01 EDT 2008


Hi I do agree there are external factors but we cant take into account all
possible variations.
I thing some simple formula for effort of work / winfactor would be really
useful and adopted by consltancy.

Let me know what you think.



On 30/05/2008, Paolo Perego <thesp0nge at gmail.com> wrote:
>
> 2008/5/29 Eoin <eoin.keary at owasp.org>:
> [snip]
> > Severity  * Effort required to fix  = Win Factor (Easy win to fix)
> >  -> This maps to a grid severity Vs Effort (like a risk matrix) shaded
> areas
> > should be addressed.
>
> Eoin, don't you thinks that "Effort required to fix" it depends to non
> predictable external factors such as (how many people the development
> team is comprised from? how much skills the developers have?)? It will
> be difficult (IMHO) to formalize a score for "fixing effort" in order
> to use for our Win Factor score.
>
> What's your opinion about this?
>
> On about Taxonomy or Vulnerability categories, I started writing
> something on paper yesterday and I hope in this weekend to populate
> some part of the wikipage so Marco, I'll gave the link and than we can
> start a thread in mailing list talking about this topic.
>
> Ciao ciao
> thesp0nge
> _______________________________________________
> Owasp-codereview mailing list
> Owasp-codereview at lists.owasp.org
> https://lists.owasp.org/mailman/listinfo/owasp-codereview
>



-- 
Eoin Keary OWASP - Ireland
http://www.owasp.org/local/ireland.html
http://www.owasp.org/index.php/OWASP_Code_Review_Project
-------------- next part --------------
An HTML attachment was scrubbed...
URL: https://lists.owasp.org/pipermail/owasp-codereview/attachments/20080530/bbc60d17/attachment.html 


More information about the Owasp-codereview mailing list