[Owasp-codereview] [Owasp-leaders] Automated Code Review in a distribuited environment

Paolo Perego thesp0nge at gmail.com
Tue Mar 31 03:26:58 EDT 2009


2009/3/30 Jeff Williams <jeff.williams at owasp.org>:
> The Top 10 is really not specific enough to be a reasonable benchmark for
> any tool.  There is no tool in existence that can search everything covered
> by the T10, and probably never will be.  It would be much more interesting
> to see which of the issues specified in the OWASP ASVS
I agree.

A very little OT.

Jeff, Leaders, List, I'd like to remind you the project I started some
months ago: the Source code flaws Top 10
(http://www.owasp.org/index.php/Category:OWASP_Source_Code_Flaws_Top_10_Project).
A very original Owasp Top 10 "little sister", dedicated only to source code.
The idea is not to overlap with the Testing guide but to provide a
bunch (10) of categories to be used when collecting results after a
code review.

Thanks
Ciao ciao

-- 
"stay hungry, stay foolish"

OWASP Orizon project, http://orizon.sourceforge.net
"enjoy your code review experience"


More information about the Owasp-codereview mailing list