[Owasp-leaders] OWASP/WASC SAST Criteria

Jim Manico jim.manico at owasp.org
Tue Jan 25 08:28:06 EST 2011


This can be an OWASP and a WASC project! :) Both of our sites should have projects pages that cross link to each other.

I would like to let WASC drive the process  - they have a commitment to quality that is central to their culture. It would be a good experience for us to work with them, IMO, and see how they roll.

We have a lot of great people at OWASP with significant experience in this part of the field. We have the "numbers" that could make this work with solid depth and objectivity.

I'm going to start moving on this, I will keep you all posted on our progress.

PS: I've have 6 folks email me so far on this. Not bad for 5 minutes or so.

-Jim Manico
http://manico.net

On Jan 25, 2011, at 5:14 AM, "Tom Brennan" <tomb at owasp.org> wrote:

> Excellent, we need more of these type of efforts globally Jim.  Ideally we would want to have a owasp project set up to track it and give it globally visibility.  
> 
> 
> -----Original Message-----
> From: Ryan Barnett <ryan.barnett at owasp.org>
> Sender: owasp-leaders-bounces at lists.owasp.org
> Date: Tue, 25 Jan 2011 08:08:13 
> To: owasp-leaders at lists.owasp.org<owasp-leaders at lists.owasp.org>
> Reply-To: owasp-leaders at lists.owasp.org
> Subject: Re: [Owasp-leaders] OWASP/WASC SAST Criteria
> 
> So this will be like WASSEC but for SAST instead of DAST?  Sounds good to me. 
> 
> --
> Ryan Barnett
> 
> 
> On Jan 25, 2011, at 7:57 AM, "Jim Manico" <jim.manico at owasp.org> wrote:
> 
>> Hello all,
>> 
>> I'm working with the folks at WASC to define a SAST (static analysis) tool evaluation criteria and benchmark suite. This is not an actual tool study - just a project to set up public evaluation criteria.
>> 
>> I think this is a marvelous way for OWASP and WASC to collaborate. 
>> 
>> If you are interested in participating (and have significant expertise in this area) please contact me off list.
>> 
>> OWASP Board : Are you ok with this project? I think everyone involved wants this to be objective criteria. We could certainly help...
>> 
>> -Jim Manico
>> http://manico.net
>> _______________________________________________
>> OWASP-Leaders mailing list
>> OWASP-Leaders at lists.owasp.org
>> https://lists.owasp.org/mailman/listinfo/owasp-leaders
>> 
> _______________________________________________
> OWASP-Leaders mailing list
> OWASP-Leaders at lists.owasp.org
> https://lists.owasp.org/mailman/listinfo/owasp-leaders
> _______________________________________________
> OWASP-Leaders mailing list
> OWASP-Leaders at lists.owasp.org
> https://lists.owasp.org/mailman/listinfo/owasp-leaders


More information about the OWASP-Leaders mailing list