[Owasp-leaders] OWASP/WASC SAST Criteria

Jim Manico jim.manico at owasp.org
Tue Jan 25 10:24:18 EST 2011


Thank you to Paulo and all the other OWASPers who responded. The number
of folks who are interested in assisting is significant. Game on. :)

John: Thank you as well (I appreciate the depth of your feedback). The
landmines ahead of us are many. I'll keep your feedback in mind as we
progress and will drop you a note from time to time; perhaps you can
help keep us honest. We need the help.

I'm collecting the email of everyone who responded - I'll contact you
off-list as the project matures.

Thanks all,
Jim


> It goes without saying, if you need a project page set up please just drop
> me a line. 
> 
> Thanks,
> - Paulo
> 
> 
> Paulo Coimbra,
> OWASP Project Manager
> 
> 
>>> -----Original Message-----
>>> From: owasp-leaders-bounces at lists.owasp.org [mailto:owasp-leaders-
>>> bounces at lists.owasp.org] On Behalf Of Jim Manico
>>> Sent: terça-feira, 25 de Janeiro de 2011 13:28
>>> To: tomb at owasp.org; owasp-leaders at lists.owasp.org
>>> Cc: owasp-leaders at lists.owasp.org
>>> Subject: Re: [Owasp-leaders] OWASP/WASC SAST Criteria
>>>
>>> This can be an OWASP and a WASC project! :) Both of our sites should
>>> have projects pages that cross link to each other.
>>>
>>> I would like to let WASC drive the process  - they have a commitment
>>> to quality that is central to their culture. It would be a good
>>> experience for us to work with them, IMO, and see how they roll.
>>>
>>> We have a lot of great people at OWASP with significant experience in
>>> this part of the field. We have the "numbers" that could make this
>>> work with solid depth and objectivity.
>>>
>>> I'm going to start moving on this, I will keep you all posted on our
>>> progress.
>>>
>>> PS: I've have 6 folks email me so far on this. Not bad for 5 minutes
>>> or so.
>>>
>>> -Jim Manico
>>> http://manico.net
>>>
>>> On Jan 25, 2011, at 5:14 AM, "Tom Brennan" <tomb at owasp.org> wrote:
>>>
>>>> Excellent, we need more of these type of efforts globally Jim.
>>> Ideally we would want to have a owasp project set up to track it and
>>> give it globally visibility.
>>>>
>>>>
>>>> -----Original Message-----
>>>> From: Ryan Barnett <ryan.barnett at owasp.org>
>>>> Sender: owasp-leaders-bounces at lists.owasp.org
>>>> Date: Tue, 25 Jan 2011 08:08:13
>>>> To: owasp-leaders at lists.owasp.org<owasp-leaders at lists.owasp.org>
>>>> Reply-To: owasp-leaders at lists.owasp.org
>>>> Subject: Re: [Owasp-leaders] OWASP/WASC SAST Criteria
>>>>
>>>> So this will be like WASSEC but for SAST instead of DAST?  Sounds
>>> good to me.
>>>>
>>>> --
>>>> Ryan Barnett
>>>>
>>>>
>>>> On Jan 25, 2011, at 7:57 AM, "Jim Manico" <jim.manico at owasp.org>
>>> wrote:
>>>>
>>>>> Hello all,
>>>>>
>>>>> I'm working with the folks at WASC to define a SAST (static
>>> analysis) tool evaluation criteria and benchmark suite. This is not an
>>> actual tool study - just a project to set up public evaluation
>>> criteria.
>>>>>
>>>>> I think this is a marvelous way for OWASP and WASC to collaborate.
>>>>>
>>>>> If you are interested in participating (and have significant
>>> expertise in this area) please contact me off list.
>>>>>
>>>>> OWASP Board : Are you ok with this project? I think everyone
>>> involved wants this to be objective criteria. We could certainly
>>> help...
>>>>>
>>>>> -Jim Manico
>>>>> http://manico.net
>>>>> _______________________________________________
>>>>> OWASP-Leaders mailing list
>>>>> OWASP-Leaders at lists.owasp.org
>>>>> https://lists.owasp.org/mailman/listinfo/owasp-leaders
>>>>>
>>>> _______________________________________________
>>>> OWASP-Leaders mailing list
>>>> OWASP-Leaders at lists.owasp.org
>>>> https://lists.owasp.org/mailman/listinfo/owasp-leaders
>>>> _______________________________________________
>>>> OWASP-Leaders mailing list
>>>> OWASP-Leaders at lists.owasp.org
>>>> https://lists.owasp.org/mailman/listinfo/owasp-leaders
>>> _______________________________________________
>>> OWASP-Leaders mailing list
>>> OWASP-Leaders at lists.owasp.org
>>> https://lists.owasp.org/mailman/listinfo/owasp-leaders
> 
> _______________________________________________
> OWASP-Leaders mailing list
> OWASP-Leaders at lists.owasp.org
> https://lists.owasp.org/mailman/listinfo/owasp-leaders



More information about the OWASP-Leaders mailing list