[OWASP-METRICS] AGENDA for today's committee meeting

Rachel O'Connell rachel.oconnell at owasp.org
Wed Sep 15 10:35:36 EDT 2004


  

 Meeting time:  2pm, Eastern 

 

   

 

 Dial in:   800-531-3250 

 

 Conf ID: 5299942 

 

   

 

 AGENDA:  OWASP Metrics & Measurement Committee    

 

   9/15/04      

 

     

 

  I.              Welcome and meeting goals   

 

  a.            Discussion and prioritization of metrics list   

 

  b.            Determination of customer value   

 

  c.             (next meeting) Discussion of methods to measure   

 

  II.             Discussion of metrics based on email feedback:   

 

     

 

   Deployment Concerns    :   

 

 Determine:   

 

  §               LEVEL of impacts by cost to organization   

 

  o              Downtime   

 

  o              Cleanup   

 

  o              Repair   

 

  o              Dollars spent on security compared to dollars spent patching software   

 

  o              Dollars spent on security per dollar transaction value   

 

  o              Security dollars spent per application   

 

  §               FREQUENCY of impacts   

 

  o              network outages per week, month, year, ranked by severity      

 

  o              desktop and server outages per week, month, year, ranked by severity      

 

  o              number of confidentiality breaches causing impact to the business per year and whether they originated from inside or external to the org      

 

  §               Stolen information     

 

  §               Changed information (intentionally or accidentally)      

 

  o              Number of patches per application   

 

  §               Number or percentage of patches that actually get applied    

 

  §               Number of machines   

 

  §               Amount of time required to patch each machine   

 

  §               Resulting costs   

 

  §               CONTROLS needed to track the root cause of the impacts   

 

     

 

   Product Development Concerns:     

 

  §               Inputs:    

 

  o              Resources (people, money, and equipment)   

 

  o              Objectives (feature list and security goals)   

 

  o              Constraints (external requirements like deadlines and milestones)   

 

  §               Process:    

 

  o              Methodology applied by the project participants in order to carry out the project.  (waterfall, spiral, xp, RUP, ad hoc, etc),    

 

  o              Level of adherence to the methodology,    

 

  o              Number of people assigned to each role (dev, qa, manage, release, support, etc),    

 

  o              Planned schedule vs. actual schedule   

 

  o              Amount of training given to the participants.    

 

  §               Artifacts:    

 

  o              Tangible artifacts produced by the project.     

 

  §               design documents   

 

  §               meeting notes    

 

  §               source code   

 

  §               coding guidelines   

 

  §               support/sales training material   

 

  §               end user documentation   

 

  o              Details of the project itself   

 

  §               Lines of code   

 

  §               Code defects   

 

  §               “Source of the source”    

 

  ·               How many different contributors?   

 

  ·               How is code vetted?   

 

  §               Result:    

 

  o              Did the project meet its objectives?   

 
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.owasp.org/pipermail/owasp-metrics/attachments/20040915/24b2354f/attachment.html 


More information about the Owasp-metrics mailing list