[OWASP-TESTING] FW: OWASP Testing, part 1 - comments
Daniel at deeper.co.za
Tue Oct 19 09:20:47 EDT 2004
it just shows that no matter how much you look at a doc, there are still
blatant errors which the human eye overlooks.
fixed the minor issues, still outstanding:
page 11: the OCTAVE...
page 16: true, not sure why it seems so short
page 26: it should, but why wasnt it?
> A few (marginal) comments below.
> Congrats for the good doc.
> - page 11, regarding the statement
> 'The primary issue with OCTAVE is its use of
> likelihood = 1, or
> all risks are equally risky', I believe it is not
> entirely true;
> at least, OCTAVE-S (OCTAVE's tailored version for
> smaller enterprises) provides the means for
> describing the likelihood of
> future occurrences of a threat (as well as recording
> how often it occurred
> in the past), i.e. defining probabilities.
> If I remember correctly, in OCTAVE probabilities are
> an optional feature.
> - typo on page 12, should be "if you want to know
> whats really going on,
> go straight to the source instead of "...to
> straight to the source".
> - typo on page 12, should be "or is supposed to be
> happening" instead of
> - typo on page 12, should be "Can miss calls to issues
> in compiled libraries"
> instead of "can missed..."
> - typo on page 16, should be "as" instead of "aw"
> - page 16 seems to be incomplete... (isn't it?
> - page 26 Figure "Typical SDLC Testing Workflow".
> Shouldn't it include
> (in the development, deployment sections)
> test activities to validate the artifact being built
> against functional and
> non-functional requirements? (the real test cases...
> acceptance tests if needed after deployment)
> Do you Yahoo!?
> Declare Yourself - Register online to vote today!
-------------- next part --------------
A non-text attachment was scrubbed...
Name: the owasp testing project1 - daniel edits.doc
Size: 477184 bytes
Desc: not available
Url : http://lists.owasp.org/pipermail/owasp-testing/attachments/20041019/23f32a39/attachment.doc
More information about the Owasp-testing