[OWASP-TESTING] final draft of the outline

Eoin Keary eoinkeary at hotmail.com
Thu May 12 10:20:59 EDT 2005


After talking to a number of people in the academic and industry I still 
dont think we should use "guesstimates" in documents we would like to become 
industry standards.

The document is depicting fact, procedure and best practice, but under the 
"How long shall this take/Cost" section we are going to answer: "Guess".
Sounds a bit foolish and also damages the integrity of the document. I know 
ISO 17799 or COBIT docs dont have guessing games ;0)

Just a thought.
Eoin


>From: "Shields, Larry" <Larry.Shields at FMR.COM>
>To: <owasp-testing at lists.sourceforge.net>
>Subject: RE: [OWASP-TESTING] final draft of the outline
>Date: Thu, 5 May 2005 08:52:33 -0400
>
>
>I agree.  Especially in black box testing, you can provide some rough
>rule of thumb stuff for a timebox for various applications.  It will at
>least provide a rough guesstimate for the poor project manager who's
>trying to make sure the application is secure and needs to put some
>number in the budget.
>
>-Larry
>
>-----Original Message-----
>From: Revelli Alberto [mailto:a.revelli at reply.it]
>Sent: Thursday, May 05, 2005 6:54 AM
>To: owasp-testing at lists.sourceforge.net
>Subject: RE: [OWASP-TESTING] final draft of the outline
>
>
>
> >True, but a guideline (with a massive caveat stating this isnt set in
> >concrete blah blah blah) would help companies who have zero
> >understanding of app testing to understand if they are being taken for
>a ride.
>
>Exactly.
>I agree that needed resources heavily depend on the
>complexity/size/insert_your_favorite_variable_here of the application,
>but exactly for this reason it would be great to provide a few hints to
>help companies to have some clues about how much effort is needed to
>test their apps.
>
> >Ok, hows about i'll write up the section and everyone can review it
> >once the rest of the sections are finished?
>
>Sounds great :)
>
>Cheers
>
>Alberto
>
>
>-------------------------------------------------------
>This SF.Net email is sponsored by: NEC IT Guy Games.
>Get your fingers limbered up and give it your best shot. 4 great events,
>4 opportunities to win big! Highest score wins.NEC IT Guy Games. Play to
>win an NEC 61 plasma display. Visit http://www.necitguy.com/?r
>_______________________________________________
>owasp-testing mailing list
>owasp-testing at lists.sourceforge.net
>https://lists.sourceforge.net/lists/listinfo/owasp-testing
>
>
>
>-------------------------------------------------------
>This SF.Net email is sponsored by: NEC IT Guy Games.
>Get your fingers limbered up and give it your best shot. 4 great events, 4
>opportunities to win big! Highest score wins.NEC IT Guy Games. Play to
>win an NEC 61 plasma display. Visit http://www.necitguy.com/?r
>_______________________________________________
>owasp-testing mailing list
>owasp-testing at lists.sourceforge.net
>https://lists.sourceforge.net/lists/listinfo/owasp-testing

_________________________________________________________________
Go where quality Irish singles meet - get FREE Match.com membership! 
http://match.msn.ie





More information about the Owasp-testing mailing list