[Owasp-testing] Kicking off the code review guide (again)

Eoin eoinkeary at gmail.com
Thu Jan 4 04:55:26 EST 2007


>
>  Hi,
>

Questions re the code review guide so far as follows:

 Do you have an outline, or is that in development?

- Currently the outline is the current Code review. There are empty sections
in the guide at present that need to be worked on.
-The structure shall be similar to the testing guide in that the chapters
shall be by vulnerability. Each chapter shall have sub sections describing
the vulnerability for different languages if applicable. The existing
chapter structures adhere to this model (mostly).

Do we have a time line?:
-I'd like to get it done by the spring/summer (April/May)

Will this be a sponsored/Funded guide like the Testing Guide (Autumn of
Code)?
- TBD, but I shall be putting it forward if a "Spring of Code" occurs, but
success is not  guarenteed.

Why a Code review Guide?
- We have a development guide (The Guide), a testing guide (The OWASP
Testing Guide) and in my opinion a code review guide would fit in nicely.
Code review is paramount in Secure Application Development (SAD). More so
than testing ( I think).


Next steps:

Agree a structure.
Define sections and sub sections



cheers, -ek
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.owasp.org/pipermail/owasp-testing/attachments/20070104/2ded3bc1/attachment.html 


More information about the Owasp-testing mailing list