[Owasp-topten] A9 - References - "OWASP Good Component Practices Project"

Christian Heinrich christian.heinrich at cmlh.id.au
Sun May 26 06:52:06 UTC 2013


Jeff and Dave,

I have just reviewed
https://www.owasp.org/index.php/OWASP_Good_Component_Practices_Project

The author is yet to add:

1.  Independent Verification (at least Dynamic Analysis) to
https://www.owasp.org/index.php/OWASP_Good_Component_Practices_Project#Consumption:_Selection_of_the_components_and_where_they_came_from_.28provenance.29

2.  Digital signatures and/or cryptographic hash functions to
https://www.owasp.org/index.php/OWASP_Good_Component_Practices_Project#Integration:_Component_management_within_the_development_environment

3. Continuous Integration within
https://www.owasp.org/index.php/OWASP_Good_Component_Practices_Project#Deployment:_Component_maintenance_within_the_production_environment

I am interested to know why you are quoting an OWASP Project that is
still under active development i.e. a number of changes were made
during the month of May i.e.
https://www.owasp.org/index.php?title=OWASP_Good_Component_Practices_Project&action=history
rather than wait for it to be reviewed under
https://www.owasp.org/index.php/Category:OWASP_Project#Project_Assessments
when it is completed?


-- 
Regards,
Christian Heinrich

http://cmlh.id.au/contact


More information about the Owasp-topten mailing list