Web Application Security
RE: WASC Announcement: Static Analysis Technologies Evaluation Criteria Published May 16 2013 04:30PM
Debasis Mohanty (dm mailinglists gmail com)
Good initiative! I feel one of the important element that is missing is the
"scoring mechanism". Based on what would you distinguish one product from
the other?

I created similar evaluation criteria nearly 7-8 years back for evaluating
SCA products using a QFD. That was the time I was introduced to 6-sigma and
thought a QFD is a best approach to have appropriate scoring for various
pilot parameters. However I never released it to the public. The reason was,
I wanted to make it a part of one of my secure SDLC initiative called
(OSFSS) - www.coffeeandsecurity.com which got delayed for several reasons.
Now since the cat is out, here is the SCA Pilot QFD
http://www.coffeeandsecurity.com/resources/osfss/docs/SCA_QFDv0.1.pdf . The
document is not complete yet and need to be updated. But the document does
cover various parameters based on which an effective pilot could be done.


-----Original Message-----
From: listbounce (at) securityfocus (dot) com [email concealed] [mailto:listbounce (at) securityfocus (dot) com [email concealed]] On
Behalf Of announcements (at) webappsec (dot) org [email concealed]
Sent: 10 May 2013 23:56
To: pen-test (at) securityfocus (dot) com [email concealed]
Subject: WASC Announcement: Static Analysis Technologies Evaluation Criteria

The Web Application Security Consortium (WASC) is pleased to announce the
Static Analysis Technologies Evaluation Criteria. The goal of the SATEC
project is to create a vendor-neutral set of criteria to help guide
application security professionals during the process of acquiring a static
code analysis technology that is intended to be used during source-code
driven security programs. This document provides a comprehensive list of
criteria that should be considered during the evaluation process. WASC
Static Analysis Technologies Evaluation Criteria

This list is sponsored by Cenzic
Let Us Hack You. Before Hackers Do!
It's Finally Here - The Cenzic Website HealthCheck. FREE.
Request Yours Now!

[ reply ]


Privacy Statement
Copyright 2010, SecurityFocus