[WASC-SATEC] Do we need two lists?
Benoit Guerette (OWASP)
gueb at owasp.org
Wed Oct 5 21:26:14 EDT 2011
Here is a part of my experience with one or two lists.
In our RFI, we included most of the current WASC-SATEC criterias,
without the 'quality' ones. The RFI answers count for x% of the
After the vendors filled the RFI, we asked for a live demo, and we
gave to the attendance an evaluation sheet. This sheet includes all
quality, simplicity, feeling, etc. criterias. It counts for x%
of the decision.
Pricing and other criterias are covered for x% of the decision, but
not related to IT, so I guess not valuable for this project.
So on our side, we have 2 lists.
More information about the wasc-satec