[WASC-SATEC] Do we need two lists?

Sherif Koussa sherif.koussa at gmail.com
Sat Oct 15 13:42:52 EDT 2011 

All,

For the sake of keeping this as simple as possible, we will stick to one
list for now. In addition, I will be proposing a new version of the
categories based on all the comments collected within the last few months.
Stay tuned.

Regards,
Sherif

On Thu, Sep 29, 2011 at 2:29 PM, Sherif Koussa <sherif.koussa at gmail.com>wrote:

> Hi All,
>
> The inspiration behind this idea came from the other thread on the
> direction and comments initiated by Romain and followed up by Ale, Benoit
> and Herman. However, this email is NOT intended to discuss that. This email
> is to get your opinion on whether we need two lists instead of one.
>
> *One List For Vendors to Fill:*
>
> This would include all the facts criteria such as what languages do you
> support, what OS? 32/64 bit OS....etc. Nice and simple with no "subjective"
> criteria.
>
>
> *One List For the Evaluation Team to Fill:*
>
> This would include basically what we think is still important but kinda on
> the subjective side of things, so for example, what are the skills necessary
> to run the tool? the vendor might say: none of minimal, while the evaluator
> when they actually try the tool might have a different opinion. Things like
> Number of False positives, while it is very dependent on the environment,
> language, application being scanned and probably a dozen other factors, but
> now when the evaluator try the tool, they would pretty much be able to
> compare apples to apples since they would be probably trying the different
> tool inside the same environments on the same applications.
>
> *So the bottom lines is,* there are criteria that are facts with no grey
> areas and these are up to the vendors to fill and there are criteria that
> are either subjective or not important to everyone and these are up to the
> evaluators to fill.
>
> I think using two lists instead of one would provide more value to the
> evaluators of SCA tools, streamline the process and provide the best of two
> worlds.
>
> *Do you guys think this makes sense?*
>
> Regards,
> Sherif
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.webappsec.org/pipermail/wasc-satec_lists.webappsec.org/attachments/20111015/6028c866/attachment.html>

More information about the wasc-satec mailing list