Mushtaq Ahmed - Reviewer
-----Original Message-----
From: wasc-satec-bounces@lists.webappsec.org
[mailto:wasc-satec-bounces@lists.webappsec.org] On Behalf Of
wasc-satec-request@lists.webappsec.org
Sent: 10 January 2012 06:16
To: wasc-satec@lists.webappsec.org
Subject: wasc-satec Digest, Vol 8, Issue 1
Send wasc-satec mailing list submissions to
wasc-satec@lists.webappsec.org
To subscribe or unsubscribe via the World Wide Web, visit
http://lists.webappsec.org/mailman/listinfo/wasc-satec_lists.webappsec.o
rg
or, via email, send a message with subject or body 'help' to
wasc-satec-request@lists.webappsec.org
You can reach the person managing the list at
wasc-satec-owner@lists.webappsec.org
When replying, please edit your Subject line so it is more specific than
"Re: Contents of wasc-satec digest..."
Today's Topics:
- Phase II: Are you an author or reviewer? (Sherif Koussa)
- Re: Phase II: Are you an author or reviewer? (McGovern, James)
- Re: Phase II: Are you an author or reviewer? (Sherif Koussa)
Message: 1
Date: Mon, 9 Jan 2012 16:39:38 -0500
From: Sherif Koussa sherif.koussa@gmail.com
To: wasc-satec@lists.webappsec.org
Subject: [WASC-SATEC] Phase II: Are you an author or reviewer?
Message-ID:
CA+4St2DNm_aaPVXog=dC7_9P0wQYPq530exF7SyH9pVb=m=qAw@mail.gmail.com
Content-Type: text/plain; charset="iso-8859-1"
Hi All,
So we have been working for about 4-5 months now, trying to figure out
what matters most to software companies which may be trying to acquire a
Static Code Analysis tool. I think we have a very good set of criteria,
which were vetted several times, these were captured in the form of
categories and sub-categories (headers and sub-headers mainly) in the
Wiki page here
http://projects.webappsec.org/w/page/42093482/Static%20Analysis%20Tool%2
0Evaluation%20Criteria%20Working
.
So now we got the categories and sub-categories locked down, we need to
start the next phase, which is about fleshing the categories and
sub-categories out and explain what each of them means. If you need an
example, please visit the WASSEC project
http://projects.webappsec.org/w/page/13246986/Web%20Application%20Securi
ty%20Scanner%20Evaluation%20Criteria
to
get a sense of how the finished criteria would look like.
Now, we need authors who are going to actually start fleshing out
(write\explain) the categories and sub-categories and we need reviewers
who will review the authors' work and suggest modifications.
if you have cycles in the next two month, please reply to this email
with either "Author" or "Reviewer" to indicate the role you would like
to play in the next period.
Ideally, we would like to keep the workload per contributor to less than
2 hours a week for the next two months. We should be able to achieve
this considering that we have almost 40 people on this mailing list.
Please let me know if you had any comments, suggestions or questions.
Regards,
Sherif
Mushtaq Ahmed - Reviewer
-----Original Message-----
From: wasc-satec-bounces@lists.webappsec.org
[mailto:wasc-satec-bounces@lists.webappsec.org] On Behalf Of
wasc-satec-request@lists.webappsec.org
Sent: 10 January 2012 06:16
To: wasc-satec@lists.webappsec.org
Subject: wasc-satec Digest, Vol 8, Issue 1
Send wasc-satec mailing list submissions to
wasc-satec@lists.webappsec.org
To subscribe or unsubscribe via the World Wide Web, visit
http://lists.webappsec.org/mailman/listinfo/wasc-satec_lists.webappsec.o
rg
or, via email, send a message with subject or body 'help' to
wasc-satec-request@lists.webappsec.org
You can reach the person managing the list at
wasc-satec-owner@lists.webappsec.org
When replying, please edit your Subject line so it is more specific than
"Re: Contents of wasc-satec digest..."
Today's Topics:
1. Phase II: Are you an author or reviewer? (Sherif Koussa)
2. Re: Phase II: Are you an author or reviewer? (McGovern, James)
3. Re: Phase II: Are you an author or reviewer? (Sherif Koussa)
----------------------------------------------------------------------
Message: 1
Date: Mon, 9 Jan 2012 16:39:38 -0500
From: Sherif Koussa <sherif.koussa@gmail.com>
To: wasc-satec@lists.webappsec.org
Subject: [WASC-SATEC] Phase II: Are you an author or reviewer?
Message-ID:
<CA+4St2DNm_aaPVXog=dC7_9P0wQYPq530exF7SyH9pVb=m=qAw@mail.gmail.com>
Content-Type: text/plain; charset="iso-8859-1"
Hi All,
So we have been working for about 4-5 months now, trying to figure out
what matters most to software companies which may be trying to acquire a
Static Code Analysis tool. I think we have a very good set of criteria,
which were vetted several times, these were captured in the form of
categories and sub-categories (headers and sub-headers mainly) in the
Wiki page here
http://projects.webappsec.org/w/page/42093482/Static%20Analysis%20Tool%2
0Evaluation%20Criteria%20Working
.
So now we got the categories and sub-categories locked down, we need to
start the next phase, which is about fleshing the categories and
sub-categories out and explain what each of them means. If you need an
example, please visit the WASSEC project
http://projects.webappsec.org/w/page/13246986/Web%20Application%20Securi
ty%20Scanner%20Evaluation%20Criteria
to
get a sense of how the finished criteria would look like.
Now, we need authors who are going to actually start fleshing out
(write\explain) the categories and sub-categories and we need reviewers
who will review the authors' work and suggest modifications.
*if you have cycles in the next two month, please reply to this email
with either "Author" or "Reviewer" to indicate the role you would like
to play in the next period.*
Ideally, we would like to keep the workload per contributor to less than
2 hours a week for the next two months. We should be able to achieve
this considering that we have almost 40 people on this mailing list.
Please let me know if you had any comments, suggestions or questions.
Regards,
Sherif