Mushtaq Ahmed - Reviewer -----Original Message----- From: wasc-satec-bounces@lists.webappsec.org [mailto:wasc-satec-bounces@lists.webappsec.org] On Behalf Of wasc-satec-request@lists.webappsec.org Sent: 10 January 2012 06:16 To: wasc-satec@lists.webappsec.org Subject: wasc-satec Digest, Vol 8, Issue 1 Send wasc-satec mailing list submissions to wasc-satec@lists.webappsec.org To subscribe or unsubscribe via the World Wide Web, visit http://lists.webappsec.org/mailman/listinfo/wasc-satec_lists.webappsec.o rg or, via email, send a message with subject or body 'help' to wasc-satec-request@lists.webappsec.org You can reach the person managing the list at wasc-satec-owner@lists.webappsec.org When replying, please edit your Subject line so it is more specific than "Re: Contents of wasc-satec digest..." Today's Topics: 1. Phase II: Are you an author or reviewer? (Sherif Koussa) 2. Re: Phase II: Are you an author or reviewer? (McGovern, James) 3. Re: Phase II: Are you an author or reviewer? (Sherif Koussa) ---------------------------------------------------------------------- Message: 1 Date: Mon, 9 Jan 2012 16:39:38 -0500 From: Sherif Koussa <sherif.koussa@gmail.com> To: wasc-satec@lists.webappsec.org Subject: [WASC-SATEC] Phase II: Are you an author or reviewer? Message-ID: <CA+4St2DNm_aaPVXog=dC7_9P0wQYPq530exF7SyH9pVb=m=qAw@mail.gmail.com> Content-Type: text/plain; charset="iso-8859-1" Hi All, So we have been working for about 4-5 months now, trying to figure out what matters most to software companies which may be trying to acquire a Static Code Analysis tool. I think we have a very good set of criteria, which were vetted several times, these were captured in the form of categories and sub-categories (headers and sub-headers mainly) in the Wiki page here http://projects.webappsec.org/w/page/42093482/Static%20Analysis%20Tool%2 0Evaluation%20Criteria%20Working . So now we got the categories and sub-categories locked down, we need to start the next phase, which is about fleshing the categories and sub-categories out and explain what each of them means. If you need an example, please visit the WASSEC project http://projects.webappsec.org/w/page/13246986/Web%20Application%20Securi ty%20Scanner%20Evaluation%20Criteria to get a sense of how the finished criteria would look like. Now, we need authors who are going to actually start fleshing out (write\explain) the categories and sub-categories and we need reviewers who will review the authors' work and suggest modifications. *if you have cycles in the next two month, please reply to this email with either "Author" or "Reviewer" to indicate the role you would like to play in the next period.* Ideally, we would like to keep the workload per contributor to less than 2 hours a week for the next two months. We should be able to achieve this considering that we have almost 40 people on this mailing list. Please let me know if you had any comments, suggestions or questions. Regards, Sherif