Hi, 
Guest
Pic
Sign In

wasc-satec@lists.webappsec.org

WASC Static Analysis Tool Evaluation Criteria

View all threads

How do we do the voting? : SATEC Categories - Please Vote Before Friday August 12th

MA
Mushtaq Ahmed (ITSNR)
Wed, Aug 10, 2011 9:31 AM

Dear Sherif,

would like to know how do you want me to vote ? Do you want me to send it thru email or on the web site. Kindly let me know more information on this. I am new to this so I might be asking questions which others might already know.

Further what about the requirements for the source code analyzer are they already covered. When I say requirements, what do we require from a source code scanner ? or if it will be covered going forward. Sorry if I have jumped the gun, or correct me if my understanding is wrong.

  1. Tool Setup and Installation

  2. Configuration and Project Setup

  3. Scan Coverage and Accuracy

  4. Triage and Remediation Process

  5. UI Simplicity and Intuitiveness

  6. Product Update Quality

  7. Product Maturity and Scalability

  8. Enterprise Offerings

  9. Reporting Capabilities

  10. Tool Customization and Automation

Regards,

Mushtaq

From: wasc-satec-request@lists.webappsec.org
Date: August 9, 2011 7:01:11 AM GMT+04:00
To: wasc-satec@lists.webappsec.org
Subject: wasc-satec Digest, Vol 3, Issue 2
Reply-To: wasc-satec@lists.webappsec.org

Send wasc-satec mailing list submissions to
   wasc-satec@lists.webappsec.org

To subscribe or unsubscribe via the World Wide Web, visit
   http://lists.webappsec.org/mailman/listinfo/wasc-satec_lists.webappsec.org

or, via email, send a message with subject or body 'help' to
   wasc-satec-request@lists.webappsec.org

You can reach the person managing the list at
   wasc-satec-owner@lists.webappsec.org

When replying, please edit your Subject line so it is more specific
than "Re: Contents of wasc-satec digest..."


Today's Topics:

  1. Re: SATEC Categories - Please Vote Before Friday    August 12th
     (Sherif Koussa)


----------------------------------------------------------------------

Message: 1
Date: Mon, 8 Aug 2011 16:10:30 -0400
From: Sherif Koussa <sherif.koussa@gmail.com>
To: wasc-satec@lists.webappsec.org
Subject: Re: [WASC-SATEC] SATEC Categories - Please Vote Before Friday
   August 12th
Message-ID:
   <CA+4St2C=qEir40tOZ37jPpLQ4n2cUdvNrw8_p2_V217Y-xPfZA@mail.gmail.com>
Content-Type: text/plain; charset="iso-8859-1"

To those who have been at BH\DC, I trust you guys made is safely back more
charged with good ideas and inspired from all the good talks (and fun) at
Vegas :)

Just a reminder that the voting deadline on the criteria categories is this
Friday at 11:59 PM. Looking forward to hearing from you all.

Regards,
Sherif


On Fri, Jul 29, 2011 at 11:44 PM, Sherif Koussa <sherif.koussa@gmail.com>wrote:




Agreed. Extending the deadline till the 12th of August

	 

	Regards,

	Sherif

	On Fri, Jul 29, 2011 at 11:20 PM, Robert A. <robert@webappsec.org> wrote:

	 

		Sherif,

		This week is blachat/defcon and many people on this list are likely going

		to be unavailable. I would suggest extending this to the following friday.

		 

		- Robert

		 

		 

		On Fri, 29 Jul 2011, Sherif Koussa wrote:

		 

		Hi All,

			 

			Now, that we got the scope and audience covered, let's get down to

			business.

			I would like to take votes on each of the suggested categories below.

			Kindly

			mark each one by either: KEEP, REMOVE or EDIT (and provide your suggested

			alternative)

			 

			 

			1. Tool Setup and Installation

			 

			2. Configuration and Project Setup

			 

			3. Scan Coverage and Accuracy

			 

			4. Triage and Remediation Process

			 

			5. UI Simplicity and Intuitiveness

			 

			6. Product Update Quality

			 

			7. Product Maturity and Scalability

			 

			8. Enterprise Offerings

			 

			9. Reporting Capabilities

			 

			10. Tool Customization and Automation

			 

			 

			I will keep the voting open until Friday August 5th. Looking forward to

			hear

			from you all.

			 

			 

			Regards,

			 

			Sherif

			 

			 

	 

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.webappsec.org/pipermail/wasc-satec_lists.webappsec.org/attachments/20110808/d560d9a4/attachment-0001.html>

------------------------------

_______________________________________________
wasc-satec mailing list
wasc-satec@lists.webappsec.org
http://lists.webappsec.org/mailman/listinfo/wasc-satec_lists.webappsec.org


End of wasc-satec Digest, Vol 3, Issue 2
****************************************
Dear Sherif, would like to know how do you want me to vote ? Do you want me to send it thru email or on the web site. Kindly let me know more information on this. I am new to this so I might be asking questions which others might already know. Further what about the requirements for the source code analyzer are they already covered. When I say requirements, what do we require from a source code scanner ? or if it will be covered going forward. Sorry if I have jumped the gun, or correct me if my understanding is wrong. 1. Tool Setup and Installation 2. Configuration and Project Setup 3. Scan Coverage and Accuracy 4. Triage and Remediation Process 5. UI Simplicity and Intuitiveness 6. Product Update Quality 7. Product Maturity and Scalability 8. Enterprise Offerings 9. Reporting Capabilities 10. Tool Customization and Automation Regards, Mushtaq From: wasc-satec-request@lists.webappsec.org Date: August 9, 2011 7:01:11 AM GMT+04:00 To: wasc-satec@lists.webappsec.org Subject: wasc-satec Digest, Vol 3, Issue 2 Reply-To: wasc-satec@lists.webappsec.org Send wasc-satec mailing list submissions to wasc-satec@lists.webappsec.org To subscribe or unsubscribe via the World Wide Web, visit http://lists.webappsec.org/mailman/listinfo/wasc-satec_lists.webappsec.org or, via email, send a message with subject or body 'help' to wasc-satec-request@lists.webappsec.org You can reach the person managing the list at wasc-satec-owner@lists.webappsec.org When replying, please edit your Subject line so it is more specific than "Re: Contents of wasc-satec digest..." Today's Topics: 1. Re: SATEC Categories - Please Vote Before Friday August 12th (Sherif Koussa) ---------------------------------------------------------------------- Message: 1 Date: Mon, 8 Aug 2011 16:10:30 -0400 From: Sherif Koussa <sherif.koussa@gmail.com> To: wasc-satec@lists.webappsec.org Subject: Re: [WASC-SATEC] SATEC Categories - Please Vote Before Friday August 12th Message-ID: <CA+4St2C=qEir40tOZ37jPpLQ4n2cUdvNrw8_p2_V217Y-xPfZA@mail.gmail.com> Content-Type: text/plain; charset="iso-8859-1" To those who have been at BH\DC, I trust you guys made is safely back more charged with good ideas and inspired from all the good talks (and fun) at Vegas :) Just a reminder that the voting deadline on the criteria categories is this Friday at 11:59 PM. Looking forward to hearing from you all. Regards, Sherif On Fri, Jul 29, 2011 at 11:44 PM, Sherif Koussa <sherif.koussa@gmail.com>wrote: Agreed. Extending the deadline till the 12th of August Regards, Sherif On Fri, Jul 29, 2011 at 11:20 PM, Robert A. <robert@webappsec.org> wrote: Sherif, This week is blachat/defcon and many people on this list are likely going to be unavailable. I would suggest extending this to the following friday. - Robert On Fri, 29 Jul 2011, Sherif Koussa wrote: Hi All, Now, that we got the scope and audience covered, let's get down to business. I would like to take votes on each of the suggested categories below. Kindly mark each one by either: KEEP, REMOVE or EDIT (and provide your suggested alternative) 1. Tool Setup and Installation 2. Configuration and Project Setup 3. Scan Coverage and Accuracy 4. Triage and Remediation Process 5. UI Simplicity and Intuitiveness 6. Product Update Quality 7. Product Maturity and Scalability 8. Enterprise Offerings 9. Reporting Capabilities 10. Tool Customization and Automation I will keep the voting open until Friday August 5th. Looking forward to hear from you all. Regards, Sherif -------------- next part -------------- An HTML attachment was scrubbed... URL: <http://lists.webappsec.org/pipermail/wasc-satec_lists.webappsec.org/attachments/20110808/d560d9a4/attachment-0001.html> ------------------------------ _______________________________________________ wasc-satec mailing list wasc-satec@lists.webappsec.org http://lists.webappsec.org/mailman/listinfo/wasc-satec_lists.webappsec.org End of wasc-satec Digest, Vol 3, Issue 2 ****************************************
SK
Sherif Koussa
Wed, Aug 10, 2011 1:33 PM

Hi Mushtaq,

Simply copy the list from the email I sent earlier, reply to this email and
mark each one of the suggested categories by one of the following:

1- KEEP
2- REMOVE
3- EDIT (and provide your suggested alternative)

So the idea is, if enough people are suggesting a change to a category then
it is probably worth to change it, and the same if enough people agree on a
category then it should stay.....etc

This way we are collectively choosing the criteria that are important while
evaluating SCA tools. Next, we are going to delve into sub-categories, to
get a list of the categories and their sub-categories, please visit
http://projects.webappsec.org/w/page/42093482/Static%20Analysis%20Tool%20Evaluation%20Criteria%20Working

Regards,
Sherif

On Wed, Aug 10, 2011 at 5:31 AM, Mushtaq Ahmed (ITSNR) <
mushtaq.ahmed@emirates.com> wrote:

Dear Sherif, ****

would like to know how do you want me to vote ? Do you want me to send it
thru email or on the web site. Kindly let me know more information on this.
I am new to this so I might be asking questions which others might already
know. ****

Further what about the requirements for the source code analyzer are they
already covered. When I say requirements, what do we require from a source
code scanner ? or if it will be covered going forward. Sorry if I have
jumped the gun, or correct me if my understanding is wrong. ****

  1. Tool Setup and Installation****
  1. Configuration and Project Setup****
  1. Scan Coverage and Accuracy****
  1. Triage and Remediation Process****
  1. UI Simplicity and Intuitiveness****
  1. Product Update Quality****
  1. Product Maturity and Scalability****
  1. Enterprise Offerings****
  1. Reporting Capabilities****
  1. Tool Customization and Automation****

Regards, ****

Mushtaq****

From: wasc-satec-request@lists.webappsec.org
Date: August 9, 2011 7:01:11 AM GMT+04:00
To: wasc-satec@lists.webappsec.org
Subject: wasc-satec Digest, Vol 3, Issue 2
Reply-To: wasc-satec@lists.webappsec.org****

Send wasc-satec mailing list submissions to
wasc-satec@lists.webappsec.org

To subscribe or unsubscribe via the World Wide Web, visit

http://lists.webappsec.org/mailman/listinfo/wasc-satec_lists.webappsec.org

or, via email, send a message with subject or body 'help' to
wasc-satec-request@lists.webappsec.org

You can reach the person managing the list at
wasc-satec-owner@lists.webappsec.org

When replying, please edit your Subject line so it is more specific
than "Re: Contents of wasc-satec digest..."

Today's Topics:

  1. Re: SATEC Categories - Please Vote Before Friday    August 12th
    (Sherif Koussa)

Message: 1
Date: Mon, 8 Aug 2011 16:10:30 -0400
From: Sherif Koussa sherif.koussa@gmail.com
To: wasc-satec@lists.webappsec.org
Subject: Re: [WASC-SATEC] SATEC Categories - Please Vote Before Friday
August 12th
Message-ID:
CA+4St2C=qEir40tOZ37jPpLQ4n2cUdvNrw8_p2_V217Y-xPfZA@mail.gmail.com
Content-Type: text/plain; charset="iso-8859-1"

To those who have been at BH\DC, I trust you guys made is safely back more
charged with good ideas and inspired from all the good talks (and fun) at
Vegas :)

Just a reminder that the voting deadline on the criteria categories is this
Friday at 11:59 PM. Looking forward to hearing from you all.

Regards,
Sherif

On Fri, Jul 29, 2011 at 11:44 PM, Sherif Koussa <sherif.koussa@gmail.com

wrote:

Agreed. Extending the deadline till the 12th of August****

Regards,****

Sherif****

On Fri, Jul 29, 2011 at 11:20 PM, Robert A. robert@webappsec.org wrote:*

Sherif,****

This week is blachat/defcon and many people on this list are likely going*

to be unavailable. I would suggest extending this to the following friday.

  • Robert****

On Fri, 29 Jul 2011, Sherif Koussa wrote:****

Hi All,****

Now, that we got the scope and audience covered, let's get down to****

business.****

I would like to take votes on each of the suggested categories below.****

Kindly****

mark each one by either: KEEP, REMOVE or EDIT (and provide your suggested*

alternative)****

  1. Tool Setup and Installation****
  1. Configuration and Project Setup****
  1. Scan Coverage and Accuracy****
  1. Triage and Remediation Process****
  1. UI Simplicity and Intuitiveness****
  1. Product Update Quality****
  1. Product Maturity and Scalability****
  1. Enterprise Offerings****
  1. Reporting Capabilities****
  1. Tool Customization and Automation****

I will keep the voting open until Friday August 5th. Looking forward to***
*

hear****

from you all.****

Regards,****

Sherif****

Hi Mushtaq, Simply copy the list from the email I sent earlier, reply to this email and mark each one of the suggested categories by one of the following: 1- KEEP 2- REMOVE 3- EDIT (and provide your suggested alternative) So the idea is, if enough people are suggesting a change to a category then it is probably worth to change it, and the same if enough people agree on a category then it should stay.....etc This way we are collectively choosing the criteria that are important while evaluating SCA tools. Next, we are going to delve into sub-categories, to get a list of the categories and their sub-categories, please visit http://projects.webappsec.org/w/page/42093482/Static%20Analysis%20Tool%20Evaluation%20Criteria%20Working Regards, Sherif On Wed, Aug 10, 2011 at 5:31 AM, Mushtaq Ahmed (ITSNR) < mushtaq.ahmed@emirates.com> wrote: > Dear Sherif, **** > > ** ** > > would like to know how do you want me to vote ? Do you want me to send it > thru email or on the web site. Kindly let me know more information on this. > I am new to this so I might be asking questions which others might already > know. **** > > ** ** > > Further what about the requirements for the source code analyzer are they > already covered. When I say requirements, what do we require from a source > code scanner ? or if it will be covered going forward. Sorry if I have > jumped the gun, or correct me if my understanding is wrong. **** > > ** ** > > ** ** > > 1. Tool Setup and Installation**** > > ** ** > > 2. Configuration and Project Setup**** > > ** ** > > 3. Scan Coverage and Accuracy**** > > ** ** > > 4. Triage and Remediation Process**** > > ** ** > > 5. UI Simplicity and Intuitiveness**** > > ** ** > > 6. Product Update Quality**** > > ** ** > > 7. Product Maturity and Scalability**** > > ** ** > > 8. Enterprise Offerings**** > > ** ** > > 9. Reporting Capabilities**** > > ** ** > > 10. Tool Customization and Automation**** > > ** ** > > Regards, **** > > Mushtaq**** > > ** ** > > *From:* wasc-satec-request@lists.webappsec.org > *Date:* August 9, 2011 7:01:11 AM GMT+04:00 > *To:* wasc-satec@lists.webappsec.org > *Subject:* *wasc-satec Digest, Vol 3, Issue 2* > *Reply-To:* wasc-satec@lists.webappsec.org**** > > Send wasc-satec mailing list submissions to > wasc-satec@lists.webappsec.org > > To subscribe or unsubscribe via the World Wide Web, visit > > http://lists.webappsec.org/mailman/listinfo/wasc-satec_lists.webappsec.org > > or, via email, send a message with subject or body 'help' to > wasc-satec-request@lists.webappsec.org > > You can reach the person managing the list at > wasc-satec-owner@lists.webappsec.org > > When replying, please edit your Subject line so it is more specific > than "Re: Contents of wasc-satec digest..." > > > Today's Topics: > > 1. Re: SATEC Categories - Please Vote Before Friday August 12th > (Sherif Koussa) > > > ---------------------------------------------------------------------- > > Message: 1 > Date: Mon, 8 Aug 2011 16:10:30 -0400 > From: Sherif Koussa <sherif.koussa@gmail.com> > To: wasc-satec@lists.webappsec.org > Subject: Re: [WASC-SATEC] SATEC Categories - Please Vote Before Friday > August 12th > Message-ID: > <CA+4St2C=qEir40tOZ37jPpLQ4n2cUdvNrw8_p2_V217Y-xPfZA@mail.gmail.com> > Content-Type: text/plain; charset="iso-8859-1" > > To those who have been at BH\DC, I trust you guys made is safely back more > charged with good ideas and inspired from all the good talks (and fun) at > Vegas :) > > Just a reminder that the voting deadline on the criteria categories is this > Friday at 11:59 PM. Looking forward to hearing from you all. > > Regards, > Sherif > > > On Fri, Jul 29, 2011 at 11:44 PM, Sherif Koussa <sherif.koussa@gmail.com > >wrote: > > > **** > > Agreed. Extending the deadline till the 12th of August**** > > ** ** > > Regards,**** > > Sherif**** > > On Fri, Jul 29, 2011 at 11:20 PM, Robert A. <robert@webappsec.org> wrote:* > *** > > ** ** > > Sherif,**** > > This week is blachat/defcon and many people on this list are likely going* > *** > > to be unavailable. I would suggest extending this to the following friday. > **** > > ** ** > > - Robert**** > > ** ** > > ** ** > > On Fri, 29 Jul 2011, Sherif Koussa wrote:**** > > ** ** > > Hi All,**** > > ** ** > > Now, that we got the scope and audience covered, let's get down to**** > > business.**** > > I would like to take votes on each of the suggested categories below.**** > > Kindly**** > > mark each one by either: KEEP, REMOVE or EDIT (and provide your suggested* > *** > > alternative)**** > > ** ** > > ** ** > > 1. Tool Setup and Installation**** > > ** ** > > 2. Configuration and Project Setup**** > > ** ** > > 3. Scan Coverage and Accuracy**** > > ** ** > > 4. Triage and Remediation Process**** > > ** ** > > 5. UI Simplicity and Intuitiveness**** > > ** ** > > 6. Product Update Quality**** > > ** ** > > 7. Product Maturity and Scalability**** > > ** ** > > 8. Enterprise Offerings**** > > ** ** > > 9. Reporting Capabilities**** > > ** ** > > 10. Tool Customization and Automation**** > > ** ** > > ** ** > > I will keep the voting open until Friday August 5th. Looking forward to*** > * > > hear**** > > from you all.**** > > ** ** > > ** ** > > Regards,**** > > ** ** > > Sherif**** > > ** ** > > ** ** > > ** ** > >
Empathy v1.0   2025 ©Harmonylists.com