Agreed. Extending the deadline till the 12th of August Regards, Sherif On Fri, Jul 29, 2011 at 11:20 PM, Robert A. <robert@webappsec.org> wrote: > Sherif, > This week is blachat/defcon and many people on this list are likely going > to be unavailable. I would suggest extending this to the following friday. > > - Robert > > > On Fri, 29 Jul 2011, Sherif Koussa wrote: > > Hi All, >> >> Now, that we got the scope and audience covered, let's get down to >> business. >> I would like to take votes on each of the suggested categories below. >> Kindly >> mark each one by either: KEEP, REMOVE or EDIT (and provide your suggested >> alternative) >> >> >> 1. Tool Setup and Installation >> >> 2. Configuration and Project Setup >> >> 3. Scan Coverage and Accuracy >> >> 4. Triage and Remediation Process >> >> 5. UI Simplicity and Intuitiveness >> >> 6. Product Update Quality >> >> 7. Product Maturity and Scalability >> >> 8. Enterprise Offerings >> >> 9. Reporting Capabilities >> >> 10. Tool Customization and Automation >> >> >> I will keep the voting open until Friday August 5th. Looking forward to >> hear >> from you all. >> >> >> Regards, >> >> Sherif >> >>

1. Tool Setup and Installation 2. Configuration and Project Setup 3. Scan Coverage and Accuracy 4. Triage and Remediation Process 5. UI Simplicity and Intuitiveness 6. Product Update Quality 7. Product Maturity and Scalability 8. Enterprise Offerings 9. Reporting Capabilities 10. Tool Customization and Automation In my opinion these are fine. Have you yet received any other comments? I wonder if there are any scanners available with automatic updating. Best regards, Henri Salo

Hi Henri, Thanks for your feedback. I got one more reply. Blackhat and Defcon are on this week so I suspect people are away for most of this week and more feedback to come in next week. The idea is to decide as a group on the criteria main categories. We are going to hold another vote on the criteria sub-categories, after which we will then start fleshing them out and peer-review them. Regards, Sherif On Thu, Aug 4, 2011 at 10:48 AM, Henri Salo <henri@nerv.fi> wrote: > 1. Tool Setup and Installation > 2. Configuration and Project Setup > 3. Scan Coverage and Accuracy > 4. Triage and Remediation Process > 5. UI Simplicity and Intuitiveness > 6. Product Update Quality > 7. Product Maturity and Scalability > 8. Enterprise Offerings > 9. Reporting Capabilities > 10. Tool Customization and Automation > > In my opinion these are fine. Have you yet received any other comments? I > wonder if there are any scanners available with automatic updating. > > Best regards, > Henri Salo > > _______________________________________________ > wasc-satec mailing list > wasc-satec@lists.webappsec.org > http://lists.webappsec.org/mailman/listinfo/wasc-satec_lists.webappsec.org >

To those who have been at BH\DC, I trust you guys made is safely back more charged with good ideas and inspired from all the good talks (and fun) at Vegas :) Just a reminder that the voting deadline on the criteria categories is this Friday at 11:59 PM. Looking forward to hearing from you all. Regards, Sherif On Fri, Jul 29, 2011 at 11:44 PM, Sherif Koussa <sherif.koussa@gmail.com>wrote: > Agreed. Extending the deadline till the 12th of August > > Regards, > Sherif > On Fri, Jul 29, 2011 at 11:20 PM, Robert A. <robert@webappsec.org> wrote: > >> Sherif, >> This week is blachat/defcon and many people on this list are likely going >> to be unavailable. I would suggest extending this to the following friday. >> >> - Robert >> >> >> On Fri, 29 Jul 2011, Sherif Koussa wrote: >> >> Hi All, >>> >>> Now, that we got the scope and audience covered, let's get down to >>> business. >>> I would like to take votes on each of the suggested categories below. >>> Kindly >>> mark each one by either: KEEP, REMOVE or EDIT (and provide your suggested >>> alternative) >>> >>> >>> 1. Tool Setup and Installation >>> >>> 2. Configuration and Project Setup >>> >>> 3. Scan Coverage and Accuracy >>> >>> 4. Triage and Remediation Process >>> >>> 5. UI Simplicity and Intuitiveness >>> >>> 6. Product Update Quality >>> >>> 7. Product Maturity and Scalability >>> >>> 8. Enterprise Offerings >>> >>> 9. Reporting Capabilities >>> >>> 10. Tool Customization and Automation >>> >>> >>> I will keep the voting open until Friday August 5th. Looking forward to >>> hear >>> from you all. >>> >>> >>> Regards, >>> >>> Sherif >>> >>> >

Hi Sherif, i agree with all points. As a developer I suggest a couple of edit, hope they are in the right point Thanks and regards Guido > > > 1. Tool Setup and Installation KEEP > 2. Configuration and Project Setup KEEP > 3. Scan Coverage and Accuracy and performance (time to feedback) KEEP > 4. Triage and Remediation Process KEEP > 5. UI Simplicity and Intuitiveness KEEP > 6. Product Update Quality KEEP > 7. Product Maturity and Scalability KEEP > 8. Enterprise Offerings and integration with most common IDE KEEP > 9. Reporting Capabilities KEEP > 10. Tool Customization and Automation KEEP Il giorno 08/ago/2011, alle ore 22:10, Sherif Koussa <sherif.koussa@gmail.com> ha scritto: > To those who have been at BH\DC, I trust you guys made is safely back more charged with good ideas and inspired from all the good talks (and fun) at Vegas :) > > Just a reminder that the voting deadline on the criteria categories is this Friday at 11:59 PM. Looking forward to hearing from you all. > > Regards, > Sherif > > > On Fri, Jul 29, 2011 at 11:44 PM, Sherif Koussa <sherif.koussa@gmail.com> wrote: > Agreed. Extending the deadline till the 12th of August > > Regards, > Sherif > On Fri, Jul 29, 2011 at 11:20 PM, Robert A. <robert@webappsec.org> wrote: > Sherif, > This week is blachat/defcon and many people on this list are likely going to be unavailable. I would suggest extending this to the following friday. > > - Robert > > > On Fri, 29 Jul 2011, Sherif Koussa wrote: > > Hi All, > > Now, that we got the scope and audience covered, let's get down to business. > I would like to take votes on each of the suggested categories below. Kindly > mark each one by either: KEEP, REMOVE or EDIT (and provide your suggested > alternative) > > > 1. Tool Setup and Installation > > 2. Configuration and Project Setup > > 3. Scan Coverage and Accuracy > > 4. Triage and Remediation Process > > 5. UI Simplicity and Intuitiveness > > 6. Product Update Quality > > 7. Product Maturity and Scalability > > 8. Enterprise Offerings > > 9. Reporting Capabilities > > 10. Tool Customization and Automation > > > I will keep the voting open until Friday August 5th. Looking forward to hear > from you all. > > > Regards, > > Sherif > > > > _______________________________________________ > wasc-satec mailing list > wasc-satec@lists.webappsec.org > http://lists.webappsec.org/mailman/listinfo/wasc-satec_lists.webappsec.org

I would think for #8 IDE integration would be non specific to Enterprises (although used by them for sure). So not sure that this should fit here. - Robert On Thu, 11 Aug 2011, Guido Pederzini wrote: > Hi Sherif, i agree with all points. As a developer I suggest a couple of edit, hope they are in the right point > Thanks and regards > Guido >> >> >> 1. Tool Setup and Installation KEEP >> 2. Configuration and Project Setup KEEP >> 3. Scan Coverage and Accuracy and performance (time to feedback) KEEP >> 4. Triage and Remediation Process KEEP >> 5. UI Simplicity and Intuitiveness KEEP >> 6. Product Update Quality KEEP >> 7. Product Maturity and Scalability KEEP >> 8. Enterprise Offerings and integration with most common IDE KEEP >> 9. Reporting Capabilities KEEP >> 10. Tool Customization and Automation KEEP > > > > > Il giorno 08/ago/2011, alle ore 22:10, Sherif Koussa <sherif.koussa@gmail.com> ha scritto: > >> To those who have been at BH\DC, I trust you guys made is safely back more charged with good ideas and inspired from all the good talks (and fun) at Vegas :) >> >> Just a reminder that the voting deadline on the criteria categories is this Friday at 11:59 PM. Looking forward to hearing from you all. >> >> Regards, >> Sherif >> >> >> On Fri, Jul 29, 2011 at 11:44 PM, Sherif Koussa <sherif.koussa@gmail.com> wrote: >> Agreed. Extending the deadline till the 12th of August >> >> Regards, >> Sherif >> On Fri, Jul 29, 2011 at 11:20 PM, Robert A. <robert@webappsec.org> wrote: >> Sherif, >> This week is blachat/defcon and many people on this list are likely going to be unavailable. I would suggest extending this to the following friday. >> >> - Robert >> >> >> On Fri, 29 Jul 2011, Sherif Koussa wrote: >> >> Hi All, >> >> Now, that we got the scope and audience covered, let's get down to business. >> I would like to take votes on each of the suggested categories below. Kindly >> mark each one by either: KEEP, REMOVE or EDIT (and provide your suggested >> alternative) >> >> >> 1. Tool Setup and Installation >> >> 2. Configuration and Project Setup >> >> 3. Scan Coverage and Accuracy >> >> 4. Triage and Remediation Process >> >> 5. UI Simplicity and Intuitiveness >> >> 6. Product Update Quality >> >> 7. Product Maturity and Scalability >> >> 8. Enterprise Offerings >> >> 9. Reporting Capabilities >> >> 10. Tool Customization and Automation >> >> >> I will keep the voting open until Friday August 5th. Looking forward to hear >> from you all. >> >> >> Regards, >> >> Sherif >> >> >> >> _______________________________________________ >> wasc-satec mailing list >> wasc-satec@lists.webappsec.org >> http://lists.webappsec.org/mailman/listinfo/wasc-satec_lists.webappsec.org >

To be clear I'm being nity picky about putting it 'with' enterprise, it probably should just stand on its own, or be a child element. Thoughts? - Robert On Thu, 11 Aug 2011, Robert A. wrote: > I would think for #8 IDE integration would be non specific to Enterprises > (although used by them for sure). So not sure that this should fit here. > > - Robert > > On Thu, 11 Aug 2011, Guido Pederzini wrote: > >> Hi Sherif, i agree with all points. As a developer I suggest a couple of >> edit, hope they are in the right point >> Thanks and regards >> Guido >>> >>> >>> 1. Tool Setup and Installation KEEP >>> 2. Configuration and Project Setup KEEP >>> 3. Scan Coverage and Accuracy and performance (time to feedback) KEEP >>> 4. Triage and Remediation Process KEEP >>> 5. UI Simplicity and Intuitiveness KEEP >>> 6. Product Update Quality KEEP >>> 7. Product Maturity and Scalability KEEP >>> 8. Enterprise Offerings and integration with most common IDE KEEP >>> 9. Reporting Capabilities KEEP >>> 10. Tool Customization and Automation KEEP >> >> >> >> >> Il giorno 08/ago/2011, alle ore 22:10, Sherif Koussa >> <sherif.koussa@gmail.com> ha scritto: >> >>> To those who have been at BH\DC, I trust you guys made is safely back more >>> charged with good ideas and inspired from all the good talks (and fun) at >>> Vegas :) >>> >>> Just a reminder that the voting deadline on the criteria categories is >>> this Friday at 11:59 PM. Looking forward to hearing from you all. >>> >>> Regards, >>> Sherif >>> >>> >>> On Fri, Jul 29, 2011 at 11:44 PM, Sherif Koussa <sherif.koussa@gmail.com> >>> wrote: >>> Agreed. Extending the deadline till the 12th of August >>> >>> Regards, >>> Sherif >>> On Fri, Jul 29, 2011 at 11:20 PM, Robert A. <robert@webappsec.org> wrote: >>> Sherif, >>> This week is blachat/defcon and many people on this list are likely going >>> to be unavailable. I would suggest extending this to the following friday. >>> >>> - Robert >>> >>> >>> On Fri, 29 Jul 2011, Sherif Koussa wrote: >>> >>> Hi All, >>> >>> Now, that we got the scope and audience covered, let's get down to >>> business. >>> I would like to take votes on each of the suggested categories below. >>> Kindly >>> mark each one by either: KEEP, REMOVE or EDIT (and provide your suggested >>> alternative) >>> >>> >>> 1. Tool Setup and Installation >>> >>> 2. Configuration and Project Setup >>> >>> 3. Scan Coverage and Accuracy >>> >>> 4. Triage and Remediation Process >>> >>> 5. UI Simplicity and Intuitiveness >>> >>> 6. Product Update Quality >>> >>> 7. Product Maturity and Scalability >>> >>> 8. Enterprise Offerings >>> >>> 9. Reporting Capabilities >>> >>> 10. Tool Customization and Automation >>> >>> >>> I will keep the voting open until Friday August 5th. Looking forward to >>> hear >>> from you all. >>> >>> >>> Regards, >>> >>> Sherif >>> >>> >>> >>> _______________________________________________ >>> wasc-satec mailing list >>> wasc-satec@lists.webappsec.org >>> http://lists.webappsec.org/mailman/listinfo/wasc-satec_lists.webappsec.org >> > > _______________________________________________ > wasc-satec mailing list > wasc-satec@lists.webappsec.org > http://lists.webappsec.org/mailman/listinfo/wasc-satec_lists.webappsec.org >

It is covered under #5 UI Simplicity and Intuitiveness Regards, Sherif On Thu, Aug 11, 2011 at 8:16 PM, Robert A. <robert@webappsec.org> wrote: > To be clear I'm being nity picky about putting it 'with' enterprise, it > probably should just stand on its own, or be a child element. > > Thoughts? > - Robert > > > On Thu, 11 Aug 2011, Robert A. wrote: > > I would think for #8 IDE integration would be non specific to Enterprises >> (although used by them for sure). So not sure that this should fit here. >> >> - Robert >> >> On Thu, 11 Aug 2011, Guido Pederzini wrote: >> >> Hi Sherif, i agree with all points. As a developer I suggest a couple of >>> edit, hope they are in the right point >>> Thanks and regards >>> Guido >>> >>>> >>>> >>>> 1. Tool Setup and Installation KEEP >>>> 2. Configuration and Project Setup KEEP >>>> 3. Scan Coverage and Accuracy and performance (time to feedback) KEEP >>>> 4. Triage and Remediation Process KEEP >>>> 5. UI Simplicity and Intuitiveness KEEP >>>> 6. Product Update Quality KEEP >>>> 7. Product Maturity and Scalability KEEP >>>> 8. Enterprise Offerings and integration with most common IDE KEEP >>>> 9. Reporting Capabilities KEEP >>>> 10. Tool Customization and Automation KEEP >>>> >>> >>> >>> >>> >>> Il giorno 08/ago/2011, alle ore 22:10, Sherif Koussa < >>> sherif.koussa@gmail.com> ha scritto: >>> >>> To those who have been at BH\DC, I trust you guys made is safely back >>>> more charged with good ideas and inspired from all the good talks (and fun) >>>> at Vegas :) >>>> >>>> Just a reminder that the voting deadline on the criteria categories is >>>> this Friday at 11:59 PM. Looking forward to hearing from you all. >>>> >>>> Regards, >>>> Sherif >>>> >>>> >>>> On Fri, Jul 29, 2011 at 11:44 PM, Sherif Koussa < >>>> sherif.koussa@gmail.com> wrote: >>>> Agreed. Extending the deadline till the 12th of August >>>> >>>> Regards, >>>> Sherif >>>> On Fri, Jul 29, 2011 at 11:20 PM, Robert A. <robert@webappsec.org> >>>> wrote: >>>> Sherif, >>>> This week is blachat/defcon and many people on this list are likely >>>> going to be unavailable. I would suggest extending this to the following >>>> friday. >>>> >>>> - Robert >>>> >>>> >>>> On Fri, 29 Jul 2011, Sherif Koussa wrote: >>>> >>>> Hi All, >>>> >>>> Now, that we got the scope and audience covered, let's get down to >>>> business. >>>> I would like to take votes on each of the suggested categories below. >>>> Kindly >>>> mark each one by either: KEEP, REMOVE or EDIT (and provide your >>>> suggested >>>> alternative) >>>> >>>> >>>> 1. Tool Setup and Installation >>>> >>>> 2. Configuration and Project Setup >>>> >>>> 3. Scan Coverage and Accuracy >>>> >>>> 4. Triage and Remediation Process >>>> >>>> 5. UI Simplicity and Intuitiveness >>>> >>>> 6. Product Update Quality >>>> >>>> 7. Product Maturity and Scalability >>>> >>>> 8. Enterprise Offerings >>>> >>>> 9. Reporting Capabilities >>>> >>>> 10. Tool Customization and Automation >>>> >>>> >>>> I will keep the voting open until Friday August 5th. Looking forward to >>>> hear >>>> from you all. >>>> >>>> >>>> Regards, >>>> >>>> Sherif >>>> >>>> >>>> >>>> ______________________________**_________________ >>>> wasc-satec mailing list >>>> wasc-satec@lists.webappsec.org >>>> http://lists.webappsec.org/**mailman/listinfo/wasc-satec_** >>>> lists.webappsec.org<http://lists.webappsec.org/mailman/listinfo/wasc-satec_lists.webappsec.org> >>>> >>> >>> >> ______________________________**_________________ >> wasc-satec mailing list >> wasc-satec@lists.webappsec.org >> http://lists.webappsec.org/**mailman/listinfo/wasc-satec_** >> lists.webappsec.org<http://lists.webappsec.org/mailman/listinfo/wasc-satec_lists.webappsec.org> >> >> > ______________________________**_________________ > wasc-satec mailing list > wasc-satec@lists.webappsec.org > http://lists.webappsec.org/**mailman/listinfo/wasc-satec_** > lists.webappsec.org<http://lists.webappsec.org/mailman/listinfo/wasc-satec_lists.webappsec.org> >