Monday, December 9, 2013

Code Review Guide Project: Message from Project Leader Larry Conklin

I am need for authors to sign up for the following….
  1. Manual Review - Pros and Cons (https://www.owasp.org/index.php/CRV2_ManualReviewProsCons)
  2. 360 Review: Coupling source code review and Testing / Hybrid Reviews (https://www.owasp.org/index.php/CRV2_360Review)
  3. Code Review Approach (https://www.owasp.org/index.php/CRV2_CodeReviewApproach) I am not sure about this subject. It seems to me it would be covered in the above section under Code Review Introduction.
  4. Application Threat Modeling (https://www.owasp.org/index.php/CRV2_AppThreatModeling) Update this section. I am going to take this one.
  5. Understanding Code layout/Design/Architecture (https://www.owasp.org/index.php/CRV2_CodeLayoutDesignArch)
  6. SDLC Integration (https://www.owasp.org/index.php/CRV2_SDLCInt) Update this section
  7. Secure Deployment Configuration (https://www.owasp.org/index.php/CRV2_SecDepConfig)
  8. Metrics and Code Review (https://www.owasp.org/index.php/CRV2_MetricsCodeRev) Update this section
  9. Source and sink reviews (https://www.owasp.org/index.php/CRV2_SourceSinkRev)
  10. Code Review Coverage (https://www.owasp.org/index.php/CRV2_CodeRevCoverage) Update this section
  11. Risk based approach to Code Review (https://www.owasp.org/index.php/CRV2_RiskBasedApproach)  I am not sure about this subject. It seems to me it would be covered in the above section under Coder Review Introduction.
  12. Code Review and Compliance (https://www.owasp.org/index.php/CRV2_CodeRevCompliance)  Update this section
I am hoping we can get these twelve articles done by the first of the year. Hey its christmas time of the year for some of us so 12 articles and 12 days of christmas kinda go together. :-) 

Authors if you want to write other content please do so. We have a lot of work already completed In trying to get the holes filled in for the for the first two sections this way we can get reviewers to begging on the first two sections and make some changes to the structure of the content so it is more in book form. 

I have taken off names of authors who have not contributed any work. If your name was talked off and you wish to contribute to this project you can. You have not been kicked off the project. I need to make sure content gets created and we have great technical content. Your name hanging out there with no contribution may discourage another author in helping with the subject.  

All, We need to finish this book. Please do not sign up for more then one article at a time. You can do more than one article but lets concentrate on one thing at a time.

Remember…Write in the Wiki, Write often, Have fun.

Larry Conklin, CISSP

No comments: