[ml] Orizon project invitation

[ Home | Liste | F.A.Q. | Risorse | Cerca... ]

[ Data: precedente | successivo | indice ] [ Argomento: precedente | successivo | indice ]

Archivio: Novembre 2006 ml@sikurezza.org
Soggetto: [ml] Orizon project invitation
Mittente: Paolo Perego
Data: Thu, 30 Nov 2006 00:30:42 +0100 (CET)

Hi guys,

Orizon is a new Owasp project, born while I was preparing a
speech that I gave at SMAU, an IT Business event that took place in
Milan last October.

[ Introduction to Orizon ]

I was researching about code review and safe coding methodologies and I
realized that none of the sample tools I collected shares knowledge
about the security checks that are to be applied to the source code.
While I understand such an approach in a proprietary tool, I find that
it does not properly address the problem.
My idea is that code review tools need to share a common library
that includes bad coding patterns, unsafe code snippets, well known
source code related security branches. Therefore I started working on a
code review engine, in fact the Orizon project.

Orizon's goal is to provide three things (where the third is a direct
consequence of the first two):
a) a repository of security checks to be applied to source code during
a tool assisted code review
b) a framework for building code review security tools. By saying a
framework I mean that Orizon will provide a set of API and objects
usable by third part developers to write their tools
c) as a consequence of points a) and b), Orizon will be a
security code review tool. A small source code assessment tool will be
implemented to show Orizon API usage and it will be used of course
during source code assessments.

Orizon will be developed using Java 5 language.

[ Invitation ]
This mail would like to be an invitation to join the project. As a
matter of fact, the design phase is almost done, and I'll release a
whitepaper describing the framework architecture by next week.
A SVN repository is already up at sourceforge (links are provided at
the bottom of this mail) with a java parser built using antlr and a very
silly source file statistics collector that needs further coding.
I invite all interested people to join orizon mailing list in order
to discuss framework internals, and "how the things need to be
done"... if you are a java coder, you're also invited to hack my
code of course.

[ Links ]
Orizon page @ owasp:
http://www.owasp.org/index.php/Category:OWASP_Orizon_Project
Join the Orizon mailing list:
http://lists.owasp.org/mailman/listinfo/owasp-orizon
Orizon homepage @ sf.net: http://orizon.sourceforge.net/

[ Thanks ]
Orizon would no exist without great tools such as lapse, pmd, rats,
splint, flawfinder. So if any of you is involved in these projects...
thank you :)


sp0nge

--
Diverso non necessariamente significa peggiore

Data:
- precedente: RE: [ml] Antivirus centralizzato, alternative, Domenico Viggiani
- successivo: [ml] [OT] Software per la gestione IT, Pignedoli Luca
- indice

Argomento:
- precedente: [ml] Uccidere un hacker, Stefano Chiccarelli
- successivo: [ml] [OT] Software per la gestione IT, Pignedoli Luca
- indice

[ Home | Liste | F.A.Q. | Risorse | Cerca... ]

www.sikurezza.org - Italian Security Mailing List
(c) 1999-2005