For OWASP AND For SDLC

English! place to talk about development, programming and coding
Post Reply
sunny
Znuny newbie
Posts: 68
Joined: 30 Aug 2011, 13:14
Znuny Version: 5.0.22
Real Name: Sunny
Contact:

For OWASP AND For SDLC

Post by sunny »

For OWASP:
Has the OTRS application kept the OWASP guidelines in place during its development. If so, is there a sharable report or document available and how can it be sourced?
If the OWASP guidelines were not considered, is there a process or tool that will help report whether OTRS does comply or is within the specified guidelines?

For SDLC:
Has the OTRS application used a SDLC (Software Development Life cycle process). If so, which SDLC model has been used?
jojo
Znuny guru
Posts: 15019
Joined: 26 Jan 2007, 14:50
Znuny Version: Git Master
Contact:

Re: For OWASP AND For SDLC

Post by jojo »

OTRS Group consider different guidelines like OWASP etc during development but there are no documents or reports to share.

As OTRS is used in a lot of security related areas it is regulary checked and also there is a mature vulnerability handling process in place
"Production": OTRS™ 8, OTRS™ 7, STORM powered by OTRS
"Testing": ((OTRS Community Edition)) and git Master

Never change Defaults.pm! :: Blog
Professional Services:: http://www.otrs.com :: enjoy@otrs.com
Post Reply