For OWASP AND For SDLC

English! place to talk about OTRS development, programming and coding

Moderator: tto

sunny
OTRS expert
Posts: 50
Joined: 30 Aug 2011, 13:14
OTRS Version?: 3.2.16
Contact:

For OWASP AND For SDLC

Postby sunny » 09 Aug 2017, 12:36

For OWASP:
Has the OTRS application kept the OWASP guidelines in place during its development. If so, is there a sharable report or document available and how can it be sourced?
If the OWASP guidelines were not considered, is there a process or tool that will help report whether OTRS does comply or is within the specified guidelines?

For SDLC:
Has the OTRS application used a SDLC (Software Development Life cycle process). If so, which SDLC model has been used?

jojo
Moderator
Posts: 13900
Joined: 26 Jan 2007, 14:50
OTRS Version?: Git Master
Contact:

Re: For OWASP AND For SDLC

Postby jojo » 09 Aug 2017, 14:59

OTRS Group consider different guidelines like OWASP etc during development but there are no documents or reports to share.

As OTRS is used in a lot of security related areas it is regulary checked and also there is a mature vulnerability handling process in place
"Production": OTRS5, OTRS::ITSM5, SIRIOS 2.3
"Testing": OTRS git Master
OS: Ubuntu / Apache2/MySQL 5+

Never change Defaults.pm! :: Blog
Professional Services:: http://www.otrs.com :: enjoy@otrs.com


Return to “OTRS Developers”

Who is online

Users browsing this forum: No registered users and 2 guests