« Results of internet SSL usage published by SSL Labs | Main | Oracle website vulnerable to SQL Injection »

WASC Announcement: 'Static Analysis Tool Evaluation Criteria' Call For Participants

I sent the following out to The Web Security Mailing List (which I moderate) announcing a new WASC Project.

"The Web Application Security Consortium is pleased to announce a new project "Static Analysis Tool Evaluation Criteria (SATEC)".  Currently WASC is seeking volunteers from various sections of the community including security researchers, academics, vendors, software developers and security professionals.

A brief description of the project

This project will specifically define a common criteria for evaluation of SAST (Static Application Security Testing) tools for individual organizations. This evaluation criteria will not include information specific to any vendor nor will it even mention any vendor!This guide is intended to assist organizations in the procurement of SAST tools.

The project page can be found at

If you like to get involved with this project, please contact Sherif Koussa (sherif.koussa (@) gmail.com) ."



Feed You can follow this conversation by subscribing to the comment feed for this post.

All Comments are Moderated and will be delayed!