Projects/OWASP Code Review Project/Releases/Code Review Guide V2.0/Roadmap


 * A new version of the OWASP Code Review Guide (version 2.0) will be produced by January 2011.


 * Major enhancements:
 * Introduction to be re-written,
 * Approach to code review (Risk based approach)to be re-written, re designed,
 * Examples by Vulnerability and Technical control to be expanded and refined,
 * Common Numbering nomenclature to be used,
 * Cross reference to TG and ASVS to be done,
 * New sections on tools to be introduced,
 * Expand technology specific sections,
 * Section on RIA (Rich Internet applications) to be introduced,
 * WebServices section to be refined,
 * Malware and rootkit sections to be introduced,
 * PCI section to be rewritten with more x-reference to other guides.


 * Other ideas:
 * ESAPI section: how to review OWASP ESAPI implementations?
 * Risk based approach Vs ASVS levels,
 * Threat modeling and Triage chapters to be revised,
 * OWASP O2 section on O2 rules definition, development,
 * Crawling code: Additional search vectors to be added,
 * Section on Code Crawler, quick start & configuration guide.