[Ssc-dev] Veracode Call and Server Questions

Bryan Nunez bryan at witness.org
Mon May 13 18:40:19 EDT 2013 

Hey Barbra,

Thanks for the information, the service is an automated review and works on
a yearly subscription basis.  So we can sign up and start testing even as
development continues.  Actually they recommend building the automated
testing into the commit process.  Funding wise, we need to wrap up with the
ISC grant by the end of May, so if we can get something testable before the
last week of May that would be ideal.  If not, I think we can get away with
just testing the client for the time being.

-Bryan


On Mon, May 13, 2013 at 6:01 PM, barbra <blmack at gmail.com> wrote:

> Hi Bryan
>
> It would be great if we could hold off just a few weeks before having the
> review. Is that possible in relation to the funding? I am redoing the api,
> which changes how the front-end connects, and now also includes a
> connection to solr. I could set something up by end of next week that they
> could test against if that works.
>
> And is currently php/lighttd/python/tornado/ + new stuff with solr/jetty.
> I would like to get this to python/tornado/solr/[jetty]
>
> -barbra
>
>
> On Mon, May 13, 2013 at 5:49 PM, Bryan Nunez <bryan at witness.org> wrote:
>
>> Hi all,
>>
>> I had a call with Veracode today and they had a few questions about the
>> server set up.  I'm not sure if the wiki is up to date since there's been a
>> lot of work on the server side.
>>
>> Is it still basically Python, CouchDB and LighttPD?
>>
>> The way they work is through automated scans of binaries you upload to
>> the service, for the server side they'll do automated penetration testing
>> depending on how the server is configured.  They charge yearly based on
>> project rather than seats and the regular commercial price is  between
>> $17000 - 15000 for a year's worth of automated testing.  Since we're
>> nonprofit and open source we should get a pretty good discount though I'm
>> not sure if our budget is still enough to cover it in the short term.
>>
>> Harlo and/or Barbra can you confirm the server config and let me know?
>>  I'd like to get back to them   and see what we can work out.
>>
>> Thanks,
>> Bryan
>>
>> --
>> Bryan Nunez
>> Technology Manager
>> WITNESS
>> +1 (718) 783-2000 x-348
>> GPG ID: 54E3286C7C631254
>> GPG Fingerprint: 6115 6A41 0F5A 9AA0 67B6 79D8 54E3 286C 7C63 1254
>>
>> Check out our Human Rights Channel <http://www.youtube.com/humanrights> on
>> YouTube
>>
>> _______________________________________________
>> Ssc-dev mailing list
>>
>> Post: Ssc-dev at lists.mayfirst.org
>> List info: https://lists.mayfirst.org/mailman/listinfo/ssc-dev
>>
>> To Unsubscribe
>>         Send email to:  Ssc-dev-unsubscribe at lists.mayfirst.org
>>         Or visit:
>> https://lists.mayfirst.org/mailman/options/ssc-dev/blmack%40gmail.com
>>
>> You are subscribed as: blmack at gmail.com
>>
>>
>


-- 
Bryan Nunez
Technology Manager
WITNESS
+1 (718) 783-2000 x-348
GPG ID: 54E3286C7C631254
GPG Fingerprint: 6115 6A41 0F5A 9AA0 67B6 79D8 54E3 286C 7C63 1254

Check out our Human Rights Channel <http://www.youtube.com/humanrights> on
YouTube
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.mayfirst.org/pipermail/ssc-dev/attachments/20130513/159ffcc9/attachment.html>

More information about the Ssc-dev mailing list