Getting ready for a radical change


Well, the most important thing I learnt while working on Owasp Orizon is that drawing a roadmap for a software tool, when you can work on it only on your spare time it’s useless.

It’s better to admit that the overall project development is based on a best effort approach. Everyone has his own personal side projects, everyone has to drive his professional carrier and everyone has a family to take care too, of course.
What am I trying to say? The following:

  • Q: Are you, Paolo, going to declare death the Owasp Orizon Project? A: Damn man, are you kidding me? No.
  • Q: Are you Paolo going to leave the project in an orphaned state? A: You’re so funny. The answer is still no, I’ll do my best to achieve some valuable results in the very near future.
  • Q: When the Owasp Orizon Project will be hitting the ground, helping the world to achieve a more secure code? A: I can’t predict the future. I can say that the updates you’ll find in this post will help me to be more productive in next goals, but I won’t drive a detailed roadmap anymore. It’s a failing action if you can’t work on your code everyday.

The first thing that drives me crazy and some Owasp fellows agreed to be a very key feature is the modeling engine.
The idea Stephen gave about relying on a parser generator is, of course, a winning one. But freecc parser generator seems to stall and the community support isn’t as strong as I supposed to be in a first time.
So, the idea is to rely on the more robust and widely accept as leader the facto parser generator: antlr.

Mirage is going to be completely rewritten from scratch, using antlr and its grammars. It will be a C language program.
I moved mirage to be a standalone project to achieve (I hope) more audience in the opensource developers community. Working on a multi language application modeler can drive on itself the attention by hackers and fellows that can be scared in working over a security static analysis tool. Yes, it seems that the word security keeps away developers. Don’t know why? I’ll check about this later.

So in the next months my energy will be directed to the mirage project. When we will have a reliable source code modeler, writing a security scan engine over it would be a quite affordable task.

Mirage will use redis as results storage during a scanning session so interaction between tools and the modeling engine will be as easy as possible.

So July is here.
Free time is lacking.
I’m working on other side projects and something more web oriented.
But mirage will be my summer project top priority.
And yes, we are not dead. Yet.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s




Blog Stats

  • 6,126 hits

My tweets


Follow

Get every new post delivered to your Inbox.

%d bloggers like this: