## page was renamed from AuditWishList == Audit Criteria Management Package == Currently there is [[http://svn.cacert.org/CAcert/Audit/DRC/|some PHP glue code]] that runs as a [[https://audit.cacert.org/drc/browser.php|browser of criteria]]. Blech. We could do better with a package. Meanwhile here are some requirements. * Search. * ability to add * auditor comments * auditor verification statements, per criteria * community comments * including responsibility marks * community member verification statements, per criteria * including client-signed attestation * view templates * add and drop comments, statements, etc * relationship columns from drc to webtrust, etc * horizontal reports * "blocked by" top 10. * ability to extract URLs for saving and sharing == Criteria == Although the DRC advance the state of the art dramatically, there are some potential flaws. * no criteria on * architecture, * security model, threat model? * business model? * no criteria on competence * cryptography, x.509, certs, PKI, OpenPGP, etc * software, implementation * law, contracts, liability, insurance, risks * general business * policy and management * disputes * need a criteria that discusses jurisdiction and relying parties + subscribers * should specify that an RPA is needed * need a criteria on the process for filing a dispute * could be a postal delivery of mail * or physical service * or net service * hmmm, A.3.b probably covers this. Any of these things could be a bug or a bonus. == CrowdIt == * [2010-10-06] Current modified DRP browser is named [[https://dev.fiddle.it/app/crowdit/search|CrowdIt]] ---- CategoryAudit