This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit

Guidelines for Reviewing OWASP projects

Jump to: navigation, search

This page will contain detailed guidelines for OWASP Project reviewers (usually part of a Season of Code initiative or when a project is reviewed according with the Project Assessment Criteria):

  • Be reasonably easy to use
  • Include online documention built into tool (based on required user documentation)
  • Include build scripts that facilitate building the application from source (Goal: One-click build)
  • Publicly accessible bug tracking system established, ideally at the same place as the source code repository (e.g., at Google code, or Sourceforge)
  • Be run through Fortify Software's open source review (if appropriate) and FindBugs.
  • When approved to be Release Quality: Update the link to it on: the OWASP Project page and update its project quality tag on its project page to be Release Quality.

a review undertaking consists at least in the following tasks.

  1. Make sure that the project’s roadmap has been accomplished,
  2. Having into account which was the project’s status target (Quality Status in this case), check project stage/features against the OWASP Assessment Criteria,
  3. Point out scientific/technical and methodological mistakes, propose paths to follow, propose tools and documentation/bibliography to be studied and consulted.

More details here:

The guidelines need to be linked here:

And here is an example of an assessment Google excel spreadsheet check list: