This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit

Research and Activities Criteria

Jump to: navigation, search

This page is maintained by the Global Projects Committee to help assist Project Leaders with information about successfully running an OWASP Project. It will be updated from time to time, and changes will be discussed and announced on the OWASP-Leaders list.

Research and Activities

Research and Activities represent an unique type of project release for OWASP. These projects generally fall into one of two categories:

  1. An umbrella project with several sub-projects. This can include sub-projects of either tools, documents or both.
  2. A project whose single releases consists of a mixture of tools and documents.

For umbrella projects with sub-projects, each release will be evaluated as if it was part of an individual project. For example, the OWASP Guides project covers several documentation projects. Each separate guide's release (e.g. OWASP Testing Guide v3) will be evaluated as if it were a completely independent project. Another example is the OWASP ESAPI project. The OWASP ESAPI project contains many implementations in various programming languages. Each of these implementations will be treated as a separate project release in terms of assessing its quality. Such projects allow closely related projects to have a single project site while maintaining multiple, individual releases in various states of quality.

Projects which have mixed release types (tools and documents) in a single release will be evaluated by a subset of both the tool and documentation criteria. In the case that such a project is evaluated, the Global Projects Committee will determine which aspects of the tools and documentation apply to that project prior to that project's Alpha evaluation. The subset of criteria will be documented and used for that release until it reaches a Quality release. This type of Activity and Research is not typical and is better handled on a case-by-case basis as opposed to trying to write an abstract enough criteria to handle all cases.