This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit https://owasp.org

Difference between revisions of "Assessing Project Health"

From OWASP
Jump to: navigation, search
(Updated to reflect new revisions of the criteria v2)
Line 12: Line 12:
 
* The GPC agrees with the proposal, gathers some initial data from the security professional and creates a new project page.
 
* The GPC agrees with the proposal, gathers some initial data from the security professional and creates a new project page.
 
* The security professional, now the project lead, works on the project and creates a release which reaches Beta quality.
 
* The security professional, now the project lead, works on the project and creates a release which reaches Beta quality.
* The example project is still a new project but has a release of beta quality. It will be listed at the top of the new project list since it has a Beta quality release.
+
* The example project is still a new project but has a release of beta quality. It will be listed at the top of the new project list since it has a Beta quality release.
* The project lead continues to work on the project release and reaches a Quality release. The project site will then be assessed based on the criteria below and moved to the Established projects list.
+
* The project lead continues to work on the project release and reaches a Quality release. The project site will then be assessed based on the criteria below and moved to the Established projects list.
  
 
=== Project Site Criteria ===
 
=== Project Site Criteria ===
Line 25: Line 25:
 
# have a link to a working mail list?
 
# have a link to a working mail list?
 
# have a statement of the application security issue the project addresses?
 
# have a statement of the application security issue the project addresses?
 +
# have a project roadmap?
  
 
For OWASP project wiki pages, please see the Project Wiki Pages section of the [http://www.owasp.org/index.php/Guidelines_for_OWASP_Projects Guidelines for OWASP Projects] for additional suggestions/recommendations.
 
For OWASP project wiki pages, please see the Project Wiki Pages section of the [http://www.owasp.org/index.php/Guidelines_for_OWASP_Projects Guidelines for OWASP Projects] for additional suggestions/recommendations.

Revision as of 14:49, 27 April 2009


This is a DRAFT page still under review by the Global Projects Committee

This page is maintained by the Global Projects Committee to help assist Project Leaders with information about successfully running an OWASP Project. It will be updated from time to time, and changes will be discussed and announced on the OWASP-Leaders list.


Assessing Project Sites

Project sites themselves have a much simpler assessment criteria than releases. Project sites are categorized as either "New" or "Established". The best method to illustrate the difference is to explain the progress of an example project through these categories:

  • A security professional has an idea to address an issue in application security and proposes a new project to the Global Projects Committee (GPC).
  • The GPC agrees with the proposal, gathers some initial data from the security professional and creates a new project page.
  • The security professional, now the project lead, works on the project and creates a release which reaches Beta quality.
  • The example project is still a new project but has a release of beta quality. It will be listed at the top of the new project list since it has a Beta quality release.
  • The project lead continues to work on the project release and reaches a Quality release. The project site will then be assessed based on the criteria below and moved to the Established projects list.

Project Site Criteria

The following questions will be answered by the project lead or project maintainer and be reviewed by the Global Projects Committee:

  • Does the project site...
  1. have an up to date project template with current project information?
  2. have a conference style presentation that describes the tool in at least 3 slides?
  3. have a one sheet overview document about the project?
  4. have a link to a working mail list?
  5. have a statement of the application security issue the project addresses?
  6. have a project roadmap?

For OWASP project wiki pages, please see the Project Wiki Pages section of the Guidelines for OWASP Projects for additional suggestions/recommendations.

Archiving Project Sites

The exact criteria for archiving project sites has not yet been determined. However, the Global Projects Committee sees that an archive of projects that are kept for historical purposes will be needed. This page or subsequent pages will determine the situation under which project pages are archived.

Pre-existing project sites

The Global Projects Committee realizes that there are many current project sites which pre-existed the above assessment criteria. Those project sites will be reviewed and classified in the near future. The exact timing and methodology for addressing existing sites has not yet been determined.