This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit https://owasp.org

Difference between revisions of "Assessing Project Health"

From OWASP
Jump to: navigation, search
(Modifications based on GPC meeting on April 27, 2009)
Line 7: Line 7:
  
 
=== Assessing Project Sites ===
 
=== Assessing Project Sites ===
Project sites themselves have a much simpler assessment criteria than releases.  Project sites are categorized as either "New" or "Established".  The best method to illustrate the difference is to explain the progress of an example project through these categories:
+
Project sites themselves have a much simpler assessment criteria than releases.  Project sites are categorized into three levels.  The best method to illustrate the difference is to explain the progress of an example project through these categories:
  
 
* A security professional has an idea to address an issue in application security and proposes a new project to the Global Projects Committee (GPC).
 
* A security professional has an idea to address an issue in application security and proposes a new project to the Global Projects Committee (GPC).
* The GPC agrees with the proposal, gathers some initial data from the security professional and creates a new project page.
+
* The GPC agrees with the proposal, gathers some initial data from the security professional and creates a new project page.  The site has reached level 0.
* The security professional, now the project lead, works on the project and creates a release which reaches Beta quality.
+
* The security professional, now the project lead, works on the project and creates a release which reaches Alpha quality.
* The example project is still a new project but has a release of beta quality. It will be listed at the top of the new project list since it has a Beta quality release.
+
* The project lead continues to work on the project, it gets reviewed and reaches Beta quality. The project has reached level 1.
* The project lead continues to work on the project release and reaches a Quality release. The project site will then be assessed based on the criteria below and moved to the Established projects list.
+
* The project lead continues to work on the project release and reaches a Quality release. Additional metrics are collected (the exact nature and method of collection is to be determined).  After reaching a to be specified metric, the site reaches level 2.
 +
 
 +
 
 +
=== Project Site Levels ===
 +
Project sites fall into three discrete levels:
 +
 
 +
* Level 0 - a project that is just beginning.  It is either a project with no releases or all releases no more then Alpha quality.
 +
* Level 1 - a project that has reviewed releases.  It is a project that has been reviewed by at least one project leader and has at least 1 release at Beta quality level.
 +
* Level 2 - Specifics for level 2 sites have not been determined yet.
 +
 
 +
Notes on Project Site Levels:
 +
# The site will be reviewed based on the Project Site Criteria below during any level change to ensure minimal project information is present.
 +
# Maintenance of the project site can be handled by either the Project Lead or the Project Maintainer if the project has one.
 +
# The Level 2 specification will be determined shortly.  Various logistic and practical aspects need to be determined.
 +
 
  
 
=== Project Site Criteria ===
 
=== Project Site Criteria ===
Line 35: Line 49:
 
=== Pre-existing project sites ===
 
=== Pre-existing project sites ===
  
The Global Projects Committee realizes that there are many current project sites which pre-existed the above assessment criteria.  Those project sites will be reviewed and classified in the near future.  The exact timing and methodology for addressing existing sites has not yet been determined.
+
The Global Projects Committee realizes that there are many current project sites which pre-existed the above assessment criteria.  Those project sites will be reviewed and classified in the near future.  The exact timing and methodology for addressing existing sites has not yet been determined.  The Global Projects Committee will first fully specify the new framework before working on mapping existing projects into the new framework.

Revision as of 14:56, 28 April 2009


This is a DRAFT page still under review by the Global Projects Committee

This page is maintained by the Global Projects Committee to help assist Project Leaders with information about successfully running an OWASP Project. It will be updated from time to time, and changes will be discussed and announced on the OWASP-Leaders list.


Assessing Project Sites

Project sites themselves have a much simpler assessment criteria than releases. Project sites are categorized into three levels. The best method to illustrate the difference is to explain the progress of an example project through these categories:

  • A security professional has an idea to address an issue in application security and proposes a new project to the Global Projects Committee (GPC).
  • The GPC agrees with the proposal, gathers some initial data from the security professional and creates a new project page. The site has reached level 0.
  • The security professional, now the project lead, works on the project and creates a release which reaches Alpha quality.
  • The project lead continues to work on the project, it gets reviewed and reaches Beta quality. The project has reached level 1.
  • The project lead continues to work on the project release and reaches a Quality release. Additional metrics are collected (the exact nature and method of collection is to be determined). After reaching a to be specified metric, the site reaches level 2.


Project Site Levels

Project sites fall into three discrete levels:

  • Level 0 - a project that is just beginning. It is either a project with no releases or all releases no more then Alpha quality.
  • Level 1 - a project that has reviewed releases. It is a project that has been reviewed by at least one project leader and has at least 1 release at Beta quality level.
  • Level 2 - Specifics for level 2 sites have not been determined yet.

Notes on Project Site Levels:

  1. The site will be reviewed based on the Project Site Criteria below during any level change to ensure minimal project information is present.
  2. Maintenance of the project site can be handled by either the Project Lead or the Project Maintainer if the project has one.
  3. The Level 2 specification will be determined shortly. Various logistic and practical aspects need to be determined.


Project Site Criteria

The following questions will be answered by the project lead or project maintainer and be reviewed by the Global Projects Committee:

  • Does the project site...
  1. have an up to date project template with current project information?
  2. have a conference style presentation that describes the tool in at least 3 slides?
  3. have a one sheet overview document about the project?
  4. have a link to a working mail list?
  5. have a statement of the application security issue the project addresses?
  6. have a project roadmap?

For OWASP project wiki pages, please see the Project Wiki Pages section of the Guidelines for OWASP Projects for additional suggestions/recommendations.

Archiving Project Sites

The exact criteria for archiving project sites has not yet been determined. However, the Global Projects Committee sees that an archive of projects that are kept for historical purposes will be needed. This page or subsequent pages will determine the situation under which project pages are archived.

Pre-existing project sites

The Global Projects Committee realizes that there are many current project sites which pre-existed the above assessment criteria. Those project sites will be reviewed and classified in the near future. The exact timing and methodology for addressing existing sites has not yet been determined. The Global Projects Committee will first fully specify the new framework before working on mapping existing projects into the new framework.