This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit https://owasp.org

Difference between revisions of "Tool Assessment Criteria"

From OWASP
Jump to: navigation, search
m
 
(12 intermediate revisions by 3 users not shown)
Line 1: Line 1:
 
[[Category:OWASP Project Assessment]]
 
[[Category:OWASP Project Assessment]]
 
This is a DRAFT page still under review by the [[Global Projects Committee]]
 
  
 
This page is maintained by the [[Global Projects Committee]] to help assist Project Leaders with information about successfully running an OWASP Project. It will be updated from time to time, and changes will be discussed and announced on the OWASP-Leaders list.
 
This page is maintained by the [[Global Projects Committee]] to help assist Project Leaders with information about successfully running an OWASP Project. It will be updated from time to time, and changes will be discussed and announced on the OWASP-Leaders list.
  
 
====Alpha Release Tool Criteria====
 
====Alpha Release Tool Criteria====
 +
 +
<!--<small>[[Blank Alpha Release Tool Example]]</small>-->
  
 
Pre-Assessment Checklist:
 
Pre-Assessment Checklist:
 +
# Is this release associated with a project containing at least the [[Assessing_Project_Health#Project_Wiki_Page_Minimal_Content|Project Wiki Page Minimum Content]]  information?
 
# Is your tool licensed under an open source license?  (see Project Licensing section of the [http://www.owasp.org/index.php/Guidelines_for_OWASP_Projects Guidelines for OWASP Projects])
 
# Is your tool licensed under an open source license?  (see Project Licensing section of the [http://www.owasp.org/index.php/Guidelines_for_OWASP_Projects Guidelines for OWASP Projects])
 
# Is the source code and any documentation available in an online project repository? (e.g. Google Code or Sourceforge site)  
 
# Is the source code and any documentation available in an online project repository? (e.g. Google Code or Sourceforge site)  
 
# Is there working code?
 
# Is there working code?
# Is there a roadmap for this project release which will take it from Alpha to Stable release?
+
# <strike>Is there a roadmap for this project release which will take it from Alpha to Stable release?</strike>
  
 
====Beta Release Tool Criteria====
 
====Beta Release Tool Criteria====
 +
 +
<!--<small>[[Blank Beta Release Tool Example]]</small>-->
  
 
Pre-Assessment Checklist:
 
Pre-Assessment Checklist:
Line 20: Line 23:
 
# Is there user documentation on the OWASP project wiki page?
 
# Is there user documentation on the OWASP project wiki page?
 
# Is there an "About box" or similar help item which lists:
 
# Is there an "About box" or similar help item which lists:
## Project Name
+
## Project Release Name
 
## Short Description
 
## Short Description
## Project Lead and contact information (e.g. email address)
+
## Project Release Lead and contact information (e.g. email address)
## Project Contributors (if any)
+
## Project Release Contributors (if any)
## License
+
## Project Release License
## Project Sponsors (if any)
+
## Project Release Sponsors (if any)
 
## Release status and date assessed as Month-Year e.g. March 2009
 
## Release status and date assessed as Month-Year e.g. March 2009
 
## Link to OWASP Project Page  
 
## Link to OWASP Project Page  
 
# Is there documentation on how to build the tool from source including obtaining the source from the code repository?
 
# Is there documentation on how to build the tool from source including obtaining the source from the code repository?
# Is the tool documentation stored in the same repository as the source code?
+
# Is the tool documentation stored in the same repository as the source code?  
  
  
Line 39: Line 42:
 
# Is the tool's documentation available with the source code and would it readily discoverable by a new user of the tool?
 
# Is the tool's documentation available with the source code and would it readily discoverable by a new user of the tool?
  
 +
====Stable Release Tool Criteria====
  
====Stable Release Tool Criteria====
+
<!--<small>[[Blank Stable Release Tool Example]]</small>-->
  
 
Pre-Assessment Checklist:
 
Pre-Assessment Checklist:

Latest revision as of 15:07, 13 November 2009


This page is maintained by the Global Projects Committee to help assist Project Leaders with information about successfully running an OWASP Project. It will be updated from time to time, and changes will be discussed and announced on the OWASP-Leaders list.

Alpha Release Tool Criteria

Pre-Assessment Checklist:

  1. Is this release associated with a project containing at least the Project Wiki Page Minimum Content information?
  2. Is your tool licensed under an open source license? (see Project Licensing section of the Guidelines for OWASP Projects)
  3. Is the source code and any documentation available in an online project repository? (e.g. Google Code or Sourceforge site)
  4. Is there working code?
  5. Is there a roadmap for this project release which will take it from Alpha to Stable release?

Beta Release Tool Criteria

Pre-Assessment Checklist:

  1. Are the Alpha pre-assessment items complete?
  2. Is there an installer or stand-alone executable?
  3. Is there user documentation on the OWASP project wiki page?
  4. Is there an "About box" or similar help item which lists:
    1. Project Release Name
    2. Short Description
    3. Project Release Lead and contact information (e.g. email address)
    4. Project Release Contributors (if any)
    5. Project Release License
    6. Project Release Sponsors (if any)
    7. Release status and date assessed as Month-Year e.g. March 2009
    8. Link to OWASP Project Page
  5. Is there documentation on how to build the tool from source including obtaining the source from the code repository?
  6. Is the tool documentation stored in the same repository as the source code?


Reviewer Action Items:

  1. Is an installer for the tool available and easy to use? How close does it reach the goal of a fully automated installer?
  2. Is the end user documentation complete, relevant and presented on the OWASP wiki page?
  3. Does the tool have an “About box” or similar help item which allows the end user to get an overview of the state of this tool? Is this information readily available and easy to find?
  4. Does the documentation on building the source provide the necessary information and detail to allow someone to build the tool? Is there sufficient detail and information for the target user? Is there any domain specific knowledge that is assumed and not provided?
  5. Is the tool's documentation available with the source code and would it readily discoverable by a new user of the tool?

Stable Release Tool Criteria

Pre-Assessment Checklist:

  1. Are the Alpha and Beta pre-assessment items complete?
  2. Does the tool include documentation built into the tool?
  3. Does the tool include build scripts to automate builds?
  4. Is there a publicly accessible bug tracking system?
  5. Have any existing limitations of the tool been documented?

Reviewer Action Items:

  1. Have all the Beta Reviewer Action Items been completed? These will need to be completed if they have not already occurred during a previous assessment.
  2. Does the tool substantially address the application security issues it was created to solve?
  3. Is the tool reasonably easy to use?
  4. Does the documentation meet the needs of the tool users and is easily found?
  5. Do the build scripts work as expected? Can you build the tool? The goal is a “One-click” build.
  6. Is the bug tracking system usable? Is it hosted at the same place as the source code? (e.g. Google Code, Sourceforge)
  7. Have you noted any limitations of the tool that are not already documented by the project lead.
  8. Would you consider using this tool in your day to day work assuming your professional work includes a reason to use this tool? Why or why not?
  9. What, if anything, is missing which would make this a more useful tool? Is what is missing critical enough to keep the release at a beta quality?