This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit https://owasp.org

Difference between revisions of "OWASP Live CD 2008 Project - Assessment Frame Experience"

From OWASP
Jump to: navigation, search
 
(4 intermediate revisions by the same user not shown)
Line 1: Line 1:
 
[[:Category:OWASP Live CD Project|Click here to return to project's main page]]<br>
 
[[:Category:OWASP Live CD Project|Click here to return to project's main page]]<br>
= RELEASE ASSESSMENT =
+
 
==== Project Leader ====
+
==== Release Leader ====
{|
+
 
  | style="width:100%; background:#white" align="left"|'''ALPHA RELEASE TOOL CRITERIA/PRE-ASSESSMENT CHECKLIST'''   
+
[[User:Mtesauro|'''Matt Tesauro's''']] - Self Assessment: 
 +
 
 +
{|style="width:100%; background:#white" align="left"
 +
  |style="width:100%; background:#white" align="left"|'''ALPHA RELEASE TOOL CRITERIA/PRE-ASSESSMENT CHECKLIST'''   
 
  |-  
 
  |-  
 
  | style="width:100%; background:#white" align="left"|1. Is your tool licensed under an open source license?   
 
  | style="width:100%; background:#white" align="left"|1. Is your tool licensed under an open source license?   
 
  |-  
 
  |-  
  | style="width:100%; background:#C2C2C2" align="left"|<!-- Answer to question 2 goes here -->
+
  | style="width:100%; background:#C2C2C2" align="left"|Answer to question 1 goes here. Same thing below.
 
  |-   
 
  |-   
 
  | style="width:100%; background:#white" align="left"|2. Is the source code and any documentation available in an online project repository? (e.g. Google Code or Sourceforge site)
 
  | style="width:100%; background:#white" align="left"|2. Is the source code and any documentation available in an online project repository? (e.g. Google Code or Sourceforge site)
Line 18: Line 21:
 
  |-  
 
  |-  
 
  | style="width:100%; background:#white" align="left"|4. Is there a roadmap for this project release which will take it from Alpha to Stable release?   
 
  | style="width:100%; background:#white" align="left"|4. Is there a roadmap for this project release which will take it from Alpha to Stable release?   
  | style="width:100%; background:#C2C2C2" align="left"|<!-- Answer to question 4 goes here -->  
+
|- 
  |}
+
  | style="width:100%; background:#C2C2C2" align="left"|<!-- Answer to question 4 goes here -->
{|
+
  |-
 +
| style="width:100%; background:#white" align="left"|<font color="white">Field to be kept blank
 +
|-
 
  | style="width:100%; background:#white" align="left"|'''BETA RELEASE TOOL CRITERIA/PRE-ASSESSMENT CHECKLIST'''  
 
  | style="width:100%; background:#white" align="left"|'''BETA RELEASE TOOL CRITERIA/PRE-ASSESSMENT CHECKLIST'''  
 
  |-  
 
  |-  
Line 54: Line 59:
 
  |-  
 
  |-  
 
  | style="width:100%; background:#C2C2C2" align="left"|<!-- Answer to question 6 goes here -->  
 
  | style="width:100%; background:#C2C2C2" align="left"|<!-- Answer to question 6 goes here -->  
 +
|-
 +
| style="width:100%; background:#white" align="left"|<font color="white">Field to be kept blank
 +
|-
 +
| style="width:100%; background:#white" align="left"|'''BETA RELEASE TOOL CRITERIA/REVIEWER ACTION ITEMS'''
 +
|-
 +
| style="width:100%; background:#white" align="left"|1. Is an installer for the tool available and easy to use? How close does it reach the goal of a fully automated installer?
 +
|-
 +
| style="width:100%; background:#C2C2C2" align="left"|<!-- Answer to question 1 goes here -->
 +
|- 
 +
| style="width:100%; background:#white" align="left"|2. Is the end user documentation complete, relevant and presented on the OWASP wiki page?
 +
|- 
 +
| style="width:100%; background:#C2C2C2" align="left"|<!-- Answer to question 2 goes here -->
 +
|-
 +
| style="width:100%; background:#white" align="left"|3. Does the tool have an “About box” or similar help item which allows the end user to get an overview of the state of this tool? Is this information readily available and easy to find?
 +
|-
 +
| style="width:100%; background:#C2C2C2" align="left"|<!-- Answer to question 3 goes here -->
 +
|-
 +
| style="width:100%; background:#white" align="left"|4. Does the documentation on building the source provide the necessary information and detail to allow someone to build the tool? Is there sufficient detail and information for the target user? Is there any domain specific knowledge that is assumed and not provided?
 +
|-
 +
| style="width:100%; background:#C2C2C2" align="left"|<!-- Answer to question 4 goes here -->
 +
|-
 +
| style="width:100%; background:#white" align="left"|5. Is the tool's documentation available with the source code and would it readily discoverable by a new user of the tool?
 +
|-
 +
| style="width:100%; background:#C2C2C2" align="left"|<!-- Answer to question 5 goes here -->
 +
|-
 +
| style="width:100%; background:#white" align="left"|<font color="white">Field to be kept blank
 +
|-
 +
| style="width:100%; background:#white" align="left"|'''STABLE RELEASE TOOL CRITERIA/PRE-ASSESSMENT CHECKLIST'''
 +
|-
 +
| style="width:100%; background:#white" align="left"|1. Are the Alpha and Beta pre-assessment items complete?
 +
|-
 +
| style="width:100%; background:#C2C2C2" align="left"|<!-- Answer to question 1 goes here -->
 +
|- 
 +
| style="width:100%; background:#white" align="left"|2. Does the tool include documentation built into the tool?
 +
|- 
 +
| style="width:100%; background:#C2C2C2" align="left"|<!-- Answer to question 2 goes here -->
 +
|-
 +
| style="width:100%; background:#white" align="left"|3. Does the tool include build scripts to automate builds?
 +
|-
 +
| style="width:100%; background:#C2C2C2" align="left"|<!-- Answer to question 3 goes here -->
 +
|-
 +
| style="width:100%; background:#white" align="left"|4. Is there a publicly accessible bug tracking system?
 +
|-
 +
| style="width:100%; background:#C2C2C2" align="left"|<!-- Answer to question 4 goes here -->
 +
|-
 +
| style="width:100%; background:#white" align="left"|5. Have any existing limitations of the tool been documented?
 +
|-
 +
| style="width:100%; background:#C2C2C2" align="left"|<!-- Answer to question 5 goes here -->
 +
|-
 +
| style="width:100%; background:#white" align="left"|<font color="white">Field to be kept blank
 +
|-
 +
| style="width:100%; background:#white" align="left"|'''STABLE RELEASE TOOL CRITERIA/REVIEWER ACTION ITEMS'''
 +
|-
 +
| style="width:100%; background:#white" align="left"|1. Have all the Beta Reviewer Action Items been completed? These will need to be completed if they have not already occurred during a previous assessment.
 +
|-
 +
| style="width:100%; background:#C2C2C2" align="left"|<!-- Answer to question 1 goes here -->
 +
|- 
 +
| style="width:100%; background:#white" align="left"|2. Does the tool substantially address the application security issues it was created to solve?
 +
|- 
 +
| style="width:100%; background:#C2C2C2" align="left"|<!-- Answer to question 2 goes here -->
 +
|-
 +
| style="width:100%; background:#white" align="left"|3. Is the tool reasonably easy to use?
 +
|-
 +
| style="width:100%; background:#C2C2C2" align="left"|<!-- Answer to question 3 goes here -->
 +
|-
 +
| style="width:100%; background:#white" align="left"|4. Does the documentation meet the needs of the tool users and is easily found? 
 +
|-
 +
| style="width:100%; background:#C2C2C2" align="left"|<!-- Answer to question 4 goes here -->
 +
|-
 +
| style="width:100%; background:#white" align="left"|5. Do the build scripts work as expected? Can you build the tool? The goal is a “One-click” build.
 +
|-
 +
| style="width:100%; background:#C2C2C2" align="left"|<!-- Answer to question 5 goes here -->
 +
|-
 +
| style="width:100%; background:#white" align="left"|6. Is the bug tracking system usable? Is it hosted at the same place as the source code? (e.g. Google Code, Sourceforge)
 +
|-
 +
| style="width:100%; background:#C2C2C2" align="left"|<!-- Answer to question 6 goes here -->
 +
|-
 +
| style="width:100%; background:#white" align="left"|7. Have you noted any limitations of the tool that are not already documented by the project lead.
 +
|-
 +
| style="width:100%; background:#C2C2C2" align="left"|<!-- Answer to question 7 goes here -->
 +
|-
 +
| style="width:100%; background:#white" align="left"|8. Would you consider using this tool in your day to day work assuming your professional work includes a reason to use this tool? Why or why not?
 +
|-
 +
| style="width:100%; background:#C2C2C2" align="left"|<!-- Answer to question 8 goes here -->
 +
|-
 +
| style="width:100%; background:#white" align="left"|9. What, if anything, is missing which would make this a more useful tool? Is what is missing critical enough to keep the release at a beta quality?
 +
|-
 +
| style="width:100%; background:#C2C2C2" align="left"|<!-- Answer to question 9 goes here -->
 
  |}
 
  |}
  
 +
==== First Reviewer ====
  
 +
==== Second Reviewer ====
  
 +
==== GPC/OWASP Board ====
  
  
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
Beta Release Tool Criteria
 
 
Pre-Assessment Checklist:
 
 
  1. Are the Alpha pre-assessment items complete?
 
  2. Is there an installer or stand-alone executable?
 
  3. Is there user documentation on the OWASP project wiki page?
 
  4. Is there an "About box" or similar help item which lists:
 
        1. Project Name
 
        2. Short Description
 
        3. Project Lead and contact information (e.g. email address)
 
        4. Project Contributors (if any)
 
        5. License
 
        6. Project Sponsors (if any)
 
        7. Release status and date assessed as Month-Year e.g. March 2009
 
        8. Link to OWASP Project Page
 
  5. Is there documentation on how to build the tool from source including obtaining the source from the code repository?
 
  6. Is the tool documentation stored in the same repository as the source code?
 
 
 
Reviewer Action Items:
 
 
  1. Is an installer for the tool available and easy to use? How close does it reach the goal of a fully automated installer?
 
  2. Is the end user documentation complete, relevant and presented on the OWASP wiki page?
 
  3. Does the tool have an “About box” or similar help item which allows the end user to get an overview of the state of this tool? Is this information readily available and easy to find?
 
  4. Does the documentation on building the source provide the necessary information and detail to allow someone to build the tool? Is there sufficient detail and information for the target user? Is there any domain specific knowledge that is assumed and not provided?
 
  5. Is the tool's documentation available with the source code and would it readily discoverable by a new user of the tool?
 
 
 
[edit] Stable Release Tool Criteria
 
 
Pre-Assessment Checklist:
 
 
  1. Are the Alpha and Beta pre-assessment items complete?
 
  2. Does the tool include documentation built into the tool?
 
  3. Does the tool include build scripts to automate builds?
 
  4. Is there a publicly accessible bug tracking system?
 
  5. Have any existing limitations of the tool been documented?
 
 
Reviewer Action Items:
 
 
  1. Have all the Beta Reviewer Action Items been completed? These will need to be completed if they have not already occurred during a previous assessment.
 
  2. Does the tool substantially address the application security issues it was created to solve?
 
  3. Is the tool reasonably easy to use?
 
  4. Does the documentation meet the needs of the tool users and is easily found?
 
  5. Do the build scripts work as expected? Can you build the tool? The goal is a “One-click” build.
 
  6. Is the bug tracking system usable? Is it hosted at the same place as the source code? (e.g. Google Code, Sourceforge)
 
  7. Have you noted any limitations of the tool that are not already documented by the project lead.
 
  8. Would you consider using this tool in your day to day work assuming your professional work includes a reason to use this tool? Why or why not?
 
  9. What, if anything, is missing which would make this a more useful tool? Is what is missing critical enough to keep the release at a beta quality?
 
 
==== First Reviewer ====
 
==== Second Reviewer ====
 
==== OWASP Board Member ====
 
  
  
 
__NOTOC__
 
__NOTOC__
 
<headertabs/>
 
<headertabs/>
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
{| style="width:100%" border="0" align="center"
 
! colspan="2" align="center" style="background:#4058A0; color:white"|<font color="white">'''PROJECT IDENTIFICATION'''
 
|-
 
| style="width:15%; background:#7B8ABD" align="center"|'''Project Name'''
 
| colspan="1" style="width:85%; background:#cccccc" align="left"|<font color="black">'''OWASP Live CD 2008 Project'''
 
|}
 
{| style="width:100%" border="0" align="center"
 
! colspan="5" align="center" style="background:#4058A0; color:white"|ASSESSMENT AND REVIEW PROCESS
 
|-
 
| style="width:15%; background:#6C82B5" align="center"|'''Review/Reviewer'''
 
| style="width:22%; background:#b3b3b3" align="center"|'''Author's Self Evaluation'''<br>[[User:Mtesauro|'''Matt Tesauro''']]<br>(applicable for Alpha Quality&further)
 
| style="width:21%; background:#b3b3b3" align="center"|'''First Reviewer'''<br>[[User:Wirefall|'''Dustin Dykes''']]<br>(applicable for Alpha Quality&further)
 
| style="width:21%; background:#b3b3b3" align="center"|'''Second Reviewer'''<br>[[User:Kpoots|'''Kent Poots''']]<br>(applicable for Beta Quality&further)
 
| style="width:21%; background:#b3b3b3" align="center"|'''OWASP Board Member'''<br>[[User:Sdeleersnyder|'''Sesbastien Deleersnyder''']]<br>(applicable just for Release Quality)
 
|-
 
| style="width:15%; background:#7B8ABD" align="center"|'''Alpha Release Tool Criteria<br>(Pre-Assessment Checklist)'''
 
| style="width:21%; background:#C2C2C2" align="center"|[https://spreadsheets.google.com/a/owasp.org/viewform?hl=en&formkey=cjk3MGlQTkN5bUk0anMxelE0Uy1Rdnc6MA.. To fill in]<br>[http://spreadsheets.google.com/ccc?key=r970iPNCymI4js1zQ4S-Qvw To View]
 
| style="width:21%; background:#C2C2C2" align="center"|
 
| style="width:21%; background:#C2C2C2" align="center"|
 
| style="width:22%; background:#C2C2C2" align="center"|
 
|-
 
| style="width:15%; background:#7B8ABD" align="center"|'''Final Review'''
 
| style="width:21%; background:#C2C2C2" align="center"|Objectives & Deliveries reached?<br>'''Yes''' <br>---------<br>Which status has been reached?<br>'''Release Quality'''<br>---------<br>[[Project Information:template Live CD 2008 Project - Final Review - Self Evaluation - B|Self-Evaluation (B)]]
 
| style="width:21%; background:#C2C2C2" align="center"|Objectives & Deliveries reached?<br>'''Yes'''<br>---------<br>Which status has been reached?<br>'''Release Quality'''<br>---------<br>[[Project Information:template Live CD 2008 Project - Final Review - First Reviewer - D|First Reviewer (D)]]
 
| style="width:21%; background:#C2C2C2" align="center"|Objectives & Deliveries reached?<br>'''Yes'''<br>---------<br>Which status has been reached?<br>'''Release Quality'''<br>---------<br>[[Project Information:template Live CD 2008 Project - Final Review - Second Reviewer - F|Second Reviewer (F)]]
 
| style="width:22%; background:#C2C2C2" align="center"|Objectives & Deliveries reached?<br>'''Yes'''<br>---------<br>Which status has been reached?<br>'''Release Quality'''<br>---------<br>[[Project Information:template Live CD 2008 Project - Final Review - OWASP Board Member - G|Board Member's Review (G)]]
 
|}
 

Latest revision as of 14:37, 8 June 2009

Click here to return to project's main page

Release Leader

Matt Tesauro's - Self Assessment:

ALPHA RELEASE TOOL CRITERIA/PRE-ASSESSMENT CHECKLIST
1. Is your tool licensed under an open source license?
Answer to question 1 goes here. Same thing below.
2. Is the source code and any documentation available in an online project repository? (e.g. Google Code or Sourceforge site)
3. Is there working code?
4. Is there a roadmap for this project release which will take it from Alpha to Stable release?
Field to be kept blank
BETA RELEASE TOOL CRITERIA/PRE-ASSESSMENT CHECKLIST
1. Are the Alpha pre-assessment items complete?
2. Is there an installer or stand-alone executable?
3. Is there user documentation on the OWASP project wiki page?
4. Is there an "About box" or similar help item which lists:

4.1. Project Name?
4.2. Short Description?
4.3. Project Lead and contact information?(e.g. email address)
4.4. Project Contributors (if any)?
4.5. License?
4.6. Project Sponsors (if any)?
4.7. Release status and date assessed as Month-Year e.g. March 2009?
4.8. Link to OWASP Project Page?

5. Is there documentation on how to build the tool from source including obtaining the source from the code repository?
6. Is the tool documentation stored in the same repository as the source code?
Field to be kept blank
BETA RELEASE TOOL CRITERIA/REVIEWER ACTION ITEMS
1. Is an installer for the tool available and easy to use? How close does it reach the goal of a fully automated installer?
2. Is the end user documentation complete, relevant and presented on the OWASP wiki page?
3. Does the tool have an “About box” or similar help item which allows the end user to get an overview of the state of this tool? Is this information readily available and easy to find?
4. Does the documentation on building the source provide the necessary information and detail to allow someone to build the tool? Is there sufficient detail and information for the target user? Is there any domain specific knowledge that is assumed and not provided?
5. Is the tool's documentation available with the source code and would it readily discoverable by a new user of the tool?
Field to be kept blank
STABLE RELEASE TOOL CRITERIA/PRE-ASSESSMENT CHECKLIST
1. Are the Alpha and Beta pre-assessment items complete?
2. Does the tool include documentation built into the tool?
3. Does the tool include build scripts to automate builds?
4. Is there a publicly accessible bug tracking system?
5. Have any existing limitations of the tool been documented?
Field to be kept blank
STABLE RELEASE TOOL CRITERIA/REVIEWER ACTION ITEMS
1. Have all the Beta Reviewer Action Items been completed? These will need to be completed if they have not already occurred during a previous assessment.
2. Does the tool substantially address the application security issues it was created to solve?
3. Is the tool reasonably easy to use?
4. Does the documentation meet the needs of the tool users and is easily found?
5. Do the build scripts work as expected? Can you build the tool? The goal is a “One-click” build.
6. Is the bug tracking system usable? Is it hosted at the same place as the source code? (e.g. Google Code, Sourceforge)
7. Have you noted any limitations of the tool that are not already documented by the project lead.
8. Would you consider using this tool in your day to day work assuming your professional work includes a reason to use this tool? Why or why not?
9. What, if anything, is missing which would make this a more useful tool? Is what is missing critical enough to keep the release at a beta quality?

First Reviewer

Second Reviewer

GPC/OWASP Board

Retrieved from "https://wiki.owasp.org/index.php?title=OWASP_Live_CD_2008_Project_-_Assessment_Frame_Experience&oldid=63748"