This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit https://owasp.org
Difference between revisions of "OWASP Project Assessment Criteria"
From OWASP
| Line 82: | Line 82: | ||
|- | |- | ||
| || || 8-Does the project contain documentation on how to configure source code in a certain IDE for new volunteer developers? || 2 || || | | || || 8-Does the project contain documentation on how to configure source code in a certain IDE for new volunteer developers? || 2 || || | ||
| − | |||
| − | |||
|- | |- | ||
| || || '''Overall:''' || || || | | || || '''Overall:''' || || || | ||
| Line 96: | Line 94: | ||
|- | |- | ||
| || || 13-Are all text strings displayed to the end user loaded from a resource file, and the appropriate language resource file is used based on user settings (if available). || 5 || || | | || || 13-Are all text strings displayed to the end user loaded from a resource file, and the appropriate language resource file is used based on user settings (if available). || 5 || || | ||
| − | |||
| − | |||
|- | |- | ||
| || || '''Test Projects Only''' || || || | | || || '''Test Projects Only''' || || || | ||
| Line 106: | Line 102: | ||
|- | |- | ||
| || || || '''54''' || || | | || || || '''54''' || || | ||
| − | |||
| − | |||
|- | |- | ||
| || || '''Documentation Projects Only:''' || || || | | || || '''Documentation Projects Only:''' || || || | ||
Latest revision as of 20:16, 11 November 2013
Project Health Criteria
| Core Questions | Criteria Questions | Response |
|---|---|---|
| Focus: To measure the health of the project. | ||
| Is the project actively maintained? | ||
| Does the wiki template have the minimum standard wiki content available, and is it updated with releases? | ||
| Does the project have an active project leader? (Maintains project site with news and release announcements, continually enhancing the project, promoting the project in the security community, etc.) | ||
| Is the project being maintained with current operating systems and technology? | ||
| Does the project demonstrate progress to the community and verify that development is on track with the roadmap? (Roadmap Content Definition: Leader must have a roadmap that encompasses activity for the next year, or have a total of no less than 4 milestones with the roadmap.) | ||
| Does it meet quality expectations? | ||
| Does the project have a relevant project summary that can be found on the OWASP Project wiki page? | ||
| Does the project have a good track record of resolving issues and answering questions from project consumers? | ||
| Does it address a security concern? (Leader must state what their unique application security concern they are addressing.) | ||
| Does the project represent a minimal viable product? (Note: Minimal Viable Product must be defined by Leader at the start of the project.) | ||
| Does the project follow OWASP Project Best Practices, and is it consistent with OWASP Objectives and the Mission? | ||
| Does the project use an appropriate Community Friendly License? | ||
| Are project deliverables, information, and releases readily available and accessible to the public? (Note: This can be a link to the repository, or a link to an external web site.) | ||
| Has the project designated who the copyright owner is? | ||
| Do the Project Leaders follow OWASP Project Best Practices as outlined in the Project Leader Handbook, Code of Ethics Section 8.3? Handbook: https://www.owasp.org/images/6/6a/OWASP_Projects_Handbook_2013.pdf | ||
| Do the project leaders and contributors treat everyone with respect and dignity? (Note: Input from the community will be required or use your best judgement.) | ||
| Is the project vendor neutral? | ||
| Does the project provide an innovative approach to address a concern within the software security community? | ||
| Does the project have one accepted OWASP reviewed deliverable on record within the new project’s infrastructure? | ||
| Yes, and the project has a Stable release. | Labs --> Flagship | |
| Yes, and the project has an Beta or Stable release. | Incubator --> Labs
|
Product Quality Review Criteria
| Core Questions | Release | Criteria Questions | Points | Response | Grading |
|---|---|---|---|---|---|
| 1-Does the Project leader identify the development stage a release is in (e.g., Alpha, Beta, Stable, etc.)? | 5 | ||||
| 2-Is the code tested using Unit tests? | 2 | ||||
| Tool | |||||
| Code Library | Bug Fixing: | ||||
| 3-Is there a way for developer to ask questions or engage in discussions about the project? | 5 | ||||
| 4-Does the project maintain a prioritized list of open issues? | 3 | ||||
| 5-Can users report issues that are answered or prioritized and added to the list? | 3 | ||||
| 6-Have bugs been fixed during releases? | 5 | ||||
| 7-Does the project contain a clear 'release' document explaining the new features and fixes? | 2 | ||||
| 8-Does the project contain documentation on how to configure source code in a certain IDE for new volunteer developers? | 2 | ||||
| Overall: | |||||
| 9-Does the project have an up-to-date source code repository that is accessible to the overall community? | 5 | ||||
| 10-Does it solve a core application security need? | 3 | ||||
| 11-Does the project include build scripts that facilitate building/adding to the application from source? | 3 | ||||
| 12-Does the project include appropriate documentation? | 3 | ||||
| 13-Are all text strings displayed to the end user loaded from a resource file, and the appropriate language resource file is used based on user settings (if available). | 5 | ||||
| Test Projects Only | |||||
| 14-Does this project have an easy to use installer (Goal: Fully automated installer) (or stand alone executable version)? | 5 | ||||
| 15-Is the tool/deliverable user friendly and easy to use? | 3 | ||||
| 54 | |||||
| Documentation Projects Only: | |||||
| 1-Do the project leaders/contributors interact with readers and receive and reply to feedback on the project? (Usefulness of dialogue with readers) | 10 | ||||
| 2-Does the material help inform consumers about a security topic? | 10 | ||||
| 3-Does the project leader adapt the documentation based on the priorities, importance, and feedback gathered by reliable sources? | 6 | ||||
| 4-Is the documentation translated into at least two different languages? | 4 | ||||
| Documentation | 5-Is the English grammar correct, understandable, and the content flows well? | 6 | |||
| 6-Is the project product available for download on the OWASP Project wiki page? | 4 | ||||
| Bonus Points | 7-If this document is a candidate to publish as an OWASP book, is the document in a format which can be converted to an OWASP book? | 6 | |||
| 6-8 Points | 8-Does the project sufficiently cover material with respect to the topic or process it is intended to cover? | 8 | |||
| 54 | |||||
| Total Code/Tools Points | |||||
| Total Document Points |
