This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit https://owasp.org
Difference between revisions of "Category:OWASP Project Assessment"
From OWASP
(→Assessment Scale for OWASP TOOLS Projects) |
|||
| Line 14: | Line 14: | ||
|- | |- | ||
| style="background:#f2984c"|'''[[:Category:OWASP Project|Release Quality OWASP Tools]]''' | | style="background:#f2984c"|'''[[:Category:OWASP Project|Release Quality OWASP Tools]]''' | ||
| − | | | + | | All Beta Quality Requirements plus: |
* Be reasonably easy to use | * Be reasonably easy to use | ||
* Include online documention built into tool (based on required user documentation) | * Include online documention built into tool (based on required user documentation) | ||
| Line 21: | Line 21: | ||
**WebGoat would not be appropriate for example since it would light up like a Christmas tree :-) | **WebGoat would not be appropriate for example since it would light up like a Christmas tree :-) | ||
* C/C++ apps (if we have any) should consider being run through [http://scan.coverity.com/ Coverity's open source review]. Coverity also accepts submissions for open source Java applications. | * C/C++ apps (if we have any) should consider being run through [http://scan.coverity.com/ Coverity's open source review]. Coverity also accepts submissions for open source Java applications. | ||
| − | * | + | * When approved to be Release Quality: Update the link to it on: the [[:Category:OWASP_Project | OWASP Project]] page and update its project quality tag on its project page to be Release Quality. |
'''Recommendations:''' | '''Recommendations:''' | ||
* Publicly accessible bug tracking system (e.g., at Sourceforge) | * Publicly accessible bug tracking system (e.g., at Sourceforge) | ||
| Line 30: | Line 30: | ||
|- | |- | ||
| style="background:#ffcc66"|'''[[:Category:OWASP Project|Beta Quality OWASP Tools]]''' | | style="background:#ffcc66"|'''[[:Category:OWASP Project|Beta Quality OWASP Tools]]''' | ||
| − | | | + | | All Alpha Quality Requirements plus: |
* Have an easy to use installer (Goal: Fully automated installer) (or stand alone executable version) | * Have an easy to use installer (Goal: Fully automated installer) (or stand alone executable version) | ||
* Include user documentation in Project's OWASP Wiki page(s) | * Include user documentation in Project's OWASP Wiki page(s) | ||
| Line 36: | Line 36: | ||
**(which lists name of tool, author, e-mail address of author, current version number and/or release date) | **(which lists name of tool, author, e-mail address of author, current version number and/or release date) | ||
* Include documentation on how to build it from code, starting with getting it directly from the code repository. (Ideally, this would include easy to use build scripts, which is required for Release Quality) | * Include documentation on how to build it from code, starting with getting it directly from the code repository. (Ideally, this would include easy to use build scripts, which is required for Release Quality) | ||
| − | * | + | * When approved to be Beta Quality: Update the link to it on: the [[:Category:OWASP_Project | OWASP Project]] page and update its project quality tag on its project page to be Beta. |
| [[:Category:OWASP AntiSamy Project|OWASP AntiSamy Project]] | | [[:Category:OWASP AntiSamy Project|OWASP AntiSamy Project]] | ||
|- | |- | ||
| Line 42: | Line 42: | ||
| | | | ||
* Agree to OWASP's open source license | * Agree to OWASP's open source license | ||
| − | * Create a project page at OWASP that | + | * Create a project page at OWASP that: |
| − | **the tool, the project leader,contact info, and includes a download link for the code and the executable version. | + | **describes the tool, the project leader,contact info, and includes a download link for the code and the executable version. |
| + | **includes the Alpha Quality Tool project tag. (Which we still need to define). | ||
| + | **has a link to the project page from the [[:Category:OWASP_Project | OWASP Project]] page. | ||
* Have its code in Googlecode, or Sourceforge | * Have its code in Googlecode, or Sourceforge | ||
* Mailing list for project created | * Mailing list for project created | ||
Revision as of 20:45, 21 February 2008
(Work in progress)
The following defines the quality levels for OWASP TOOLS and DOCUMENTATION (Projects). Rating projects against these criteria aid in recognizing excellent contributions and identifying projects in need of further work.
Assessment Scale for OWASP TOOLS Projects
| Class | Criteria | Example |
|---|---|---|
| Release Quality OWASP Tools | All Beta Quality Requirements plus:
Recommendations:
|
OWASP WebGoat Project |
| Beta Quality OWASP Tools | All Alpha Quality Requirements plus:
|
OWASP AntiSamy Project |
| Alpha Quality OWASP Tools |
|
OWASP CSRFTester Project |
Assessment Scale for OWASP DOCUMENTATION Projects
| Class | Criteria | Example |
|---|---|---|
| Release Quality OWASP Documentation | WORK IN PROGRESS - WORK IN PROGRESS | OWASP AppSec FAQ Project |
| Beta Quality OWASP Documentation | WORK IN PROGRESS - WORK IN PROGRESS | OWASP CLASP Project |
| Alpha Quality OWASP Documentation |
|
OWASP AJAX Security Project |
FAQ
- 1. What is the purpose of the project ratings?
- The rating system allows OWASP to monitor the quality of Projects in our subject areas, and to prioritize work on these projects. It is also utilized to prepare for static releases of Wikipedia content.
- 2. How do I add a project (tool or documentation) to the OWASP Projects?
- To propose a new project, please send an email to OWASP.
- 3. How does the assessment scale work?
- Each category has a set of requirements/criteria to be met. Beta Quality implies that all of its requirements, as well as the Alpha Quality requirement have been met. Release Quality implies that all of the requirements, including Alpha and Beta, have been met.
- 4. Who can assess projects?
- Paulo Coimbra can assign you a reviewer.
- 5. Why didn't the reviewer leave any comments?
- Unfortunately, due to the volume of projects that need to be assessed, we are unable to leave detailed comments in most cases. If you have particular questions, you might ask the person who assessed the project; they will be happy to provide you with their rationale.
- 6. What if I don't agree with a rating?
- You can list it in the section for assessment requests below, and someone will take a look at it. Alternately, you can ask any member of the project to rate the project again.
- 7. Aren't the ratings subjective?
- Yes, they are somewhat subjective, but it's the best system we've been able to devise. If you have a better idea, please don't hesitate to let us know!
- 8. What if I have a question not listed here?
- If your question concerns the project assessment process specifically, please contact OWASP or its Project Manager directly.
Requests for assessment
If you have made significant changes to a project and would like an outside opinion on a new rating for it, please feel free to list it below or e-mail Paulo Coimbra.
- Here
- Or here
- Add new requests above this line
Pages in category "OWASP Project Assessment"
The following 14 pages are in this category, out of 14 total.
