Difference between revisions of "Guidelines for Reviewing OWASP projects"

Revision as of 21:49, 9 February 2009

THIS ARTICLE IS A DRAFT 

This page will contain detailed guidelines for OWASP Project reviewers (usually part of a Season of Code initiative or when a project is reviewed according with the Project Assessment Criteria):

• Be reasonably easy to use
• Include online documention built into tool (based on required user documentation)
• Include build scripts that facilitate building the application from source (Goal: One-click build)
• Publicly accessible bug tracking system established, ideally at the same place as the source code repository (e.g., at Google code, or Sourceforge)
• Be run through Fortify Software's open source review (if appropriate) and FindBugs.
• When approved to be Release Quality: Update the link to it on: the OWASP Project page and update its project quality tag on its project page to be Release Quality.

a review undertaking consists at least in the following tasks.

1. Make sure that the project’s roadmap has been accomplished,
2. Having into account which was the project’s status target (Quality Status in this case), check project stage/features against the OWASP Assessment Criteria,
3. Point out scientific/technical and methodological mistakes, propose paths to follow, propose tools and documentation/bibliography to be studied and consulted.

(link to Excel document template with all items to review)