Revision as of 18:47, 21 February 2008

1 (Work in progress)

(Work in progress)

This assessment area focuses on assessing the quality of OWASP TOOLS and DOCUMENTATION (Projects). The resulting ratings are used within the project to aid in recognizing excellent contributions and identifying topics in need of further work.

FAQ

1. What is the purpose of the project ratings?: The rating system allows OWASP to monitor the quality of Projects in our subject areas, and to prioritize work on these projects. It is also utilized to prepare for static releases of Wikipedia content.
2. How do I add an project (tool or documentation) to the OWASP Projects?: To propose a new project, please send an email to OWASP.
3. How does the assessment scale works?: Each category should have a certain amount of requirements/criteria to accomplish. The second category (Beta Quality) implies that all of its requirements, as well as the ones defined for the category below (Alpha Quality), have been accomplished. The last category (Quality Release) implies that all of its requirements, as well as the ones defined for the categories below (Alpha and Beta), have been accomplished.
4. Who can assess projects?: WORK IN PROGRESS
5. Why didn't the reviewer leave any comments?: Unfortunately, due to the volume of projects that need to be assessed, we are unable to leave detailed comments in most cases. If you have particular questions, you might ask the person who assessed the project; they will be happy to provide you with their reasoning.
6. What if I don't agree with a rating?: You can list it in the section for assessment requests below, and someone will take a look at it. Alternately, you can ask any member of the project to rate the project again.
7. Aren't the ratings subjective?: Yes, they are somewhat subjective, but it's the best system we've been able to devise. If you have a better idea, please don't hesitate to let us know!
8. What if I have a question not listed here?: If your question concerns the project assessment process specifically, please contact the OWASP or its Project Manager directly.

Assessment Scale for OWASP TOOLS Projects

Class	Criteria	Example
Release Quality OWASP Tools	Be reasonably easy to use Include online documention built into tool (based on required user documentation) Include build scripts that facilitate building the application from source (Goal: One-click build) Java projects (if appropriate) should be run through Fortify Software engine and FindBugs. WebGoat would not be appropriate for example since it would light up like a Christmas tree :-) C/C++ apps (if we have any) should consider being run through Coverity. The Coverity open source scanning project has also started accepting submissions for open source Java applications. Recommendations: UAT pass on functionality of the tool Developer documents any limitations	OWASP WebGoat Project
Beta Quality OWASP Tools	Have an easy to use installer (Goal: Fully automated installer) (or stand alone executable version) Include user documentation in Project's OWASP Wiki page(s) Add a common About Box or help menu (which lists name of tool, author, e-mail address of author, current version number and/or release date) Include documentation on how to build it from code, starting with getting it directly from the code repository. (Ideally, this would include easy to use build scripts, which is required for Release Quality)	OWASP AntiSamy Project
Alpha Quality OWASP Tools	Agree to OWASP's open source license Create a project page at OWASP that describes: the tool, the project leader,contact info, and includes a download link for the code and the executable version. Have its code in Googlecode, or Sourceforge Mailing list for project created	OWASP CSRFTester Project

Assessment Scale for OWASP DOCUMENTATION Projects

Class	Criteria	Example
Release Quality OWASP Documentation	WORK IN PROGRESS - WORK IN PROGRESS	OWASP AppSec FAQ Project
Beta Quality OWASP Documentation	WORK IN PROGRESS - WORK IN PROGRESS	OWASP CLASP Project
Alpha Quality OWASP Documentation	Agree to OWASP's open source license Create a project page at OWASP that describes: WORK IN PROGRESS Mailing list for project created	OWASP AJAX Security Project

Requests for assessment

If you have made significant changes to an project and would like an outside opinion on a new rating for it, please feel free to list it below.

Here
Or here
Add new requests above this line

Pages in category "OWASP Project Assessment"

The following 14 pages are in this category, out of 14 total.

A

B

@@ Line 27: / Line 27: @@
 | style="background:#f2984c"|'''[[:Category:OWASP Project|Release Quality OWASP Tools]]'''
-|'''To be reasonably useful:'''
+|
 * Be reasonably easy to use
-* Have an easy to use installer
+* Include online documention built into tool (based on required user documentation)
-* Include user documentation
+* Include build scripts that facilitate building the application from source (Goal: One-click build)
-* Include documentation on how to build it from code
+* Java projects (if appropriate) should be run through [http://opensource.fortifysoftware.com/welcome.html Fortify Software] engine and [http://findbugs.sourceforge.net/ FindBugs].
-* Add a common About Box or help menu
+**WebGoat would not be appropriate for example since it would light up like a Christmas tree :-)
-**(regardless of language which lists name of tool, author, e-mail address of author, current version number and/or release date)
+* C/C++ apps (if we have any) should consider being run through [http://scan.coverity.com/ Coverity]. The Coverity open source scanning project has also started accepting submissions for open source Java applications.
 '''Recommendations:'''
-* Include online documention built into tool (based on required user documentation)
+* UAT pass on functionality of the tool
-* Java projects (if appropriate) should be run through [http://opensource.fortifysoftware.com/welcome.html Fortify Software] engine.
+* Developer documents any limitations
-[WebGoat would not be appropriate for example since it would light up like a Christmas tree :-)]
-'''Additional suggestions / contributions'''
-* Include UAT pass on functionality requirements of the tool
-* Ask the developers to document any limitations
-* Question Human Computer Interaction (HCI) and the user interface
-* Overview of scanning the codebase findings (say findbugs)
 | [[OWASP WebGoat Project|OWASP WebGoat Project]]
 |-
 | style="background:#ffcc66"|'''[[:Category:OWASP Project|Beta Quality OWASP Tools]]'''
-| WORK IN PROGRESS
+|
+* Have an easy to use installer (Goal: Fully automated installer) (or stand alone executable version)
+* Include user documentation in Project's OWASP Wiki page(s)
+* Add a common About Box or help menu
+**(which lists name of tool, author, e-mail address of author, current version number and/or release date)
+* Include documentation on how to build it from code, starting with getting it directly from the code repository. (Ideally, this would include easy to use build scripts, which is required for Release Quality)
 | [[:Category:OWASP AntiSamy Project|OWASP AntiSamy Project]]
 |-
@@ Line 55: / Line 52: @@
 * Agree to OWASP's open source license
 * Create a project page at OWASP that describes:
-**the tool, the project leader,contact info, and includes a download link for the executable version.
+**the tool, the project leader,contact info, and includes a download link for the code and the executable version.
 * Have its code in Googlecode, or Sourceforge
 * Mailing list for project created

Difference between revisions of "Category:OWASP Project Assessment"

Revision as of 18:47, 21 February 2008

(Work in progress)

FAQ

Assessment Scale for OWASP TOOLS Projects

Assessment Scale for OWASP DOCUMENTATION Projects

Requests for assessment

Pages in category "OWASP Project Assessment"

A

B

D

G

R

T

工

文

项

Navigation menu

Personal tools

Namespaces

Variants

Views

More

Search

Navigation

Reference

Tools