This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit https://owasp.org

Category:OWASP Project Assessment

From OWASP
Revision as of 18:20, 29 January 2008 by Pauloc (talk | contribs)

Jump to: navigation, search

Work in progress

From OWASP Project


This assessment area focuses on assessing the quality of OWASP TOOLS and DOCUMENTATION(Projects). The resulting ratings are used within the project to aid in recognizing excellent contributions and identifying topics in need of further work.


FAQ

1. What is the purpose of the project ratings? 
The rating system allows OWASP to monitor the quality of Projects in our subject areas, and to prioritize work on these projects. It is also utilized to prepare for static releases of Wikipedia content.
2. How do I add an project (tool or documentation) to the OWASP Projects? 
WORK IN PROGRESS
3. Who can assess projects? 
WORK IN PROGRESS
4. How do I rate an projects? 
5. Can I request that someone else rate an project? 
Of course; to do so, please list it in the section for assessment requests below.
6. Why didn't the reviewer leave any comments? 
Unfortunately, due to the volume of projects that need to be assessed, we are unable to leave detailed comments in most cases. If you have particular questions, you might ask the person who assessed the project; they will usually be happy to provide you with their reasoning.
7. Where can I get more comments about an project? 
The review department can conduct more thorough examination of projects; please submit it for peer review there.
8. What if I don't agree with a rating? 
You can list it in the section for assessment requests below, and someone will take a look at it. Alternately, you can ask any member of the project to rate the project again. Please note that some of the available levels have an associated formal review process; this is documented in the assessment scale.
9. Aren't the ratings subjective? 
Yes, they are somewhat subjective, but it's the best system we've been able to devise. If you have a better idea, please don't hesitate to let us know!
10. What about lists? 
Lists are assessed using the same scale as other projects; however, they progress towards featured list rather than featured project status.
11. What if I have a question not listed here? 
If your question concerns the project assessment process specifically, please refer to the discussion page for this department; for any other issues, you can go to the main project discussion page, or contact the project coordinators directly.


Quality Scale for OWASP TOOLS Projects

Class Criteria Formal process Example
Quality Release To be reasonably useful:
  • Be reasonably easy to use
  • Have an easy to use installer
  • Have its code in Googlecode, or Sourceforge
  • Include user documentation
  • Include documentation on how to build it from code
  • Add a common About Box or help menu
    • (regardless of language which lists name of tool, author, e-mail address of author, current version number and/or release date)

Recommendations:

  • Include online documention built into tool (based on required user documentation)
  • Java projects (if appropriate) should be run through Fortify Software engine.

[WebGoat would not be appropriate for example since it would light up like a Christmas tree :-)]

Additional suggestions / contributions

  • Include UAT pass on functionality requirements of the tool
  • Ask the developers to document any limitations
  • Question Human Computer Interaction (HCI) and the user interface
  • Overview of scanning the codebase findings (say findbugs)
Experience Experience Experience Experience Experience Experience Experience Experience Experience Experience Experience Experience
Beta Quality
Alpha Quality Release
  • Agree to OWASP's open source license
  • Create a project page at OWASP that describes:
    • the tool, the project leader,contact info, and includes a download link for the executable version.
  • Have its code in Googlecode, or Sourceforge
  • Mailing list for project created

Requests for assessment

If you have made significant changes to an project and would like an outside opinion on a new rating for it, please feel free to list it below.

  1. Here
  2. Or here
  3. Add new requests above this line
Retrieved from "https://wiki.owasp.org/index.php?title=Category:OWASP_Project_Assessment&oldid=24847"