项目发布评估

该网页由OWASP中文项目组维护，以帮助OWASP中文项目的领导人和项目参与人员，依据《评估标准2.0版》（Assessment Criteria v2.0），在项目发布以前，对项目进行评估。

质量等级

对于项目的发布，OWASP建立了一套拥有三个指定质量等级（Alpha，Beta和稳定发布）的评估标准。随着项目发布的质量从Alpha到Beta再到稳定的等级，评估的要求也越来越严格。总体而言，项目领导确定其项目的目标质量等级，然后向着该等级工作。一旦项目领导人完成了目标等级的前提条件和标准，他们就将要求审核他们的项目。质量等级将确定谁来审核发布，并以什么样的方式来审核。

• Alpha发布： The review consists of the Global Project Committee (GPC) verifying that the project pre-assessment checklist is complete. Alpha release projects are the easiest to achieve since anyone with a start on a solution to an application security problem can self assess their project against the pre-assessment checklist.
• Beta发布： The project lead completes the pre-assessment checklist. Then, the review will first be conducted by the project's reviewer (more on this below). After the reviewer completes the review of the release, the GPC will validate the project's review.
• 稳定发布： The project lead completes the pre-assessment checklist. Then, the two project reviewers will complete their review of the release (more on this below). After the reviews are complete, the Global Projects Committee and OWASP Board will validate the project's review.

Pre-Assessment Checklists versus Reviewer Action Items:

• Pre-Assessment checklists should be completed by the project lead prior to asking for an assessment.
• Pre-Assessment checklists were designed to be completed in minutes to verify that all items are complete.
• Reviewer Action Items should be completed by project reviewer(s) after the project lead indicates the project is ready to be assessed and the pre-assessment checklist is complete.
• Reviewer Action Items were designed to require some significant time commitment from the reviewer since the questions are subjective and require a good deal of understanding and review of the project's release.

Prerequisites for Project Release Assessment

Depending on the quality level criteria, the project lead may have prerequisites to complete before the project release(s) can be assessed by the criteria below

• Alpha release: No prerequisites.
• Beta release: 1 reviewer is required.
• Stable release: 2 reviewers are required. Second review has special requirements.

Notes on reviewers

• Ideally, per project release, the project leader will propose the reviewer(s).
• Ideally, reviewers should be an existing OWASP project leader or chapter leader.
• If the project lead is unable to find the required reviewer(s), the Global Projects Committee can assist in identifying reviewers for the project.
• It is recommended that an OWASP board member or Global Projects Committee member be the second reviewer on Stable releases. The board has the initial option to review the project, followed by the Global Projects Committee.
• The Global Projects Committee confirms the assignment of reviewers to a project.
• For special cases (e.g. large documents), multiple reviewers may be utilized to break the review work into smaller units. The over-riding principal is that one set of eye balls will review for Beta and two sets of eye balls will review for Quality. For example, a large project 4 reviewers could be used to do the Stable quality review were each reviewer would be responsible for reviewing approximately 1/2 of the content where 4 x 1/2 = 2.

级别评定系统

尚未审核	Alpha发布	Beta发布	稳定发布

发布评估标准

OWASP不同项目类型的特定发布评估标准：

• 工具评估标准
• 文档评估标准