This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit https://owasp.org
OWASP Project Assessment Criteria
From OWASP
Revision as of 19:40, 11 November 2013 by Kait Disney-Leugers (talk | contribs)
| Core Questions | Criteria Questions | Response |
|---|---|---|
| Focus: To measure the health of the project. | ||
| Is the project actively maintained? | ||
| Does the wiki template have the minimum standard wiki content available, and is it updated with releases? | ||
| Does the project have an active project leader? (Maintains project site with news and release announcements, continually enhancing the project, promoting the project in the security community, etc.) | ||
| Is the project being maintained with current operating systems and technology? | ||
| Does the project demonstrate progress to the community and verify that development is on track with the roadmap? (Roadmap Content Definition: Leader must have a roadmap that encompasses activity for the next year, or have a total of no less than 4 milestones with the roadmap.) | ||
| Does it meet quality expectations? | ||
| Does the project have a relevant project summary that can be found on the OWASP Project wiki page? | ||
| Does the project have a good track record of resolving issues and answering questions from project consumers? | ||
| Does it address a security concern? (Leader must state what their unique application security concern they are addressing.) | ||
| Does the project represent a minimal viable product? (Note: Minimal Viable Product must be defined by Leader at the start of the project.) | ||
| Does the project follow OWASP Project Best Practices, and is it consistent with OWASP Objectives and the Mission? | ||
| Does the project use an appropriate Community Friendly License? | ||
| Are project deliverables, information, and releases readily available and accessible to the public? (Note: This can be a link to the repository, or a link to an external web site.) | ||
| Has the project designated who the copyright owner is? | ||
| Do the Project Leaders follow OWASP Project Best Practices as outlined in the Project Leader Handbook, Code of Ethics Section 8.3? Handbook: https://www.owasp.org/images/6/6a/OWASP_Projects_Handbook_2013.pdf | ||
| Do the project leaders and contributors treat everyone with respect and dignity? (Note: Input from the community will be required or use your best judgement.) | ||
| Is the project vendor neutral? | ||
| Does the project provide an innovative approach to address a concern within the software security community? | ||
| Does the project have one accepted OWASP reviewed deliverable on record within the new project’s infrastructure? | ||
| Yes, and the project has a Stable release. | Labs --> Flagship | |
| Yes, and the project has an Beta or Stable release. | Incubator --> Labs
|
