This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit https://owasp.org

Assessing Project Health

From OWASP
Revision as of 14:57, 28 April 2009 by Mtesauro (talk | contribs) (Project Site Levels)

Jump to: navigation, search


This is a DRAFT page still under review by the Global Projects Committee

This page is maintained by the Global Projects Committee to help assist Project Leaders with information about successfully running an OWASP Project. It will be updated from time to time, and changes will be discussed and announced on the OWASP-Leaders list.


Assessing Project Sites

Project sites themselves have a much simpler assessment criteria than releases. Project sites are categorized into three levels. The best method to illustrate the difference is to explain the progress of an example project through these categories:

  • A security professional has an idea to address an issue in application security and proposes a new project to the Global Projects Committee (GPC).
  • The GPC agrees with the proposal, gathers some initial data from the security professional and creates a new project page. The site has reached level 0.
  • The security professional, now the project lead, works on the project and creates a release which reaches Alpha quality.
  • The project lead continues to work on the project, it gets reviewed and reaches Beta quality. The project has reached level 1.
  • The project lead continues to work on the project release and reaches a Quality release. Additional metrics are collected (the exact nature and method of collection is to be determined). After reaching a to be specified metric, the site reaches level 2.


Project Site Levels

Project sites fall into three discrete levels:

  • Level 0 - a project that is just beginning. It is either a project with no releases or all releases no more then Alpha quality.
  • Level 1 - a project that has reviewed releases. It is a project that has been reviewed by at least one project leader and has at least 1 release at Beta quality level.
  • Level 2 - Specifics for level 2 sites have not been determined yet.

Notes on Project Site Levels:

  1. The site will be reviewed based on the Project Site Criteria below during any level change to ensure minimal project information is present.
  2. Maintenance of the project site can be handled by either the Project Lead or the Project Maintainer if the project has one.
  3. The Level 2 specification will be determined shortly. Various logistic and practical aspects need to be determined. --Mtesauro 14:57, 28 April 2009 (UTC)

Project Site Criteria

The following questions will be answered by the project lead or project maintainer and be reviewed by the Global Projects Committee:

  • Does the project site...
  1. have an up to date project template with current project information?
  2. have a conference style presentation that describes the tool in at least 3 slides?
  3. have a one sheet overview document about the project?
  4. have a link to a working mail list?
  5. have a statement of the application security issue the project addresses?
  6. have a project roadmap?

For OWASP project wiki pages, please see the Project Wiki Pages section of the Guidelines for OWASP Projects for additional suggestions/recommendations.

Archiving Project Sites

The exact criteria for archiving project sites has not yet been determined. However, the Global Projects Committee sees that an archive of projects that are kept for historical purposes will be needed. This page or subsequent pages will determine the situation under which project pages are archived.

Pre-existing project sites

The Global Projects Committee realizes that there are many current project sites which pre-existed the above assessment criteria. Those project sites will be reviewed and classified in the near future. The exact timing and methodology for addressing existing sites has not yet been determined. The Global Projects Committee will first fully specify the new framework before working on mapping existing projects into the new framework.