This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit https://owasp.org

Difference between revisions of "Category:OWASP Live CD Project - AppSecEU May2009 Release - Assessment"

From OWASP
Jump to: navigation, search
 
(23 intermediate revisions by 2 users not shown)
Line 1: Line 1:
[[:Category:OWASP Live CD Project|Click here to return to project's main page]]<br>
+
<small>[[:Category:OWASP Live CD Project|Click here to return to project's main page]]</small><br>
  
==== Release Leader ====
+
== Stable Release Review of the OWASP Live CD AppSecEU May2009 Release ==
  
[[User:Mtesauro|'''Matt Tesauro's''']] Self Assessment: 
+
==== Project Leader for this Release ====
 +
'''''[[User:Mtesauro|Matt Tesauro]]'s Pre-Assessment Checklist:'''''
  
{|style="width:100%; background:#white" align="left"
+
{{ Pre-Assessment Questions - Tools
|style="width:100%; background:#white" align="left"|'''ALPHA RELEASE TOOL CRITERIA/PRE-ASSESSMENT CHECKLIST'''  
+
 
|-
+
 
| style="width:100%; background:#white" align="left"|1. Is your tool licensed under an open source license?
+
| 1. Is this release associated with a project containing at least the [[Assessing_Project_Health#Project_Wiki_Page_Minimal_Content|Project Wiki Page Minimum Content]] information?
|-
+
= answer 1
| style="width:100%; background:#C2C2C2" align="left"|Answer to question 1 goes here. Same thing below.
+
 
|- 
+
| 2. Is your tool licensed under an open source license?  
| style="width:100%; background:#white" align="left"|2. Is the source code and any documentation available in an online project repository? (e.g. Google Code or Sourceforge site)
+
= answer 2
|- 
+
 
| style="width:100%; background:#C2C2C2" align="left"|<!-- Answer to question 2 goes here -->
+
| 3. Is the source code and any documentation available in an online project repository?  
|-
+
= answer 3
| style="width:100%; background:#white" align="left"|3. Is there working code?  
+
 
|-
+
| 4. Is there working code?  
| style="width:100%; background:#C2C2C2" align="left"|<!-- Answer to question 3 goes here -->
+
= answer 4
|-
+
 
| style="width:100%; background:#white" align="left"|4. Is there a roadmap for this project release which will take it from Alpha to Stable release?
+
| 5. Is there a roadmap for this project release which will take it from Alpha to Stable release?  
|- 
+
= answer 5
| style="width:100%; background:#C2C2C2" align="left"|<!-- Answer to question 4 goes here -->
+
 
|-
+
| 6. Are the Alpha pre-assessment items complete?
| style="width:100%; background:#white" align="left"|<font color="white">Field to be kept blank
+
= answer 6
|-
+
 
| style="width:100%; background:#white" align="left"|'''BETA RELEASE TOOL CRITERIA/PRE-ASSESSMENT CHECKLIST'''
+
| 7. Is there an installer or stand-alone executable?  
|-
+
= answer 7
| style="width:100%; background:#white" align="left"|1. Are the Alpha pre-assessment items complete?
+
   
|-
+
| 8. Is there user documentation on the OWASP project wiki page?  
| style="width:100%; background:#C2C2C2" align="left"|<!-- Answer to question 1 goes here -->
+
= answer 8
|- 
+
 
| style="width:100%; background:#white" align="left"|2. Is there an installer or stand-alone executable?
+
| 9. Is there an "About box" or similar help item which lists the following?  
|- 
+
= answer 9
| style="width:100%; background:#C2C2C2" align="left"|<!-- Answer to question 2 goes here -->
+
 
  |-
+
| 10. Is there documentation on how to build the tool from source including obtaining the source from the code repository?  
| style="width:100%; background:#white" align="left"|3. Is there user documentation on the OWASP project wiki page?
+
= answer 10
|-
+
 
| style="width:100%; background:#C2C2C2" align="left"|<!-- Answer to question 3 goes here -->
+
| 11. Is the tool documentation stored in the same repository as the source code?
|-
+
= answer 11
| style="width:100%; background:#white" align="left"|4. Is there an "About box" or similar help item which lists:<br>
+
 
4.1. Project Release Name?<br>
+
| 12. Are the Alpha and Beta pre-assessment items complete?  
4.2. Short Description?<br>
+
= answer 12
4.3. Project Release Lead and contact information?(e.g. email address)<br>
+
 
4.4. Project Release Contributors (if any)?<br>
+
| 13. Does the tool include documentation built into the tool?  
4.5. License?<br>
+
= answer 13
4.6. Project Release Sponsors (if any)?<br>
+
 
4.7. Release status and date assessed as Month-Year e.g. March 2009?<br>
+
| 14. Does the tool include build scripts to automate builds?  
4.8. Link to OWASP Project Page?<br> 
+
= answer 14
|-
+
 
| style="width:100%; background:#C2C2C2" align="left"|<!-- Answer to question 4 goes here -->
+
| 15. Is there a publicly accessible bug tracking system?  
|-
+
= answer 15
| style="width:100%; background:#white" align="left"|5. Is there documentation on how to build the tool from source including obtaining the source from the code repository?  
+
 
|-
+
| 16. Have any existing limitations of the tool been documented?  
| style="width:100%; background:#C2C2C2" align="left"|<!-- Answer to question 5 goes here -->
+
= answer 16
|-
+
}}
| style="width:100%; background:#white" align="left"|6. Is the tool documentation stored in the same repository as the source code?
 
|-
 
| style="width:100%; background:#C2C2C2" align="left"|<!-- Answer to question 6 goes here -->
 
|-
 
| style="width:100%; background:#white" align="left"|<font color="white">Field to be kept blank
 
|-
 
| style="width:100%; background:#white" align="left"|'''BETA RELEASE TOOL CRITERIA/REVIEWER ACTION ITEMS'''
 
|-
 
| style="width:100%; background:#white" align="left"|1. Is an installer for the tool available and easy to use? How close does it reach the goal of a fully automated installer?
 
|-
 
| style="width:100%; background:#C2C2C2" align="left"|<!-- Answer to question 1 goes here -->
 
|- 
 
| style="width:100%; background:#white" align="left"|2. Is the end user documentation complete, relevant and presented on the OWASP wiki page?
 
|- 
 
| style="width:100%; background:#C2C2C2" align="left"|<!-- Answer to question 2 goes here -->
 
|-
 
| style="width:100%; background:#white" align="left"|3. Does the tool have an “About box” or similar help item which allows the end user to get an overview of the state of this tool? Is this information readily available and easy to find?
 
|-
 
| style="width:100%; background:#C2C2C2" align="left"|<!-- Answer to question 3 goes here -->
 
|-
 
| style="width:100%; background:#white" align="left"|4. Does the documentation on building the source provide the necessary information and detail to allow someone to build the tool? Is there sufficient detail and information for the target user? Is there any domain specific knowledge that is assumed and not provided?
 
|-
 
| style="width:100%; background:#C2C2C2" align="left"|<!-- Answer to question 4 goes here -->
 
|-
 
| style="width:100%; background:#white" align="left"|5. Is the tool's documentation available with the source code and would it readily discoverable by a new user of the tool?
 
|-
 
| style="width:100%; background:#C2C2C2" align="left"|<!-- Answer to question 5 goes here -->
 
|-
 
| style="width:100%; background:#white" align="left"|<font color="white">Field to be kept blank
 
|-
 
| style="width:100%; background:#white" align="left"|'''STABLE RELEASE TOOL CRITERIA/PRE-ASSESSMENT CHECKLIST'''
 
|-
 
| style="width:100%; background:#white" align="left"|1. Are the Alpha and Beta pre-assessment items complete?
 
|-
 
| style="width:100%; background:#C2C2C2" align="left"|<!-- Answer to question 1 goes here -->
 
|- 
 
| style="width:100%; background:#white" align="left"|2. Does the tool include documentation built into the tool?  
 
|- 
 
| style="width:100%; background:#C2C2C2" align="left"|<!-- Answer to question 2 goes here -->
 
|-
 
| style="width:100%; background:#white" align="left"|3. Does the tool include build scripts to automate builds?  
 
|-
 
| style="width:100%; background:#C2C2C2" align="left"|<!-- Answer to question 3 goes here -->
 
|-
 
| style="width:100%; background:#white" align="left"|4. Is there a publicly accessible bug tracking system?  
 
|-
 
| style="width:100%; background:#C2C2C2" align="left"|<!-- Answer to question 4 goes here -->
 
|-
 
| style="width:100%; background:#white" align="left"|5. Have any existing limitations of the tool been documented?  
 
|-
 
| style="width:100%; background:#C2C2C2" align="left"|<!-- Answer to question 5 goes here -->
 
|-
 
| style="width:100%; background:#white" align="left"|<font color="white">Field to be kept blank
 
|-
 
| style="width:100%; background:#white" align="left"|'''STABLE RELEASE TOOL CRITERIA/REVIEWER ACTION ITEMS'''
 
|-
 
| style="width:100%; background:#white" align="left"|1. Have all the Beta Reviewer Action Items been completed? These will need to be completed if they have not already occurred during a previous assessment.
 
|-
 
| style="width:100%; background:#C2C2C2" align="left"|<!-- Answer to question 1 goes here -->
 
|- 
 
| style="width:100%; background:#white" align="left"|2. Does the tool substantially address the application security issues it was created to solve?
 
|- 
 
| style="width:100%; background:#C2C2C2" align="left"|<!-- Answer to question 2 goes here -->
 
|-
 
| style="width:100%; background:#white" align="left"|3. Is the tool reasonably easy to use?
 
|-
 
| style="width:100%; background:#C2C2C2" align="left"|<!-- Answer to question 3 goes here -->
 
|-
 
| style="width:100%; background:#white" align="left"|4. Does the documentation meet the needs of the tool users and is easily found? 
 
|-
 
| style="width:100%; background:#C2C2C2" align="left"|<!-- Answer to question 4 goes here -->
 
|-
 
| style="width:100%; background:#white" align="left"|5. Do the build scripts work as expected? Can you build the tool? The goal is a “One-click” build.
 
|-
 
| style="width:100%; background:#C2C2C2" align="left"|<!-- Answer to question 5 goes here -->
 
|-
 
| style="width:100%; background:#white" align="left"|6. Is the bug tracking system usable? Is it hosted at the same place as the source code? (e.g. Google Code, Sourceforge)
 
|-
 
| style="width:100%; background:#C2C2C2" align="left"|<!-- Answer to question 6 goes here -->
 
|-
 
| style="width:100%; background:#white" align="left"|7. Have you noted any limitations of the tool that are not already documented by the project lead.
 
|-
 
| style="width:100%; background:#C2C2C2" align="left"|<!-- Answer to question 7 goes here -->
 
|-
 
| style="width:100%; background:#white" align="left"|8. Would you consider using this tool in your day to day work assuming your professional work includes a reason to use this tool? Why or why not?
 
|-
 
| style="width:100%; background:#C2C2C2" align="left"|<!-- Answer to question 8 goes here -->
 
|-
 
| style="width:100%; background:#white" align="left"|9. What, if anything, is missing which would make this a more useful tool? Is what is missing critical enough to keep the release at a beta quality?
 
|-
 
| style="width:100%; background:#C2C2C2" align="left"|<!-- Answer to question 9 goes here -->
 
|}
 
  
 
==== First Reviewer ====
 
==== First Reviewer ====
[[User:name|'''To be decided's''']] Review:  
+
'''''[[User:name|First Reviewer]]'s Review:'''''<br />
 +
<small>Ideally, reviewers should be an existing OWASP project leader or chapter leader.</small>
 +
 
 +
{{ Assessment Questions - Tools
 +
 
 +
| 1. Is an installer for the tool available and easy to use? How close does it reach the goal of a fully automated installer?      = (answer #1) Delete this text and place your answer here. The same for the questions below.
 +
 
 +
| 2. Is the end user documentation complete, relevant and presented on the OWASP wiki page?
 +
= (answer #2)
 +
 
 +
|3. Does the tool have an “About box” or similar help item which allows the end user to get an overview of the state of this tool? Is this information readily available and easy to find?
 +
= (answer #3)
 +
 
 +
| 4. Does the documentation on building the source provide the necessary information and detail to allow someone to build the tool? Is there sufficient detail and information for the target user? Is there any domain specific knowledge that is assumed and not provided?
 +
= (answer #4)
 +
 
 +
| 5. Is the tool's documentation available with the source code and would it readily discoverable by a new user of the tool?
 +
= (answer #5)
 +
 
 +
| 6. Is there anything missing that is critical enough to keep the release at a alpha quality?
 +
= (answer #6)
 +
 
 +
| 7. Does the tool substantially address the application security issues it was created to solve?
 +
= (answer #7)
 +
 
 +
| 8. Is the tool reasonably easy to use?
 +
= (answer #8)
 +
 
 +
| 9. Does the documentation meet the needs of the tool users and is easily found?
 +
= (answer #9)
 +
 
 +
| 10. Do the build scripts work as expected? Can you build the tool? The goal is a “One-click” build.
 +
= (answer #10)
 +
 
 +
| 11. Is the bug tracking system usable? Is it hosted at the same place as the source code? (e.g. Google Code, Sourceforge)
 +
= (answer #11)
 +
 
 +
| 12. Have you noted any limitations of the tool that are not already documented by the project lead.
 +
= (answer #12)
 +
 
 +
| 13. Would you consider using this tool in your day to day work assuming your professional work includes a reason to use this tool? Why or why not?
 +
= (answer #13)
 +
 
 +
| 14. What, if anything, is missing which would make this a more useful tool? Is what is missing critical enough to keep the release at a beta quality?
 +
= (answer #14)
 +
 
 +
}}
 +
 
 +
==== Second Reviewer ====
 +
'''''[[User:name|Second Reviewer]]'s Review:'''''<br />
 +
<small>It is recommended that an OWASP board member or Global Projects Committee member be the second reviewer on Quality releases. The board has the initial option to review the project, followed by the Global Projects Committee.</small>
 +
 
 +
{{ Assessment Questions - Tools
 +
 
 +
| 1. Is an installer for the tool available and easy to use? How close does it reach the goal of a fully automated installer?      = (answer #1) Delete this text and place your answer here. The same for the questions below.
 +
 
 +
| 2. Is the end user documentation complete, relevant and presented on the OWASP wiki page?
 +
= (answer #2)
 +
 
 +
|3. Does the tool have an “About box” or similar help item which allows the end user to get an overview of the state of this tool? Is this information readily available and easy to find?
 +
= (answer #3)
 +
 
 +
| 4. Does the documentation on building the source provide the necessary information and detail to allow someone to build the tool? Is there sufficient detail and information for the target user? Is there any domain specific knowledge that is assumed and not provided?
 +
= (answer #4)
 +
 
 +
| 5. Is the tool's documentation available with the source code and would it readily discoverable by a new user of the tool?
 +
= (answer #5)
 +
 
 +
| 6. Is there anything missing that is critical enough to keep the release at a alpha quality?
 +
= (answer #6)
 +
 
 +
| 7. Does the tool substantially address the application security issues it was created to solve?
 +
= (answer #7)
 +
 
 +
| 8. Is the tool reasonably easy to use?
 +
= (answer #8)
 +
 
 +
| 9. Does the documentation meet the needs of the tool users and is easily found?
 +
= (answer #9)
 +
 
 +
| 10. Do the build scripts work as expected? Can you build the tool? The goal is a “One-click” build.
 +
= (answer #10)
 +
 
 +
| 11. Is the bug tracking system usable? Is it hosted at the same place as the source code? (e.g. Google Code, Sourceforge)
 +
= (answer #11)
  
{|style="width:100%; background:#white" align="left"
+
| 12. Have you noted any limitations of the tool that are not already documented by the project lead.
|style="width:100%; background:#white" align="left"|'''ALPHA RELEASE TOOL CRITERIA/PRE-ASSESSMENT CHECKLIST''' 
+
= (answer #12)
|-
 
| style="width:100%; background:#white" align="left"|1. Is your tool licensed under an open source license? 
 
|-
 
| style="width:100%; background:#C2C2C2" align="left"|Answer to question 1 goes here. Same thing below.
 
|- 
 
| style="width:100%; background:#white" align="left"|2. Is the source code and any documentation available in an online project repository? (e.g. Google Code or Sourceforge site)
 
|- 
 
| style="width:100%; background:#C2C2C2" align="left"|<!-- Answer to question 2 goes here -->
 
|-
 
| style="width:100%; background:#white" align="left"|3. Is there working code?
 
|-
 
| style="width:100%; background:#C2C2C2" align="left"|<!-- Answer to question 3 goes here -->
 
|-
 
| style="width:100%; background:#white" align="left"|4. Is there a roadmap for this project release which will take it from Alpha to Stable release? 
 
|- 
 
| style="width:100%; background:#C2C2C2" align="left"|<!-- Answer to question 4 goes here -->
 
|-
 
| style="width:100%; background:#white" align="left"|<font color="white">Field to be kept blank
 
|-
 
| style="width:100%; background:#white" align="left"|'''BETA RELEASE TOOL CRITERIA/PRE-ASSESSMENT CHECKLIST'''
 
|-
 
| style="width:100%; background:#white" align="left"|1. Are the Alpha pre-assessment items complete?
 
|-
 
| style="width:100%; background:#C2C2C2" align="left"|<!-- Answer to question 1 goes here -->
 
|- 
 
| style="width:100%; background:#white" align="left"|2. Is there an installer or stand-alone executable?
 
|- 
 
| style="width:100%; background:#C2C2C2" align="left"|<!-- Answer to question 2 goes here -->
 
|-
 
| style="width:100%; background:#white" align="left"|3. Is there user documentation on the OWASP project wiki page?
 
|-
 
| style="width:100%; background:#C2C2C2" align="left"|<!-- Answer to question 3 goes here -->
 
|-
 
| style="width:100%; background:#white" align="left"|4. Is there an "About box" or similar help item which lists:<br>
 
4.1. Project Release Name?<br>
 
4.2. Short Description?<br>
 
4.3. Project Release Lead and contact information?(e.g. email address)<br>
 
4.4. Project Release Contributors (if any)?<br>
 
4.5. License?<br>
 
4.6. Project Release Sponsors (if any)?<br>
 
4.7. Release status and date assessed as Month-Year e.g. March 2009?<br>
 
4.8. Link to OWASP Project Page?<br> 
 
|-
 
| style="width:100%; background:#C2C2C2" align="left"|<!-- Answer to question 4 goes here -->
 
|-
 
| style="width:100%; background:#white" align="left"|5. Is there documentation on how to build the tool from source including obtaining the source from the code repository?
 
|-
 
| style="width:100%; background:#C2C2C2" align="left"|<!-- Answer to question 5 goes here -->
 
|-
 
| style="width:100%; background:#white" align="left"|6. Is the tool documentation stored in the same repository as the source code?
 
|-
 
| style="width:100%; background:#C2C2C2" align="left"|<!-- Answer to question 6 goes here -->
 
|-
 
| style="width:100%; background:#white" align="left"|<font color="white">Field to be kept blank
 
|-
 
| style="width:100%; background:#white" align="left"|'''BETA RELEASE TOOL CRITERIA/REVIEWER ACTION ITEMS'''
 
|-
 
| style="width:100%; background:#white" align="left"|1. Is an installer for the tool available and easy to use? How close does it reach the goal of a fully automated installer?
 
|-
 
| style="width:100%; background:#C2C2C2" align="left"|<!-- Answer to question 1 goes here -->
 
|- 
 
| style="width:100%; background:#white" align="left"|2. Is the end user documentation complete, relevant and presented on the OWASP wiki page?
 
|- 
 
| style="width:100%; background:#C2C2C2" align="left"|<!-- Answer to question 2 goes here -->
 
|-
 
| style="width:100%; background:#white" align="left"|3. Does the tool have an “About box” or similar help item which allows the end user to get an overview of the state of this tool? Is this information readily available and easy to find?
 
|-
 
| style="width:100%; background:#C2C2C2" align="left"|<!-- Answer to question 3 goes here -->
 
|-
 
| style="width:100%; background:#white" align="left"|4. Does the documentation on building the source provide the necessary information and detail to allow someone to build the tool? Is there sufficient detail and information for the target user? Is there any domain specific knowledge that is assumed and not provided?
 
|-
 
| style="width:100%; background:#C2C2C2" align="left"|<!-- Answer to question 4 goes here -->
 
|-
 
| style="width:100%; background:#white" align="left"|5. Is the tool's documentation available with the source code and would it readily discoverable by a new user of the tool?
 
|-
 
| style="width:100%; background:#C2C2C2" align="left"|<!-- Answer to question 5 goes here -->
 
|-
 
| style="width:100%; background:#white" align="left"|<font color="white">Field to be kept blank
 
|-
 
| style="width:100%; background:#white" align="left"|'''STABLE RELEASE TOOL CRITERIA/PRE-ASSESSMENT CHECKLIST'''
 
|-
 
| style="width:100%; background:#white" align="left"|1. Are the Alpha and Beta pre-assessment items complete?
 
|-
 
| style="width:100%; background:#C2C2C2" align="left"|<!-- Answer to question 1 goes here -->
 
|- 
 
| style="width:100%; background:#white" align="left"|2. Does the tool include documentation built into the tool?
 
|- 
 
| style="width:100%; background:#C2C2C2" align="left"|<!-- Answer to question 2 goes here -->
 
|-
 
| style="width:100%; background:#white" align="left"|3. Does the tool include build scripts to automate builds?
 
|-
 
| style="width:100%; background:#C2C2C2" align="left"|<!-- Answer to question 3 goes here -->
 
|-
 
| style="width:100%; background:#white" align="left"|4. Is there a publicly accessible bug tracking system?
 
|-
 
| style="width:100%; background:#C2C2C2" align="left"|<!-- Answer to question 4 goes here -->
 
|-
 
| style="width:100%; background:#white" align="left"|5. Have any existing limitations of the tool been documented?
 
|-
 
| style="width:100%; background:#C2C2C2" align="left"|<!-- Answer to question 5 goes here -->
 
|-
 
| style="width:100%; background:#white" align="left"|<font color="white">Field to be kept blank
 
|-
 
| style="width:100%; background:#white" align="left"|'''STABLE RELEASE TOOL CRITERIA/REVIEWER ACTION ITEMS'''
 
|-
 
| style="width:100%; background:#white" align="left"|1. Have all the Beta Reviewer Action Items been completed? These will need to be completed if they have not already occurred during a previous assessment.
 
|-
 
| style="width:100%; background:#C2C2C2" align="left"|<!-- Answer to question 1 goes here -->
 
|- 
 
| style="width:100%; background:#white" align="left"|2. Does the tool substantially address the application security issues it was created to solve?
 
|- 
 
| style="width:100%; background:#C2C2C2" align="left"|<!-- Answer to question 2 goes here -->
 
|-
 
| style="width:100%; background:#white" align="left"|3. Is the tool reasonably easy to use?
 
|-
 
| style="width:100%; background:#C2C2C2" align="left"|<!-- Answer to question 3 goes here -->
 
|-
 
| style="width:100%; background:#white" align="left"|4. Does the documentation meet the needs of the tool users and is easily found? 
 
|-
 
| style="width:100%; background:#C2C2C2" align="left"|<!-- Answer to question 4 goes here -->
 
|-
 
| style="width:100%; background:#white" align="left"|5. Do the build scripts work as expected? Can you build the tool? The goal is a “One-click” build.
 
|-
 
| style="width:100%; background:#C2C2C2" align="left"|<!-- Answer to question 5 goes here -->
 
|-
 
| style="width:100%; background:#white" align="left"|6. Is the bug tracking system usable? Is it hosted at the same place as the source code? (e.g. Google Code, Sourceforge)
 
|-
 
| style="width:100%; background:#C2C2C2" align="left"|<!-- Answer to question 6 goes here -->
 
|-
 
| style="width:100%; background:#white" align="left"|7. Have you noted any limitations of the tool that are not already documented by the project lead.  
 
|-
 
| style="width:100%; background:#C2C2C2" align="left"|<!-- Answer to question 7 goes here -->
 
|-
 
| style="width:100%; background:#white" align="left"|8. Would you consider using this tool in your day to day work assuming your professional work includes a reason to use this tool? Why or why not?
 
|-
 
| style="width:100%; background:#C2C2C2" align="left"|<!-- Answer to question 8 goes here -->
 
|-
 
| style="width:100%; background:#white" align="left"|9. What, if anything, is missing which would make this a more useful tool? Is what is missing critical enough to keep the release at a beta quality?
 
|-
 
| style="width:100%; background:#C2C2C2" align="left"|<!-- Answer to question 9 goes here -->
 
|}
 
  
 +
| 13. Would you consider using this tool in your day to day work assuming your professional work includes a reason to use this tool? Why or why not?
 +
= (answer #13)
  
==== GPC/OWASP Board ====
+
| 14. What, if anything, is missing which would make this a more useful tool? Is what is missing critical enough to keep the release at a beta quality?
[[User:name|'''To be decided's''']] Review: 
+
= (answer #14)
  
{|style="width:100%; background:#white" align="left"
+
}}
|style="width:100%; background:#white" align="left"|'''ALPHA RELEASE TOOL CRITERIA/PRE-ASSESSMENT CHECKLIST''' 
 
|-
 
| style="width:100%; background:#white" align="left"|1. Is your tool licensed under an open source license? 
 
|-
 
| style="width:100%; background:#C2C2C2" align="left"|Answer to question 1 goes here. Same thing below.
 
|- 
 
| style="width:100%; background:#white" align="left"|2. Is the source code and any documentation available in an online project repository? (e.g. Google Code or Sourceforge site)
 
|- 
 
| style="width:100%; background:#C2C2C2" align="left"|<!-- Answer to question 2 goes here -->
 
|-
 
| style="width:100%; background:#white" align="left"|3. Is there working code?
 
|-
 
| style="width:100%; background:#C2C2C2" align="left"|<!-- Answer to question 3 goes here -->
 
|-
 
| style="width:100%; background:#white" align="left"|4. Is there a roadmap for this project release which will take it from Alpha to Stable release? 
 
|- 
 
| style="width:100%; background:#C2C2C2" align="left"|<!-- Answer to question 4 goes here -->
 
|-
 
| style="width:100%; background:#white" align="left"|<font color="white">Field to be kept blank
 
|-
 
| style="width:100%; background:#white" align="left"|'''BETA RELEASE TOOL CRITERIA/PRE-ASSESSMENT CHECKLIST'''
 
|-
 
| style="width:100%; background:#white" align="left"|1. Are the Alpha pre-assessment items complete?
 
|-
 
| style="width:100%; background:#C2C2C2" align="left"|<!-- Answer to question 1 goes here -->
 
|- 
 
| style="width:100%; background:#white" align="left"|2. Is there an installer or stand-alone executable?
 
|- 
 
| style="width:100%; background:#C2C2C2" align="left"|<!-- Answer to question 2 goes here -->
 
|-
 
| style="width:100%; background:#white" align="left"|3. Is there user documentation on the OWASP project wiki page?
 
|-
 
| style="width:100%; background:#C2C2C2" align="left"|<!-- Answer to question 3 goes here -->
 
|-
 
| style="width:100%; background:#white" align="left"|4. Is there an "About box" or similar help item which lists:<br>
 
4.1. Project Release Name?<br>
 
4.2. Short Description?<br>
 
4.3. Project Release Lead and contact information?(e.g. email address)<br>
 
4.4. Project Release Contributors (if any)?<br>
 
4.5. License?<br>
 
4.6. Project Release Sponsors (if any)?<br>
 
4.7. Release status and date assessed as Month-Year e.g. March 2009?<br>
 
4.8. Link to OWASP Project Page?<br> 
 
|-
 
| style="width:100%; background:#C2C2C2" align="left"|<!-- Answer to question 4 goes here -->
 
|-
 
| style="width:100%; background:#white" align="left"|5. Is there documentation on how to build the tool from source including obtaining the source from the code repository?
 
|-
 
| style="width:100%; background:#C2C2C2" align="left"|<!-- Answer to question 5 goes here -->
 
|-
 
| style="width:100%; background:#white" align="left"|6. Is the tool documentation stored in the same repository as the source code?
 
|-
 
| style="width:100%; background:#C2C2C2" align="left"|<!-- Answer to question 6 goes here -->
 
|-
 
| style="width:100%; background:#white" align="left"|<font color="white">Field to be kept blank
 
|-
 
| style="width:100%; background:#white" align="left"|'''BETA RELEASE TOOL CRITERIA/REVIEWER ACTION ITEMS'''
 
|-
 
| style="width:100%; background:#white" align="left"|1. Is an installer for the tool available and easy to use? How close does it reach the goal of a fully automated installer?
 
|-
 
| style="width:100%; background:#C2C2C2" align="left"|<!-- Answer to question 1 goes here -->
 
|- 
 
| style="width:100%; background:#white" align="left"|2. Is the end user documentation complete, relevant and presented on the OWASP wiki page?
 
|- 
 
| style="width:100%; background:#C2C2C2" align="left"|<!-- Answer to question 2 goes here -->
 
|-
 
| style="width:100%; background:#white" align="left"|3. Does the tool have an “About box” or similar help item which allows the end user to get an overview of the state of this tool? Is this information readily available and easy to find?
 
|-
 
| style="width:100%; background:#C2C2C2" align="left"|<!-- Answer to question 3 goes here -->
 
|-
 
| style="width:100%; background:#white" align="left"|4. Does the documentation on building the source provide the necessary information and detail to allow someone to build the tool? Is there sufficient detail and information for the target user? Is there any domain specific knowledge that is assumed and not provided?
 
|-
 
| style="width:100%; background:#C2C2C2" align="left"|<!-- Answer to question 4 goes here -->
 
|-
 
| style="width:100%; background:#white" align="left"|5. Is the tool's documentation available with the source code and would it readily discoverable by a new user of the tool?
 
|-
 
| style="width:100%; background:#C2C2C2" align="left"|<!-- Answer to question 5 goes here -->
 
|-
 
| style="width:100%; background:#white" align="left"|<font color="white">Field to be kept blank
 
|-
 
| style="width:100%; background:#white" align="left"|'''STABLE RELEASE TOOL CRITERIA/PRE-ASSESSMENT CHECKLIST'''
 
|-
 
| style="width:100%; background:#white" align="left"|1. Are the Alpha and Beta pre-assessment items complete?
 
|-
 
| style="width:100%; background:#C2C2C2" align="left"|<!-- Answer to question 1 goes here -->
 
|- 
 
| style="width:100%; background:#white" align="left"|2. Does the tool include documentation built into the tool?
 
|- 
 
| style="width:100%; background:#C2C2C2" align="left"|<!-- Answer to question 2 goes here -->
 
|-
 
| style="width:100%; background:#white" align="left"|3. Does the tool include build scripts to automate builds?
 
|-
 
| style="width:100%; background:#C2C2C2" align="left"|<!-- Answer to question 3 goes here -->
 
|-
 
| style="width:100%; background:#white" align="left"|4. Is there a publicly accessible bug tracking system?
 
|-
 
| style="width:100%; background:#C2C2C2" align="left"|<!-- Answer to question 4 goes here -->
 
|-
 
| style="width:100%; background:#white" align="left"|5. Have any existing limitations of the tool been documented?
 
|-
 
| style="width:100%; background:#C2C2C2" align="left"|<!-- Answer to question 5 goes here -->
 
|-
 
| style="width:100%; background:#white" align="left"|<font color="white">Field to be kept blank
 
|-
 
| style="width:100%; background:#white" align="left"|'''STABLE RELEASE TOOL CRITERIA/REVIEWER ACTION ITEMS'''
 
|-
 
| style="width:100%; background:#white" align="left"|1. Have all the Beta Reviewer Action Items been completed? These will need to be completed if they have not already occurred during a previous assessment.
 
|-
 
| style="width:100%; background:#C2C2C2" align="left"|<!-- Answer to question 1 goes here -->
 
|- 
 
| style="width:100%; background:#white" align="left"|2. Does the tool substantially address the application security issues it was created to solve?
 
|- 
 
| style="width:100%; background:#C2C2C2" align="left"|<!-- Answer to question 2 goes here -->
 
|-
 
| style="width:100%; background:#white" align="left"|3. Is the tool reasonably easy to use?
 
|-
 
| style="width:100%; background:#C2C2C2" align="left"|<!-- Answer to question 3 goes here -->
 
|-
 
| style="width:100%; background:#white" align="left"|4. Does the documentation meet the needs of the tool users and is easily found? 
 
|-
 
| style="width:100%; background:#C2C2C2" align="left"|<!-- Answer to question 4 goes here -->
 
|-
 
| style="width:100%; background:#white" align="left"|5. Do the build scripts work as expected? Can you build the tool? The goal is a “One-click” build.
 
|-
 
| style="width:100%; background:#C2C2C2" align="left"|<!-- Answer to question 5 goes here -->
 
|-
 
| style="width:100%; background:#white" align="left"|6. Is the bug tracking system usable? Is it hosted at the same place as the source code? (e.g. Google Code, Sourceforge)
 
|-
 
| style="width:100%; background:#C2C2C2" align="left"|<!-- Answer to question 6 goes here -->
 
|-
 
| style="width:100%; background:#white" align="left"|7. Have you noted any limitations of the tool that are not already documented by the project lead.
 
|-
 
| style="width:100%; background:#C2C2C2" align="left"|<!-- Answer to question 7 goes here -->
 
|-
 
| style="width:100%; background:#white" align="left"|8. Would you consider using this tool in your day to day work assuming your professional work includes a reason to use this tool? Why or why not?
 
|-
 
| style="width:100%; background:#C2C2C2" align="left"|<!-- Answer to question 8 goes here -->
 
|-
 
| style="width:100%; background:#white" align="left"|9. What, if anything, is missing which would make this a more useful tool? Is what is missing critical enough to keep the release at a beta quality?
 
|-
 
| style="width:100%; background:#C2C2C2" align="left"|<!-- Answer to question 9 goes here -->
 
|}
 
  
 
__NOTOC__
 
__NOTOC__
 
<headertabs/>
 
<headertabs/>

Latest revision as of 18:24, 10 July 2009

Click here to return to project's main page

Stable Release Review of the OWASP Live CD AppSecEU May2009 Release

Project Leader for this Release

Matt Tesauro's Pre-Assessment Checklist:

(This FORM is EDITED via a template)

Alpha level

1. Is this release associated with a project containing at least the Project Wiki Page Minimum Content information?


answer 1

2. Is your tool licensed under an open source license? Please point out the link(s).


answer 2

3. Is the source code and any documentation available in an online project repository? (e.g. Google Code or Sourceforge site) Please point out the link(s).


answer 3

4. Is there working code? Please point out the link(s).


answer 4

5. Is there a roadmap for this project release which will take it from Alpha to Stable release? Please point out the link(s).


answer 5

Beta Level

6. Are the Alpha pre-assessment items complete?


answer 6

7. Is there an installer or stand-alone executable? Please point out the link(s).


answer 7

8. Is there user documentation on the OWASP project wiki page? Please point out the link(s).


answer 8

9. Is there an "About box" or similar help item which lists the following? Please point out the link(s).

  • Project Name
  • Short Description
  • Project Release Lead and contact information (e.g. email address)
  • Project Release Contributors (if any)
  • Project Release License
  • Project Release Sponsors (if any)
  • Release status and date assessed as Month-Year (e.g. March 2009)
  • Link to OWASP Project Page

answer 9

10. Is there documentation on how to build the tool from source including obtaining the source from the code repository? Please point out the link(s).


answer 10

11. Is the tool documentation stored in the same repository as the source code? Please point out the link(s).


answer 11

Stable Level

12. Are the Alpha and Beta pre-assessment items complete?


answer 12

13. Does the tool include documentation built into the tool? Please point out the link(s).


answer 13

14. Does the tool include build scripts to automate builds? Please point out the link(s)


answer 14

15. Is there a publicly accessible bug tracking system? Please point out the link(s).


answer 15

16. Have any existing limitations of the tool been documented? Please point out the link(s).


answer 16


First Reviewer

First Reviewer's Review:
Ideally, reviewers should be an existing OWASP project leader or chapter leader.

(This FORM is EDITED via a template)

Beta Release Level Questions

1. Is an installer for the tool available and easy to use? How close does it reach the goal of a fully automated installer?


(answer #1) Delete this text and place your answer here. The same for the questions below.

2. Is the end user documentation complete, relevant and presented on the OWASP wiki page?


(answer #2)

3. Does the tool have an “About box” or similar help item which allows the end user to get an overview of the state of this tool? Is this information readily available and easy to find?


(answer #3)

4. Does the documentation on building the source provide the necessary information and detail to allow someone to build the tool? Is there sufficient detail and information for the target user? Is there any domain specific knowledge that is assumed and not provided?


(answer #4)

5. Is the tool's documentation available with the source code and would it readily discoverable by a new user of the tool?


(answer #5)

6. Is there anything missing that is critical enough to keep the release at a alpha quality?


(answer #6)

Stable Release Level Questions

7. Does the tool substantially address the application security issues it was created to solve?


(answer #7)

8. Is the tool reasonably easy to use?


(answer #8)

9. Does the documentation meet the needs of the tool users and is easily found?


(answer #9)

10. Do the build scripts work as expected? Can you build the tool? The goal is a “One-click” build.


(answer #10)

11. Is the bug tracking system usable? Is it hosted at the same place as the source code? (e.g. Google Code, Sourceforge)


(answer #11)

12. Have you noted any limitations of the tool that are not already documented by the project lead.


(answer #12)

13. Would you consider using this tool in your day to day work assuming your professional work includes a reason to use this tool? Why or why not?


(answer #13)

14. What, if anything, is missing which would make this a more useful tool? Is what is missing critical enough to keep the release at a beta quality?


(answer #14)

Second Reviewer

Second Reviewer's Review:
It is recommended that an OWASP board member or Global Projects Committee member be the second reviewer on Quality releases. The board has the initial option to review the project, followed by the Global Projects Committee.

(This FORM is EDITED via a template)

Beta Release Level Questions

1. Is an installer for the tool available and easy to use? How close does it reach the goal of a fully automated installer?


(answer #1) Delete this text and place your answer here. The same for the questions below.

2. Is the end user documentation complete, relevant and presented on the OWASP wiki page?


(answer #2)

3. Does the tool have an “About box” or similar help item which allows the end user to get an overview of the state of this tool? Is this information readily available and easy to find?


(answer #3)

4. Does the documentation on building the source provide the necessary information and detail to allow someone to build the tool? Is there sufficient detail and information for the target user? Is there any domain specific knowledge that is assumed and not provided?


(answer #4)

5. Is the tool's documentation available with the source code and would it readily discoverable by a new user of the tool?


(answer #5)

6. Is there anything missing that is critical enough to keep the release at a alpha quality?


(answer #6)

Stable Release Level Questions

7. Does the tool substantially address the application security issues it was created to solve?


(answer #7)

8. Is the tool reasonably easy to use?


(answer #8)

9. Does the documentation meet the needs of the tool users and is easily found?


(answer #9)

10. Do the build scripts work as expected? Can you build the tool? The goal is a “One-click” build.


(answer #10)

11. Is the bug tracking system usable? Is it hosted at the same place as the source code? (e.g. Google Code, Sourceforge)


(answer #11)

12. Have you noted any limitations of the tool that are not already documented by the project lead.


(answer #12)

13. Would you consider using this tool in your day to day work assuming your professional work includes a reason to use this tool? Why or why not?


(answer #13)

14. What, if anything, is missing which would make this a more useful tool? Is what is missing critical enough to keep the release at a beta quality?


(answer #14)


This category currently contains no pages or media.