Category:OWASP Live CD Project - AppSecEU May2009 Release - Assessment

1. Is your tool licensed under an open source license?

Yes yes yes

2. Is the source code and any documentation available in an online project repository? (e.g. Google Code or Sourceforge site)

Yes yes yes

3. Is there working code?

4. Is there a roadmap for this project release which will take it from Alpha to Stable release?

5. Are the Alpha pre-assessment items complete?

6. Is there an installer or stand-alone executable?

7. Is there user documentation on the OWASP project wiki page?

8. Is there an "About box" or similar help item which lists the following?

• Project Name
• Short Description
• Project Lead and contact information (e.g. email address)
• Project Contributors (if any)
• License
• Project Sponsors (if any)
• Release status and date assessed as Month-Year (e.g. March 2009)
• Link to OWASP Project Page
  

9. Is there documentation on how to build the tool from source including obtaining the source from the code repository?

10. Is the tool documentation stored in the same repository as the source code?

11. Are the Alpha and Beta pre-assessment items complete?

12. Does the tool include documentation built into the tool?

13. Does the tool include build scripts to automate builds?

14. Is there a publicly accessible bug tracking system?

15. Have any existing limitations of the tool been documented?

1. Is an installer for the tool available and easy to use? How close does it reach the goal of a fully automated installer?

YES/YES Delete this text and place your answer here.

2. Is the end user documentation complete, relevant and presented on the OWASP wiki page?

Delete this text and place your answer here.

3. Does the tool have an “About box” or similar help item which allows the end user to get an overview of the state of this tool? Is this information readily available and easy to find?

Delete this text and place your answer here.

4. Does the documentation on building the source provide the necessary information and detail to allow someone to build the tool? Is there sufficient detail and information for the target user? Is there any domain specific knowledge that is assumed and not provided?

Delete this text and place your answer here.

5. Is the tool's documentation available with the source code and would it readily discoverable by a new user of the tool?

Delete this text and place your answer here.

6. Does the tool substantially address the application security issues it was created to solve?

Delete this text and place your answer here.

7. Is the tool reasonably easy to use?

Delete this text and place your answer here.

8. Does the documentation meet the needs of the tool users and is easily found?

Delete this text and place your answer here.

9. Do the build scripts work as expected? Can you build the tool? The goal is a “One-click” build.

Delete this text and place your answer here.

10. Is the bug tracking system usable? Is it hosted at the same place as the source code? (e.g. Google Code, Sourceforge)

Delete this text and place your answer here.

11. Have you noted any limitations of the tool that are not already documented by the project lead.

Delete this text and place your answer here.

12. Would you consider using this tool in your day to day work assuming your professional work includes a reason to use this tool? Why or why not?

Delete this text and place your answer here.

13. What, if anything, is missing which would make this a more useful tool? Is what is missing critical enough to keep the release at a beta quality?

Delete this text and place your answer here.

1. Is an installer for the tool available and easy to use? How close does it reach the goal of a fully automated installer?

Delete this text and place your answer here.

2. Is the end user documentation complete, relevant and presented on the OWASP wiki page?

Delete this text and place your answer here.

3. Does the tool have an “About box” or similar help item which allows the end user to get an overview of the state of this tool? Is this information readily available and easy to find?

Delete this text and place your answer here.

4. Does the documentation on building the source provide the necessary information and detail to allow someone to build the tool? Is there sufficient detail and information for the target user? Is there any domain specific knowledge that is assumed and not provided?

Delete this text and place your answer here.

5. Is the tool's documentation available with the source code and would it readily discoverable by a new user of the tool?

Delete this text and place your answer here.

6. Does the tool substantially address the application security issues it was created to solve?

Delete this text and place your answer here.

7. Is the tool reasonably easy to use?

Delete this text and place your answer here.

8. Does the documentation meet the needs of the tool users and is easily found?

Delete this text and place your answer here.

9. Do the build scripts work as expected? Can you build the tool? The goal is a “One-click” build.

Delete this text and place your answer here.

10. Is the bug tracking system usable? Is it hosted at the same place as the source code? (e.g. Google Code, Sourceforge)

Delete this text and place your answer here.

11. Have you noted any limitations of the tool that are not already documented by the project lead.

Delete this text and place your answer here.

12. Would you consider using this tool in your day to day work assuming your professional work includes a reason to use this tool? Why or why not?

Delete this text and place your answer here.

13. What, if anything, is missing which would make this a more useful tool? Is what is missing critical enough to keep the release at a beta quality?

Delete this text and place your answer here.