|
|
| (81 intermediate revisions by 6 users not shown) |
| Line 1: |
Line 1: |
| − | = '''(Work in progress)''' = | + | == Overview == |
| | | | |
| − | [http://www.owasp.org/index.php/Category:OWASP_Project From OWASP Project]
| + | OWASP has created a system to review projects and the project's releases to determine the quality level achieved. The initial creation of an assessment criteria was created for the OWASP Summer of Code 2008. Though created to benchmark the quality of SoC 2008 projects, it was also applied to new projects created outside the SoC 2008 process. As work began to create the Season of Code 2009 (SoC 2009), the lessons learned by using the first Assessment Criteria were used as input to a new version. The original Assessment Criteria - now called version 1 - was the basis for this new methodology. As a result of reviewing the use of the Assessment Criteria v1 (AC v1), a new assessment criteria was developed that split the review process into projects and releases. Starting with the SoC 2009, AC v2 will be the assessment criteria used to judge the quality of all SoC and new projects. |
| | | | |
| | + | == Versions of the Assessment Criteria == |
| | | | |
| − | This '''assessment area''' focuses on assessing the quality of OWASP TOOLS and DOCUMENTATION (Projects). The resulting ratings are used within the project to aid in recognizing excellent contributions and identifying topics in need of further work.
| + | The current assessment criteria is the [[Assessment Criteria v2.0]] |
| | | | |
| | + | Previous versions: |
| | + | * [[Assessment Criteria v1.0]] |
| | | | |
| − | == FAQ ==
| + | [[Category:Global_Projects_Committee]] |
| − | | |
| − | ; 1. What is the purpose of the project ratings? : The rating system allows OWASP to monitor the quality of Projects in our subject areas, and to prioritize work on these projects. It is also utilized to prepare for static releases of Wikipedia content.
| |
| − | ; 2. How do I add an project (tool or documentation) to the OWASP Projects? : To propose a new project, please send an email to [mailto:[email protected]?subject=New_OWASP_Project_idea [email protected]] | |
| − | ; 3. Who can assess projects? : WORK IN PROGRESS
| |
| − | ; 4. Why didn't the reviewer leave any comments? : Unfortunately, due to the volume of projects that need to be assessed, we are unable to leave detailed comments in most cases. If you have particular questions, you might ask the person who assessed the project; they will usually be happy to provide you with their reasoning.
| |
| − | ; 5. What if I don't agree with a rating? : You can list it in the [[:Category:OWASP Project Assessment#Requests for assessment|section for assessment requests]] below, and someone will take a look at it. Alternately, you can ask any member of the project to rate the project again.
| |
| − | ; 6. Aren't the ratings subjective? : Yes, they are somewhat subjective, but it's the best system we've been able to devise. If you have a better idea, please don't hesitate to let us know!
| |
| − | ; 7. What if I have a question not listed here? : If your question concerns the project assessment process specifically, please refer to the discussion page for this department; for any other issues, you can contact the [ mailto: [email protected] OWASP] or its [ [email protected] Project Manager] directly. | |
| − | | |
| − | == Assessment Scale for OWASP TOOLS Projects==
| |
| − | {| class="wikitable" style="align: left; margin-right: 1em; "
| |
| − | |-
| |
| − | ! width="200" align="CENTER" valign="MIDDLE" | '''Class'''
| |
| − | ! width="700" align="CENTER" valign="MIDDLE" | '''Criteria'''
| |
| − | ! width="200" align="CENTER" valign="MIDDLE" | '''Example'''
| |
| − | |-
| |
| − | | |
| − | | style="background:#f2984c"|'''[[:Category:OWASP Project|Release Quality OWASP Tools]]'''
| |
| − | |'''To be reasonably useful:'''
| |
| − | * Be reasonably easy to use
| |
| − | * Have an easy to use installer
| |
| − | * Include user documentation
| |
| − | * Include documentation on how to build it from code
| |
| − | * Add a common About Box or help menu
| |
| − | **(regardless of language which lists name of tool, author, e-mail address of author, current version number and/or release date)
| |
| − | | |
| − | '''Recommendations:'''
| |
| − | * Include online documention built into tool (based on required user documentation)
| |
| − | * Java projects (if appropriate) should be run through [http://opensource.fortifysoftware.com/welcome.html Fortify Software] engine.
| |
| − | [WebGoat would not be appropriate for example since it would light up like a Christmas tree :-)]
| |
| − | | |
| − | '''Additional suggestions / contributions'''
| |
| − | * Include UAT pass on functionality requirements of the tool
| |
| − | * Ask the developers to document any limitations
| |
| − | * Question Human Computer Interaction (HCI) and the user interface
| |
| − | * Overview of scanning the codebase findings (say findbugs)
| |
| − | | [[OWASP WebGoat Project|OWASP WebGoat Project]]
| |
| − | |-
| |
| − | | style="background:#ffcc66"|'''[[:Category:OWASP Project|Beta Quality OWASP Tools]]'''
| |
| − | | WORK IN PROGRESS
| |
| − | | [[:Category:OWASP AntiSamy Project|OWASP AntiSamy Project]]
| |
| − | |-
| |
| − | | style="background:#ffff66"|'''[[:Category:OWASP Project|Alpha Quality OWASP Tools]]'''
| |
| − | |
| |
| − | * Agree to OWASP's open source license
| |
| − | * Create a project page at OWASP that describes:
| |
| − | **the tool, the project leader,contact info, and includes a download link for the executable version.
| |
| − | * Have its code in Googlecode, or Sourceforge
| |
| − | * Mailing list for project created
| |
| − | | [[:Category:OWASP CSRFTester Project|OWASP CSRFTester Project]]
| |
| − | |-
| |
| − | |}
| |
| − | | |
| − | == Assessment Scale for OWASP DOCUMENTATION Projects==
| |
| − | {| class="wikitable" style="align: left; margin-right: 1em; "
| |
| − | |-
| |
| − | ! width="200" align="CENTER" valign="MIDDLE" | '''Class'''
| |
| − | ! width="700" align="CENTER" valign="MIDDLE" | '''Criteria'''
| |
| − | ! width="200" align="CENTER" valign="MIDDLE" | '''Example'''
| |
| − | |-
| |
| − | | |
| − | |style="background:#f2984c"|'''[[:Category:OWASP Project|Release Quality OWASP Documentation]]'''
| |
| − | | WORK IN PROGRESS - WORK IN PROGRESS
| |
| − | | [[:Category:OWASP AppSec FAQ Project|OWASP AppSec FAQ Project]]
| |
| − | |-
| |
| − | | style="background:#ffcc66"|'''[[:Category:OWASP Project|Beta Quality OWASP Documentation]]'''
| |
| − | | WORK IN PROGRESS - WORK IN PROGRESS
| |
| − | | [[:Category:OWASP CLASP Project|OWASP CLASP Project]]
| |
| − | |-
| |
| − | | style="background:#ffff66"|'''[[:Category:OWASP Project|Alpha Quality OWASP Documentation]]'''
| |
| − | |
| |
| − | * Agree to OWASP's open source license
| |
| − | * Create a project page at OWASP that describes:
| |
| − | ** WORK IN PROGRESS
| |
| − | * Mailing list for project created
| |
| − | | [[:Category:OWASP AJAX Security Project|OWASP AJAX Security Project]]
| |
| − | |-
| |
| − | |}
| |
| − | | |
| − | == Requests for assessment ==
| |
| − | | |
| − | If you have made significant changes to an project and would like an outside opinion on a new rating for it, please feel free to list it below.
| |
| − | | |
| − | # Here
| |
| − | # Or here
| |
| − | # ''Add new requests above this line'' <!-- PLEASE DO NOT REMOVE OR CHANGE THIS LINE -->
| |
OWASP has created a system to review projects and the project's releases to determine the quality level achieved. The initial creation of an assessment criteria was created for the OWASP Summer of Code 2008. Though created to benchmark the quality of SoC 2008 projects, it was also applied to new projects created outside the SoC 2008 process. As work began to create the Season of Code 2009 (SoC 2009), the lessons learned by using the first Assessment Criteria were used as input to a new version. The original Assessment Criteria - now called version 1 - was the basis for this new methodology. As a result of reviewing the use of the Assessment Criteria v1 (AC v1), a new assessment criteria was developed that split the review process into projects and releases. Starting with the SoC 2009, AC v2 will be the assessment criteria used to judge the quality of all SoC and new projects.
