Wednesday, June 17, 2009

OWASP Project Assessment Criteria v2.0

For more information, see http://www.owasp.org/index.php/Assessment_Criteria_v2.0

Overview

OWASP created the project assessment criteria to define the quality levels for OWASP Projects with the purpose of evaluating all OWASP projects. The overall goal was to ensure that consistent quality levels are maintained by OWASP projects. This benefits both the external audience and those working on projects. The criteria allows the external audience to determine the quality of any OWASP project they are considering. For project members, it provides a method to measure the quality of their project in relation to other OWASP projects. Additionally, the criteria allows for excellent contributions to be recognized and projects which need further work to be identified.

Currently, OWASP projects fall into three primary categories:

  • Tools
  • Documents
  • Activities and Research


The Tools and Documents categories are easily understood. The Activities and Research category is less obvious and is used for projects which either have multiple sub-projects or have project releases which fall into both the tools and documents category. Thus, Activities and Research can be used for parent projects that cover multiple smaller sub-projects. Some examples will make this clearer:

  • OWASP ESAPI
    • Java
    • .Net
    • PHP
    • ...
  • OWASP Guides
    • Testing Guide
    • Development Guide
    • Code Review Guide
    • ASDR (Application Security Desk Reference)
  • OWASP OpenPGP Extensions for HTTP - Enigform and mod_openpgp


All existing projects and their current ratings are here. Any new OWASP project and its releases will be assessed based on the criteria below as well as any new Season of Code project. The goal is to eventually have all OWASP projects and releases, past and future, assessed under a version of this criteria. The initial set of assessment criteria was created for the OWASP Summer of Code 2008 and was designated version 1.0. The current version below was derived from version 1.0 and is version 2.0. Labelling any new criteria with a version number allows for graceful transitions to occur should any criteria change.

Assessing a project

Any OWASP project will consist of two critical pieces:

  • the project's health
  • one or more project releases


Each of these pieces will be have different methods with which they are reviewed.

People and Projects

Depending on the size and scope of a project, the roles below may be done by separate parties or a single individual may take on multiple roles. Roles vary in their level on involvement with the project, the areas of involvement, their lifespan with a project, etc.

  • Project Leader
  • Project Maintainer
  • Project Contributor
  • Project Reviewer
  • Project Mentor

Each role will be described in the next revision of this document --Mtesauro 16:09, 4 May 2009 (UTC)

0 Comments:

Post a Comment

Subscribe to Post Comments [Atom]

<< Home