How to Start an OWASP Project

Starting an OWASP Project is easy. You don't have to be an application security expert. You just have to have the drive and desire to make a contribution to the application security community.

Here are some of the procedures and guidelines for running a successful OWASP project:


 * The best OWASP projects are strategic - they make it easier to produce secure applications by filling a gap in the application security knowledgebase or technology support.


 * You can run a single person project, but it's usually best to get the community involved. You should be prepared to support a mailing list, build a team, speak at conferences, and promote your project.


 * To get your project started, please contact OWASP Global Projects Committee or the OWASP [mailto:paulo.coimbra(at)owasp.org Project Manager] directly. We'll get you set up with a project wiki page, a mailing list, and subscribe you to the OWASP-Leaders list. You'll be part of setting OWASP's direction!


 * We will create a wiki page as the official homepage for your project. It will contain the  tag at the bottom.  It will also be listed in the appropriate category on the OWASP Projects page, which means that, initially, until being assessed, it will be placed alphabetically within the ‘Alpha Status Projects’ category. Exceptions to this initial placement will be made for projects that have been sponsored within OWASP 'Seasons of Code’. In this case, the projects will be listed on the category with the same name.


 * Each project page should contain a short description of what the project is about, a link to the project mailing list, contact information for the project leader, and any other information. Screenshots are highly encouraged.


 * You can have as many wiki pages as you want to support your project. Please feel free to create them yourself.  Everything posted on the wiki is reviewed by many people around the world.


 * You can contribute existing documents or tools to OWASP! Assuming you have the intellectual property rights to a work, you can open it to the world as an OWASP Project. Please coordinate this with OWASP by contacting owasp(at)owasp.org.


 * You should promote your project through the OWASP channels as well as by outside means. Get people to blog about it!