Guidelines for Reviewing OWASP projects

(draft mode)

This page will contain detailed guidelines for OWASP Project reviewers (usually part of a Season of Code initiative or when a project is reviewed according with the Project Assessment Criteria):


 * Be reasonably easy to use
 * Include online documention built into tool (based on required user documentation)
 * Include build scripts that facilitate building the application from source (Goal: One-click build)
 * Publicly accessible bug tracking system established, ideally at the same place as the source code repository (e.g., at Google code, or Sourceforge)
 * Be run through Fortify Software's open source review (if appropriate) and FindBugs.
 * When approved to be Release Quality: Update the link to it on: the OWASP Project page and update its project quality tag on its project page to be Release Quality.

a review undertaking consists at least in the following tasks.
 * 1) Make sure that the project’s roadmap has been accomplished,
 * 2) Having into account which was the project’s status target (Quality Status in this case), check project stage/features against the OWASP Assessment Criteria,
 * 3) Point out scientific/technical and methodological mistakes, propose paths to follow, propose tools and documentation/bibliography to be studied and consulted.

(link to Excel document template with all items to review)