Guidelines for Reviewing OWASP projects

From OWASP
Jump to: navigation, search
THIS ARTICLE IS A DRAFT 

This page will contain detailed guidelines for OWASP Project reviewers (usually part of a Season of Code initiative or when a project is reviewed according with the Project Assessment Criteria):

  • Be reasonably easy to use
  • Include online documention built into tool (based on required user documentation)
  • Include build scripts that facilitate building the application from source (Goal: One-click build)
  • Publicly accessible bug tracking system established, ideally at the same place as the source code repository (e.g., at Google code, or Sourceforge)
  • Be run through Fortify Software's open source review (if appropriate) and FindBugs.
  • When approved to be Release Quality: Update the link to it on: the OWASP Project page and update its project quality tag on its project page to be Release Quality.


a review undertaking consists at least in the following tasks.

  1. Make sure that the project’s roadmap has been accomplished,
  2. Having into account which was the project’s status target (Quality Status in this case), check project stage/features against the OWASP Assessment Criteria,
  3. Point out scientific/technical and methodological mistakes, propose paths to follow, propose tools and documentation/bibliography to be studied and consulted.


More details here: http://owaspsoc2008.wordpress.com/2008/07/15/assessment-guidance

The guidelines need to be linked here: https://www.owasp.org/index.php/Category:OWASP_Project_Assessment

And here is an example of an assessment Google excel spreadsheet check list: https://spreadsheets.google.com/a/owasp.org/ccc?key=pAX6n7m2zaTWJtelVmV_oMQ&hl=en