Guidelines for Reviewing OWASP projects
THIS ARTICLE IS A DRAFT
This page will contain detailed guidelines for OWASP Project reviewers (usually part of a Season of Code initiative or when a project is reviewed according with the Project Assessment Criteria):
- Be reasonably easy to use
- Include online documention built into tool (based on required user documentation)
- Include build scripts that facilitate building the application from source (Goal: One-click build)
- Publicly accessible bug tracking system established, ideally at the same place as the source code repository (e.g., at Google code, or Sourceforge)
- Be run through Fortify Software's open source review (if appropriate) and FindBugs.
- When approved to be Release Quality: Update the link to it on: the OWASP Project page and update its project quality tag on its project page to be Release Quality.
a review undertaking consists at least in the following tasks.
- Make sure that the project’s roadmap has been accomplished,
- Having into account which was the project’s status target (Quality Status in this case), check project stage/features against the OWASP Assessment Criteria,
- Point out scientific/technical and methodological mistakes, propose paths to follow, propose tools and documentation/bibliography to be studied and consulted.
More details here: http://owaspsoc2008.wordpress.com/2008/07/15/assessment-guidance
The guidelines need to be linked here: https://www.owasp.org/index.php/Category:OWASP_Project_Assessment
And here is an example of an assessment Google excel spreadsheet check list: https://spreadsheets.google.com/a/owasp.org/ccc?key=pAX6n7m2zaTWJtelVmV_oMQ&hl=en