Difference between revisions of "Assessing Project Health"

From OWASP
Jump to: navigation, search
m (Assessing Projects moved to Assessing Project Sites: Change in how the criteria worked)
(Updated to reflect new revisions of the criteria v2)
Line 6: Line 6:
  
  
Projects themselves have a much simpler assessment criteria than releases.  Projects are categorized as active or inactiveActive status is based upon keeping the OWASP wiki page current as well as responding to periodic email queries from the Global Projects Committee.  To maintain an active status, projects must:
+
=== Assessing Project Sites ===
 +
Project sites themselves have a much simpler assessment criteria than releases.  Project sites are categorized as either "New" or "Established"The best method to illustrate the difference is to explain the progress of an example project through these categories:
  
* Keep the project template on the project wiki page up to date with current project information
+
* A security professional has an idea to address an issue in application security and proposes a new project to the Global Projects Committee (GPC).
* There is a current
+
* The GPC agrees with the proposal, gathers some initial data from the security professional and creates a new project page.
** conference style presentation that describes the tool in at least 3 slides
+
* The security professional, now the project lead, works on the project and creates a release which reaches Beta quality.
** one sheet overview document about the project
+
* The example project is still a new project but has a release of beta quality.  It will be listed at the top of the new project list since it has a Beta quality release.
* Project survey emails sent to the project mail list have response times no longer than (put time frame here).
+
* The project lead continues to work on the project release and reaches a Quality release.  The project site will then be assessed based on the criteria below and moved to the Established projects list.
  
More to come... --[[User:Mtesauro|Mtesauro]] 20:10, 20 April 2009 (UTC)
+
=== Project Site Criteria ===
 +
 
 +
The following questions will be answered by the project lead or project maintainer and be reviewed by the Global Projects Committee:
 +
 
 +
* Does the project site...  
 +
# have an up to date project template with current project information?
 +
# have a conference style presentation that describes the tool in at least 3 slides?
 +
# have a one sheet overview document about the project?
 +
# have a link to a working mail list?
 +
# have a statement of the application security issue the project addresses?
  
 
For OWASP project wiki pages, please see the Project Wiki Pages section of the [http://www.owasp.org/index.php/Guidelines_for_OWASP_Projects Guidelines for OWASP Projects] for additional suggestions/recommendations.
 
For OWASP project wiki pages, please see the Project Wiki Pages section of the [http://www.owasp.org/index.php/Guidelines_for_OWASP_Projects Guidelines for OWASP Projects] for additional suggestions/recommendations.
 +
 +
=== Archiving Project Sites ===
 +
 +
The exact criteria for archiving project sites has not yet been determined.  However, the Global Projects Committee sees that an archive of projects that are kept for historical purposes will be needed.  This page or subsequent pages will determine the situation under which project pages are archived.
 +
 +
=== Pre-existing project sites ===
 +
 +
The Global Projects Committee realizes that there are many current project sites which pre-existed the above assessment criteria.  Those project sites will be reviewed and classified in the near future.  The exact timing and methodology for addressing existing sites has not yet been determined.

Revision as of 23:52, 26 April 2009


This is a DRAFT page still under review by the Global Projects Committee

This page is maintained by the Global Projects Committee to help assist Project Leaders with information about successfully running an OWASP Project. It will be updated from time to time, and changes will be discussed and announced on the OWASP-Leaders list.


Contents

Assessing Project Sites

Project sites themselves have a much simpler assessment criteria than releases. Project sites are categorized as either "New" or "Established". The best method to illustrate the difference is to explain the progress of an example project through these categories:

  • A security professional has an idea to address an issue in application security and proposes a new project to the Global Projects Committee (GPC).
  • The GPC agrees with the proposal, gathers some initial data from the security professional and creates a new project page.
  • The security professional, now the project lead, works on the project and creates a release which reaches Beta quality.
  • The example project is still a new project but has a release of beta quality. It will be listed at the top of the new project list since it has a Beta quality release.
  • The project lead continues to work on the project release and reaches a Quality release. The project site will then be assessed based on the criteria below and moved to the Established projects list.

Project Site Criteria

The following questions will be answered by the project lead or project maintainer and be reviewed by the Global Projects Committee:

  • Does the project site...
  1. have an up to date project template with current project information?
  2. have a conference style presentation that describes the tool in at least 3 slides?
  3. have a one sheet overview document about the project?
  4. have a link to a working mail list?
  5. have a statement of the application security issue the project addresses?

For OWASP project wiki pages, please see the Project Wiki Pages section of the Guidelines for OWASP Projects for additional suggestions/recommendations.

Archiving Project Sites

The exact criteria for archiving project sites has not yet been determined. However, the Global Projects Committee sees that an archive of projects that are kept for historical purposes will be needed. This page or subsequent pages will determine the situation under which project pages are archived.

Pre-existing project sites

The Global Projects Committee realizes that there are many current project sites which pre-existed the above assessment criteria. Those project sites will be reviewed and classified in the near future. The exact timing and methodology for addressing existing sites has not yet been determined.