Assessment Criteria v2.0

Revision as of 22:48, 30 March 2009 by Mtesauro (talk | contribs) (Assessing a project)

Jump to: navigation, search
This is a DRAFT page still under review by the Global Projects Committee

This page is maintained by the Global Projects Committee to help assist Project Leaders with information about successfully running an OWASP Project. It will be updated from time to time, and changes will be discussed and announced on the OWASP-Leaders list.


OWASP created the project assessment criteria to define the quality levels for OWASP Projects with the purpose of evaluating all OWASP projects. The overall goal was to ensure that consistent quality levels are maintained by OWASP projects. This benefits both the external audience and those working on projects. The criteria allows the external audience to determine the quality of any OWASP project they are considering. For project members, it provides a method to measure the quality of their project in relation to other OWASP projects. Additionally, the criteria allows for excellent contributions to be recognized and projects which need further work to be identified.

Currently, OWASP projects fall into three primary categories:

  • Tools
  • Documents
  • Activities and Research

The Tools and Documents categories are easily understood. The Activities and Research category is less obvious and is used for projects which either have multiple sub-projects or have deliverables which fall into both the tools and documents category. Thus, Activities and Research can be used for parent projects that cover multiple smaller sub-projects. Some examples will make this clearer:

    • Java
    • .Net
    • PHP
    • ...
  • OWASP Guides
    • Testing Guide
    • Development Guide
    • Code Review Guide
    • ASDR (Application Security Desk Reference)
  • OWASP OpenPGP Extensions for HTTP - Enigform and mod_openpgp

All existing projects and their current ratings are here. Any new OWASP project and its deliverables will be assessed based on the criteria below as well as any Season of Code project. The goal is to eventually have all OWASP project deliverables, past and future, assessed under a version of this criteria. The initial set of assessment criteria was created for the OWASP Summer of Code 2008 and was designated version 1.0. The current version below was derived from version 1.0 and is version 2.0. Labelling any new criteria with a version number allows for graceful transitions to occur should any criteria change.

Assessing a project

Any OWASP project will consist of two critical pieces:

  • the project's OWASP Wiki page
  • one or more project deliverables

More to follow --Mtesauro 03:48, 31 March 2009 (UTC)