Assessment Criteria v2.0
This is a DRAFT page still under review by the Global Projects Committee
This page is maintained by the Global Projects Committee to help assist Project Leaders with information about successfully running an OWASP Project. It will be updated from time to time, and changes will be discussed and announced on the OWASP-Leaders list.
OWASP created the project assessment criteria to define the quality levels for OWASP Projects with the purpose of evaluating all OWASP projects. The overall goal was to ensure that consistent quality levels are maintained by OWASP projects. This benefits both the external audience and those working on projects. The criteria allows the external audience to determine the quality of any OWASP project they are considering. For project members, it provides a method to measure the quality of their project in relation to other OWASP projects. Additionally, the criteria allows for excellent contributions to be recognized and projects which need further work to be identified.
Currently, OWASP projects fall into three primary categories:
- Activities and Research
The Tools and Documents categories are easily understood. The Activities and Research category is less obvious and is used for projects which either have multiple sub-projects or have deliverables which fall into both the tools and documents category. Thus, Activities and Research can be used for parent projects that cover multiple smaller sub-projects. Some examples will make this clearer:
- OWASP ESAPI
- OWASP Guides
- Testing Guide
- Development Guide
- Code Review Guide
- ASDR (Application Security Desk Reference)
- OWASP OpenPGP Extensions for HTTP - Enigform and mod_openpgp
All existing projects and their current ratings are here. Any new OWASP project and its releases will be assessed based on the criteria below as well as any Season of Code project. The goal is to eventually have all OWASP projects and releases, past and future, assessed under a version of this criteria. The initial set of assessment criteria was created for the OWASP Summer of Code 2008 and was designated version 1.0. The current version below was derived from version 1.0 and is version 2.0. Labelling any new criteria with a version number allows for graceful transitions to occur should any criteria change.
Assessing a project
Any OWASP project will consist of two critical pieces:
- the project itself (primarily the OWASP Wiki page)
- one or more project releases
Each of these pieces will be have different methods with which they are reviewed.
People and projects
Depending on the size and scope of a project, the roles below may be done by separate parties or a single individual may take on multiple roles. Roles vary in their level on involvement with the project, the areas of involvement, their lifespan with a project, etc.
- Project Leader
- Project Maintainer
- Project Contributor
- Project Reviewer
- Project Mentor
Each role will be described in the next revision of this document
More to follow --Mtesauro 19:21, 20 April 2009 (UTC)