Blank Stable Release Tool Example

From OWASP
Revision as of 23:20, 20 June 2009 by Mtesauro (Talk | contribs)

Jump to: navigation, search

Click here to return to the tool assessment criteria

Stable Release Review of [Project Name] [Release Name and Version]

Project Leader for this Release

[Project Lead]'s Pre-Assessment Checklist:

Alpha level

1. Is your tool licensed under an open source license?

2. Is the source code and any documentation available in an online project repository? (e.g. Google Code or Sourceforge site)

3. Is there working code?

4. Is there a roadmap for this project release which will take it from Alpha to Stable release?

Beta Level

5. Are the Alpha pre-assessment items complete?

6. Is there an installer or stand-alone executable?

7. Is there user documentation on the OWASP project wiki page?

8. Is there an "About box" or similar help item which lists the following:

  • Project Name?
  • Short Description?
  • Project Lead and contact information?(e.g. email address)
  • Project Contributors (if any)?
  • License?
  • Project Sponsors (if any)?
  • Release status and date assessed as Month-Year e.g. March 2009?
  • Link to OWASP Project Page?

9. Is there documentation on how to build the tool from source including obtaining the source from the code repository?

10. Is the tool documentation stored in the same repository as the source code?

Stable Level

11. Are the Alpha and Beta pre-assessment items complete?

12. Does the tool include documentation built into the tool?

13. Does the tool include build scripts to automate builds?

14. Is there a publicly accessible bug tracking system?

15. Have any existing limitations of the tool been documented?



First Reviewer

[First Reviewer]'s Review:

Beta Release Level Questions

1. Is an installer for the tool available and easy to use? How close does it reach the goal of a fully automated installer?


Delete this text and place your answer here.


2. Is the end user documentation complete, relevant and presented on the OWASP wiki page?


Delete this text and place your answer here.


3. Does the tool have an “About box” or similar help item which allows the end user to get an overview of the state of this tool? Is this information readily available and easy to find?


Delete this text and place your answer here.


4. Does the documentation on building the source provide the necessary information and detail to allow someone to build the tool? Is there sufficient detail and information for the target user? Is there any domain specific knowledge that is assumed and not provided?


Delete this text and place your answer here.


5. Is the tool's documentation available with the source code and would it readily discoverable by a new user of the tool?


Delete this text and place your answer here.


Stable Release Level Questions

6. Does the tool substantially address the application security issues it was created to solve?


Delete this text and place your answer here.


7. Is the tool reasonably easy to use?


Delete this text and place your answer here.


8. Does the documentation meet the needs of the tool users and is easily found?


Delete this text and place your answer here.


9. Do the build scripts work as expected? Can you build the tool? The goal is a “One-click” build.


Delete this text and place your answer here.


10. Is the bug tracking system usable? Is it hosted at the same place as the source code? (e.g. Google Code, Sourceforge)


Delete this text and place your answer here.


11. Have you noted any limitations of the tool that are not already documented by the project lead.


Delete this text and place your answer here.


12. Would you consider using this tool in your day to day work assuming your professional work includes a reason to use this tool? Why or why not?


Delete this text and place your answer here.


13. What, if anything, is missing which would make this a more useful tool? Is what is missing critical enough to keep the release at a beta quality?


Delete this text and place your answer here.



Second Reviewer

[Second Reviewer]'s Review:
Second Review was a member of the OWASP Board/Global Projects Committee/OWASP Leaders List

Beta Release Level Questions

1. Is an installer for the tool available and easy to use? How close does it reach the goal of a fully automated installer?


Delete this text and place your answer here.


2. Is the end user documentation complete, relevant and presented on the OWASP wiki page?


Delete this text and place your answer here.


3. Does the tool have an “About box” or similar help item which allows the end user to get an overview of the state of this tool? Is this information readily available and easy to find?


Delete this text and place your answer here.


4. Does the documentation on building the source provide the necessary information and detail to allow someone to build the tool? Is there sufficient detail and information for the target user? Is there any domain specific knowledge that is assumed and not provided?


Delete this text and place your answer here.


5. Is the tool's documentation available with the source code and would it readily discoverable by a new user of the tool?


Delete this text and place your answer here.


Stable Release Level Questions

6. Does the tool substantially address the application security issues it was created to solve?


Delete this text and place your answer here.


7. Is the tool reasonably easy to use?


Delete this text and place your answer here.


8. Does the documentation meet the needs of the tool users and is easily found?


Delete this text and place your answer here.


9. Do the build scripts work as expected? Can you build the tool? The goal is a “One-click” build.


Delete this text and place your answer here.


10. Is the bug tracking system usable? Is it hosted at the same place as the source code? (e.g. Google Code, Sourceforge)


Delete this text and place your answer here.


11. Have you noted any limitations of the tool that are not already documented by the project lead.


Delete this text and place your answer here.


12. Would you consider using this tool in your day to day work assuming your professional work includes a reason to use this tool? Why or why not?


Delete this text and place your answer here.


13. What, if anything, is missing which would make this a more useful tool? Is what is missing critical enough to keep the release at a beta quality?


Delete this text and place your answer here.