Difference between revisions of "Category:OWASP Release Quality Tool"

From OWASP
Jump to: navigation, search
(New page: The OWASP Release Quality Tool category should be used to mark any project that, having into account the OWASP Assessment Methodology, has reached Re...)
 
 
(One intermediate revision by one user not shown)
Line 1: Line 1:
The OWASP Release Quality Tool category should be used to mark any project that, having into account the [[:Category:OWASP Project Assessment|OWASP Assessment Methodology]], has reached Release Quality level by fulfilling the following criteria:
+
The OWASP Release Quality Tool category should be used to mark any project/tool that has reached [[:Category:OWASP_Project_Assessment#Release_Quality_Tool_Criteria|Release Quality]] level.
 
+
=== Release Quality Tool Criteria ===
+
{| style="width:100%" border="0" align="center"
+
! colspan="4" align="center" style="background:#white; color:black"|
+
|-
+
| style="width:10%; background:#C2C2C2" align="center"| '''Class'''
+
| style="width:60%; background:#C2C2C2" align="center"| '''Criteria''' 
+
| style="width:20%; background:#C2C2C2" align="center"| '''Review Process''' 
+
| style="width:10%; background:#C2C2C2" align="center"| '''Example'''
+
|-
+
| style="width:10%; background:#f2984c" align="center"|'''[[:Category:OWASP Project#Release_Quality_Projects|Release Quality OWASP Tools]]'''
+
| style="width:60%; background:#e6e6e6" align="left"|
+
All Beta Quality Requirements plus:
+
* Be reasonably easy to use
+
* Include online documention built into tool (based on required user documentation)
+
* Include build scripts that facilitate building the application from source (Goal: One-click build)
+
* Publicly accessible bug tracking system established, ideally at the same place as the source code repository (e.g., at Google code, or Sourceforge)
+
* Be run through [https://opensource.fortify.com/teamserver/welcome.fhtml Fortify Software's open source review] (if appropriate) and [http://findbugs.sourceforge.net/ FindBugs].
+
**WebGoat would not be appropriate for example since it would light up like a Christmas tree :-)
+
* C/C++ apps (if we have any) should consider being run through [http://scan.coverity.com/ Coverity's open source review]. Coverity also accepts submissions for open source Java applications.
+
* When approved to be Release Quality: Update the link to it on: the [[:Category:OWASP_Project | OWASP Project]] page and update its project quality tag on its project page to be Release Quality.
+
'''Recommendations:'''
+
* Conference style Powerpoint presentation that describes the use and status of the tool. (This could be used by others to discuss the tool at OWASP Chapter meetings, serve as easy to review offline documentation, etc.)
+
* UAT pass on functionality of the tool
+
* Developer documents any limitations
+
| style="width:20%; background:#e6e6e6" align="left"|
+
* '''Requirement''': 2 Reviewers + 1 OWASP Board Member.
+
** If possible, the project's lead should suggest two Project Reviewers.  One of them should be an OWASP Project or Chapter Leader.
+
** If the project's lead can't find the Project Reviewers, the OWASP Board will identify them. The same will happen whenever the reviewers suggested do not have the required approval.
+
| style="width:10%; background:#e6e6e6" align="center"|[[OWASP WebGoat Project|OWASP WebGoat Project]]
+
|-
+
|}
+

Latest revision as of 07:40, 20 January 2009

The OWASP Release Quality Tool category should be used to mark any project/tool that has reached Release Quality level.

Subcategories

This category has the following 5 subcategories, out of 5 total.

O

Pages in category "OWASP Release Quality Tool"

The following 4 pages are in this category, out of 4 total.