Category:OWASP Release Quality Tool

From OWASP
Revision as of 07:29, 20 January 2009 by Paulo Coimbra (Talk | contribs)

(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to: navigation, search

The OWASP Release Quality Tool category should be used to mark any project that, having into account the OWASP Assessment Methodology, has reached Release Quality level by fulfilling the following criteria:

Release Quality Tool Criteria

Class Criteria Review Process Example
Release Quality OWASP Tools

All Beta Quality Requirements plus:

  • Be reasonably easy to use
  • Include online documention built into tool (based on required user documentation)
  • Include build scripts that facilitate building the application from source (Goal: One-click build)
  • Publicly accessible bug tracking system established, ideally at the same place as the source code repository (e.g., at Google code, or Sourceforge)
  • Be run through Fortify Software's open source review (if appropriate) and FindBugs.
    • WebGoat would not be appropriate for example since it would light up like a Christmas tree :-)
  • C/C++ apps (if we have any) should consider being run through Coverity's open source review. Coverity also accepts submissions for open source Java applications.
  • When approved to be Release Quality: Update the link to it on: the OWASP Project page and update its project quality tag on its project page to be Release Quality.

Recommendations:

  • Conference style Powerpoint presentation that describes the use and status of the tool. (This could be used by others to discuss the tool at OWASP Chapter meetings, serve as easy to review offline documentation, etc.)
  • UAT pass on functionality of the tool
  • Developer documents any limitations
  • Requirement: 2 Reviewers + 1 OWASP Board Member.
    • If possible, the project's lead should suggest two Project Reviewers. One of them should be an OWASP Project or Chapter Leader.
    • If the project's lead can't find the Project Reviewers, the OWASP Board will identify them. The same will happen whenever the reviewers suggested do not have the required approval.
OWASP WebGoat Project

Subcategories

This category has the following 4 subcategories, out of 4 total.

Pages in category "OWASP Release Quality Tool"

The following 5 pages are in this category, out of 5 total.