Difference between revisions of "How to Start an OWASP Project"

From OWASP
Jump to: navigation, search
m (OWASP Recommended Licenses)
(28 intermediate revisions by 9 users not shown)
Line 1: Line 1:
 +
== So you want to start a project... ==
 +
 
Starting an OWASP Project is easy.  You don't have to be an application security expert.  You just have to have the drive and desire to make a contribution to the application security community.
 
Starting an OWASP Project is easy.  You don't have to be an application security expert.  You just have to have the drive and desire to make a contribution to the application security community.
  
Here are some of the procedures and guidelines for running a successful OWASP project:
+
Here are some of the guidelines for running a successful OWASP project:
  
* The best OWASP projects are strategic - they make it easier to produce secure applications by filling a gap in the application security knowledgebase or technology support.
+
* The best OWASP projects are strategic - they make it easier to produce secure applications by filling a gap in the application security knowledge-base or technology support.
  
* You ''can'' a single person project, but it's usually best to get the community involved.  You should be prepared to support a mailing list, build a team, speak at conferences, and promote your project.
+
* You ''can'' run a single person project, but it's usually best to get the community involved.  You should be prepared to support a mailing list, build a team, speak at conferences, and promote your project.
  
* To get your project started, please contact owasp@owasp.org.  We'll get you set up with a project wiki page, a mailing list, and subscribe you to the OWASP-Leaders list. You'll be part of setting OWASP's direction!
+
* You can contribute existing documents or tools to OWASP! Assuming you have the intellectual property rights to a work, you can open it to the world as an OWASP Project. Please coordinate this with OWASP by contacting owasp(at)owasp.org.
  
* You will create a wiki page as the official homepage for your project.  It must contain the [[Category:OWASP Project]] tag at the bottom. It must also be listed in the appropriate category on the [[:Category:OWASP Project]] page.
+
* Available Grants to consider if you need funding - [https://www.owasp.org/index.php/Grants Click Here]
  
* Each project page should contain a short description of what the project is about, a link to the project mailing list, contact information for the project leader, and any other informationScreenshots are highly encouraged.
+
* You should promote your project through the OWASP channels as well as by outside meansGet people to blog about it!
  
* You can have as many wiki pages as you want to support your project.  Please feel free to create them yourself.  Everything posted on the wiki is reviewed by many people around the world.
+
== Creating a new project ==
  
* You can contribute existing documents or tools to OWASP! Assuming you have the intellectual property rights to a work, you can open it to the world as an OWASP Project. Please coordinate this with OWASP by contacting owasp@owasp.org.
+
[http://sl.owasp.org/new-project Here's the simple process for starting a new OWASP Project].
 +
<br>
 +
* Get the following information together:
  
* You should promote your project through the OWASP channels as well as by outside means. Get people to blog about it!
+
A - PROJECT
 +
# Project Name,
 +
# Project purpose / overview,
 +
# Project Roadmap,
 +
# Project links (if any) to external sites,
 +
# [http://www.owasp.org/index.php/Guidelines_for_OWASP_Projects#Project_Licensing Project License],
 +
# Project Leader name,
 +
# Project Leader email address,
 +
# Project Leader wiki account - the username (you'll need this to edit the wiki),
 +
# Project Contributor(s) (if any) - name email and wiki account (if any),
 +
# Project Main Links (if any).
 +
<br>
 +
 
 +
==OWASP Recommended Licenses==
 +
 
 +
{{Recommended_Licenses}}
 +
 
 +
== Project Release ==
 +
 
 +
*As your project reaches a point that you'd like OWASP to assist in its promotion, the [[Global Projects Committee|OWASP Global Projects Committee]] will need the following to help spread the word about your project:
 +
 
 +
# [http://globalprojectscommittee.wordpress.com/2009/07/27/what-is-the-3x-slide-presentation-thing/ Conference style presentation that describes the tool/document in at least 3 slides],
 +
# [http://globalprojectscommittee.wordpress.com/2009/07/21/what-is-this-project-flyerpamphlet-thing/ Project Flyer/Pamphlet (PDF file)],
 +
<br>
 +
* If possible, get also the following information together:
 +
 
 +
B – FIRST RELEASE
 +
# Release Name,
 +
# Release Description,
 +
# Release Downloadable file link
 +
# Release Leader,
 +
# Release Contributor(s),
 +
# Release Reviewer,
 +
# Release Sponsor(s) (if any),
 +
# Release Notes
 +
# Release Main Links (if any),
 +
<br>
 +
* Note: For Project/Release Leader, Contributors and Reviewers please create a [[Special:RequestAccount|wiki accounts]] and please send the links off. See [[Tutorial]] and [[:User:Mtesauro|here]] how to do it and [[:Category:OWASP Live CD Project|here]] an example of how it will be used.
 +
<br>
 +
* To get your project started, fill out the [http://sl.owasp.org/new-project new project form].  We'll review the information and get you set up with a project wiki page, a mailing list, and subscribe you to the OWASP-Leaders list. You'll be part of setting OWASP's direction!
 +
<br>
 +
* Check out the '''[[Guidelines for OWASP Projects]]'''.
 +
 
 +
==Project Forms==
 +
 
 +
[http://www.tfaforms.com/264422 Project Transition Application]
 +
 
 +
[http://www.tfaforms.com/264413 Project Review Request]
 +
 
 +
[http://www.tfaforms.com/264418 Project Donation Application]
 +
 
 +
[http://www.tfaforms.com/264428 Project Adoption Request]
 +
 
 +
[http://www.tfaforms.com/264426 Project Abandonment Request]
 +
 
 +
[http://www.tfaforms.com/264392 Incubator Project Graduation Application]
 +
 
 +
[http://www.tfaforms.com/264112 Contact the Global Projects Division]
 +
 
 +
[http://www.tfaforms.com/264210 New Project Application]
 +
 
 +
[[Category:OWASP Project]]
 +
[[Category:How To]]

Revision as of 15:20, 9 December 2012

Contents

So you want to start a project...

Starting an OWASP Project is easy. You don't have to be an application security expert. You just have to have the drive and desire to make a contribution to the application security community.

Here are some of the guidelines for running a successful OWASP project:

  • The best OWASP projects are strategic - they make it easier to produce secure applications by filling a gap in the application security knowledge-base or technology support.
  • You can run a single person project, but it's usually best to get the community involved. You should be prepared to support a mailing list, build a team, speak at conferences, and promote your project.
  • You can contribute existing documents or tools to OWASP! Assuming you have the intellectual property rights to a work, you can open it to the world as an OWASP Project. Please coordinate this with OWASP by contacting owasp(at)owasp.org.
  • Available Grants to consider if you need funding - Click Here
  • You should promote your project through the OWASP channels as well as by outside means. Get people to blog about it!

Creating a new project

Here's the simple process for starting a new OWASP Project.

  • Get the following information together:

A - PROJECT

  1. Project Name,
  2. Project purpose / overview,
  3. Project Roadmap,
  4. Project links (if any) to external sites,
  5. Project License,
  6. Project Leader name,
  7. Project Leader email address,
  8. Project Leader wiki account - the username (you'll need this to edit the wiki),
  9. Project Contributor(s) (if any) - name email and wiki account (if any),
  10. Project Main Links (if any).


OWASP Recommended Licenses

Why are you recommending these licenses?
Which other open source licenses are eligible for an OWASP project?

Allow commercial uses of your work?
Yes No
  Allow modifications of your work?
Yes, no restriction except attribution Yes, as long as modification are also opensource No
ToolProject
(Non-WebBased)
Apache 2.0
(fewest restrictions, even allowing proprietary modifications and proprietary forks of your project, and more up-to-date than BSD license)
GPL 3.0
(requires that modifications to your code stay open source, thus prohibiting proprietary forks of your project)
Sorry, such licenses are not opensource and are not eligible to become an OWASP Sponsored Project. If this is really what you want, consider using CC-BY-ND or CC-BY-NC-ND. See http://creativecommons.org/choose for more information and note that they label these two license as "not a Free Culture License"
Tool Project
(WebBased)
AGPL 3.0
(prevents GPL's SaaS loophole)
Library Project LGPL 3.0
(similar to GPL but modified for use with libraries that may be called by other proprietary programs)
Document Project (includes E-Learning, presos, books, etc) CC-BY 3.0
(like Apache but for documents)
CC-BY-SA 3.0
(like GPL but for documents. Alternately you can use GFDL, but projects like Debian and Ubuntu don't accept it)


Project Release

  • As your project reaches a point that you'd like OWASP to assist in its promotion, the OWASP Global Projects Committee will need the following to help spread the word about your project:
  1. Conference style presentation that describes the tool/document in at least 3 slides,
  2. Project Flyer/Pamphlet (PDF file),


  • If possible, get also the following information together:

B – FIRST RELEASE

  1. Release Name,
  2. Release Description,
  3. Release Downloadable file link
  4. Release Leader,
  5. Release Contributor(s),
  6. Release Reviewer,
  7. Release Sponsor(s) (if any),
  8. Release Notes
  9. Release Main Links (if any),


  • Note: For Project/Release Leader, Contributors and Reviewers please create a wiki accounts and please send the links off. See Tutorial and here how to do it and here an example of how it will be used.


  • To get your project started, fill out the new project form. We'll review the information and get you set up with a project wiki page, a mailing list, and subscribe you to the OWASP-Leaders list. You'll be part of setting OWASP's direction!


Project Forms

Project Transition Application

Project Review Request

Project Donation Application

Project Adoption Request

Project Abandonment Request

Incubator Project Graduation Application

Contact the Global Projects Division

New Project Application