How to Start an OWASP Project
So you want to start a project...
Starting an OWASP Project is easy. You don't have to be an application security expert. You just have to have the drive and desire to make a contribution to the application security community.
Here are some of the guidelines for running a successful OWASP project:
- The best OWASP projects are strategic - they make it easier to produce secure applications by filling a gap in the application security knowledge-base or technology support.
- You can run a single person project, but it's usually best to get the community involved. You should be prepared to support a mailing list, build a team, speak at conferences, and promote your project.
- You can contribute existing documents or tools to OWASP! Assuming you have the intellectual property rights to a work, you can open it to the world as an OWASP Project. Please coordinate this with OWASP by contacting owasp(at)owasp.org.
- Available Grants to consider if you need funding - Click Here
- You should promote your project through the OWASP channels as well as by outside means. Get people to blog about it!
Creating a new project
- Get the following information together:
A - PROJECT
- Project Name,
- Project purpose / overview,
- Project Roadmap,
- Project links (if any) to external sites,
- Project License,
- Project Leader name,
- Project Leader email address,
- Project Leader wiki account - the username (you'll need this to edit the wiki),
- Project Contributor(s) (if any) - name email and wiki account (if any),
- Project Main Links (if any).
OWASP Recommended Licenses
|Allow commercial uses of your work?|
|Allow modifications of your work?|
|Yes, no restriction except attribution||Yes, as long as modification are also opensource||No|
(fewest restrictions, even allowing proprietary modifications and proprietary forks of your project, and more up-to-date than BSD license)
(requires that modifications to your code stay open source, thus prohibiting proprietary forks of your project)
|Sorry, such licenses are not opensource and are not eligible to become an OWASP Sponsored Project. If this is really what you want, consider using CC-BY-ND or CC-BY-NC-ND. See http://creativecommons.org/choose for more information and note that they label these two license as "not a Free Culture License"|
(prevents GPL's SaaS loophole)
|Library Project||LGPL 3.0
(similar to GPL but modified for use with libraries that may be called by other proprietary programs)
|Document Project (includes E-Learning, presos, books, etc)||CC-BY 3.0|
(like Apache but for documents)
(like GPL but for documents. Alternately you can use GFDL, but projects like Debian and Ubuntu don't accept it)
- As your project reaches a point that you'd like OWASP to assist in its promotion, the OWASP Global Projects Committee will need the following to help spread the word about your project:
- Conference style presentation that describes the tool/document in at least 3 slides,
- Project Flyer/Pamphlet (PDF file),
- If possible, get also the following information together:
B – FIRST RELEASE
- Release Name,
- Release Description,
- Release Downloadable file link
- Release Leader,
- Release Contributor(s),
- Release Reviewer,
- Release Sponsor(s) (if any),
- Release Notes
- Release Main Links (if any),
- Note: For Project/Release Leader, Contributors and Reviewers please create a wiki accounts and please send the links off. See Tutorial and here how to do it and here an example of how it will be used.
- To get your project started, fill out the new project form. We'll review the information and get you set up with a project wiki page, a mailing list, and subscribe you to the OWASP-Leaders list. You'll be part of setting OWASP's direction!
- Check out the Guidelines for OWASP Projects.