How to Start an OWASP Project

Revision as of 10:54, 18 March 2009 by Pravir Chandra (talk | contribs)

Jump to: navigation, search

So you want to start a project...

Starting an OWASP Project is easy. You don't have to be an application security expert. You just have to have the drive and desire to make a contribution to the application security community.

Here are some of the guidelines for running a successful OWASP project:

  • The best OWASP projects are strategic - they make it easier to produce secure applications by filling a gap in the application security knowledge-base or technology support.
  • You can run a single person project, but it's usually best to get the community involved. You should be prepared to support a mailing list, build a team, speak at conferences, and promote your project.
  • You can contribute existing documents or tools to OWASP! Assuming you have the intellectual property rights to a work, you can open it to the world as an OWASP Project. Please coordinate this with OWASP by contacting owasp(at)
  • You should promote your project through the OWASP channels as well as by outside means. Get people to blog about it!

Creating a new project

Here's the simple process for starting a new OWASP Project.

  • Get the following information together:
    1. Project name
    2. Project leader(s) (name and email)
    3. Short project description (1-2 sentences)
    4. Detailed description/roadmap for future development
    5. Chosen open-source license
    6. Project contributors (if any)
    7. Sponsor organizations (if any)
    8. Main links (existing information on the web, if any)
    9. Related OWASP Projects
  • To get your project started, send the info above to the OWASP Global Projects Committee or the OWASP Project Manager directly. We'll review the information and get you set up with a project wiki page, a mailing list, and subscribe you to the OWASP-Leaders list. You'll be part of setting OWASP's direction!