Guidelines for Reviewing OWASP projects

THIS ARTICLE IS A DRAFT

This page will contain detailed guidelines for OWASP Project reviewers (usually part of a Season of Code initiative or when a project is reviewed according with the Project Assessment Criteria):


 * Be reasonably easy to use
 * Include online documention built into tool (based on required user documentation)
 * Include build scripts that facilitate building the application from source (Goal: One-click build)
 * Publicly accessible bug tracking system established, ideally at the same place as the source code repository (e.g., at Google code, or Sourceforge)
 * Be run through Fortify Software's open source review (if appropriate) and FindBugs.
 * When approved to be Release Quality: Update the link to it on: the OWASP Project page and update its project quality tag on its project page to be Release Quality.

a review undertaking consists at least in the following tasks.
 * 1) Make sure that the project’s roadmap has been accomplished,
 * 2) Having into account which was the project’s status target (Quality Status in this case), check project stage/features against the OWASP Assessment Criteria,
 * 3) Point out scientific/technical and methodological mistakes, propose paths to follow, propose tools and documentation/bibliography to be studied and consulted.

More details here: http://owaspsoc2008.wordpress.com/2008/07/15/assessment-guidance

The guidelines need to be linked here: https://www.owasp.org/index.php/Category:OWASP_Project_Assessment

And here is an example of an assessment Google excel spreadsheet check list: https://spreadsheets.google.com/a/owasp.org/ccc?key=pAX6n7m2zaTWJtelVmV_oMQ&hl=en