OWASP Working Session - OWASP Tools Projects

= About the Working Session =

= Working Session Participants =

=Working Session Outcomes=

Explanation
For tools that generate output, it should be in a well-defined manner (XML-preferred) so that it can be easily used as input into another project, program, process, etc or quickly convertible into an easily readable format. Whenever possible, a project should re-use an existing standard (ex. ADVL, OVAL) for this purpose.

Rationale
The idea is to allow easier integration to encourage tool chaining, customized report generation, adaptability into other environments, etc.

Voting Outcome

 * For: 25 votes
 * Against: 0 votes

Explanation
Provide or arrange for one standard, managed, OWASP-controlled place for all tool projects to maintain their source code. This could be an OWASP branded arrangement with Google Code, Sourceforge, etc, or an OWASP-maintained SVN server.

Rationale
Provides a central, standardized place for code repository that allows a standardized way to track metrics such as activity, usage, downloads, etc. It also provides a single point for all projects that can be linked in with the OWASP website for ease of use and documentation for new OWASP project developers.

Voting Outcome

 * For: 26 votes
 * Against: 0 votes

Explanation
Beyond current OWASP Project quality metrics, create other metrics to evaluate projects by things such as activity, usability, relevance to current standards/technologies, how well the project addresses the problem it is trying to solve, etc. This could even include a user review system (a la Star ratings).

Rationale
Existing projects are in a state of disarray that do not readily lend themselves to OWASP Alpha/Beta/Release quality standards. Also, quality alone is not a sufficient measure of an OWASP Project.

Voting Outcome

 * For: 25 votes
 * Against: 0 votes

Explanation
OWASP should make experienced technical writer(s) available to projects to review, critique and suggest changes on existing or newly created project documentation. This could be a single full-time person or a pool of part-time, on-demand technical writers.

Rationale
To appeal to more users and corporations, projects need well written documentation. Additionally, this will help with project adoption.

Explanation
Create a standard UI design "kit" for tools that have a GUI that includes:
 * OWASP logos and icons for use in applications
 * Standardized OWASP color scheme specifications
 * Human useability guidelines such as scalar sizing, standard shortcuts, and other UI Best Practices

Rationale
Bad user interface design can limit adoption of a tool and inconsistent UI design can hurt the OWASP brand. Consistent, well-designed UIs make tools easy to use and encourage adoption.

Voting Outcome

 * For: 21 Votes
 * Against: 0 Votes

Explanation
OWASP should make experienced UI/graphic designer(s) available to projects to review, critique and suggest changes on existing or newly created project GUIs. This could be a single full-time person or a pool of part-time, on-demand UI/graphic designer.

Rationale
Most developers are not good graphic designers and make user interface design decisions based on limited experiences. Minor UI annoyances can inhibit tool adoption.

Explanation
A tool to crawl over AJAX pages in a JS-aware manner.

Rationale
More and more sites are moving to an AJAX-enabled design and existing open-source tools do not handle these types of sites well.

Explanation
As part of the project proposal phase, tools should identify the type of tool, the intended audience of the tool, and phases in the SDLC where the tool might be useful. In addition, existing tools should undergo this classification process.

Rationale
The "Tools" heading encompasses a broad range of projects including API Frameworks, testing tools, reporting tools, etc. This is extremely hard to navigate for a new OWASP user. Classifying tools across multiple headings would also allow the OWASP site to highlight projects or to create a "How Can OWASP Help You?" page that direct users to projects that are most relevant to them.