| A | B | C | D | E | F | G | H | I | J | K | L | M | N | O | P | Q | R | S | T | |
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
1 | Core Questions | Criteria Questions | Response | |||||||||||||||||
2 | Focus: To measure the health of the project. | |||||||||||||||||||
3 | ||||||||||||||||||||
4 | Is the project actively maintained? | |||||||||||||||||||
5 | Does the wiki template have the minimum standard wiki content available, and is it updated with releases? | |||||||||||||||||||
6 | Does the project have an active project leader? (Maintains project site with news and release announcements, continually enhancing the project, promoting the project in the security community, etc.) | |||||||||||||||||||
7 | Is the project being maintained with current operating systems and technology? | |||||||||||||||||||
8 | Does the project demonstrate progress to the community and verify that development is on track with the roadmap? (Roadmap Content Definition: Leader must have a roadmap that encompasses activity for the next year, or have a total of no less than 4 milestones within the roadmap) | |||||||||||||||||||
9 | ||||||||||||||||||||
10 | Does it meet quality expectations? | |||||||||||||||||||
11 | Does the project have a relevant project summary that can be found on the OWASP Project wiki page? | |||||||||||||||||||
12 | Does the project have a good track record of resolving issues and answering questions from project consumers? | |||||||||||||||||||
13 | Does it address a security concern? (Leader must state what their unique application security concern they are addressing) | |||||||||||||||||||
14 | Does the project represent a minimal viable product? (Note: Minimal Viable Product must be defined by Leader at the start of the project.) | |||||||||||||||||||
15 | ||||||||||||||||||||
16 | Does the project follow OWASP Project Best Practices, and is it consistent with OWASP Objectives and the Mission. | |||||||||||||||||||
17 | Does the project use an appropriate Community Friendly License? | |||||||||||||||||||
18 | Are project deliverables, information, and releases readily available and accessible to the public? (Note: This can be a link to the repository, or a link to an external web site.) | |||||||||||||||||||
19 | Has the project designated who the copyright owner is? | |||||||||||||||||||
20 | Do the Project Leaders follow OWASP Project Best Practices as outlined in the Project Leader Handbook, Code of Ethics Section 8.3? Handbook: https://www.owasp.org/images/6/6a/OWASP_Projects_Handbook_2013.pdf | |||||||||||||||||||
21 | Do the project leaders and contributors treat everyone with respect and dignity? (Note: Input from the community will be required or use your best judgement.) | |||||||||||||||||||
22 | Is the project vendor neutral? | |||||||||||||||||||
23 | Does the project provide an innovative approach to address a concern within the software security community? | |||||||||||||||||||
24 | ||||||||||||||||||||
25 | ||||||||||||||||||||
26 | Does the project have one accepted OWASP reviewed deliverable on record within the new project’s infrastructure? | |||||||||||||||||||
27 | Yes, and the project has a Stable release. | Labs --> Flagship | ||||||||||||||||||
28 | Yes, and the project has an Beta or Stable release. | Incubator --> Labs | ||||||||||||||||||
29 |