| A | B | C | D | E | F | G | H | I | J | K | L | M | N | O | P | Q | R | S | T | |
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
1 | Core Questions | Criteria Questions | Response | |||||||||||||||||
2 | Focus: To measure the health of the project. | OWASP Hackademic Challenges Project | LEADER 1 (Your comments below) | LEADER 2 (Your comments below) | ||||||||||||||||
3 | Documentation: https://www.owasp.org/index.php/OWASP_Hackademic_Challenges_Project | |||||||||||||||||||
4 | Is the project actively maintained? | |||||||||||||||||||
5 | Does the wiki template have the minimum standard wiki content available, and is it updated with releases? From: https://www.owasp.org/images/6/6a/OWASP_Projects_Handbook_2013.pdf “At a minimum, all OWASP projects have a project name, a project leader, a project description, a project license choice, and a project roadmap.” | Project has a roadmap. Could do with more detail. Have a look at this roadmap for ideas: https://www.owasp.org/index.php/OWASP_AppSensor_Project#tab=Road_Map_and_Getting_Involved. On your github page please update your license to be the same type of license as the license on your wiki. Github mentions GNU license as license and wiki lists your license as Apache2. | ||||||||||||||||||
6 | Does the project have an active project leader? (Maintains project site with news and release announcements, continually enhancing the project, promoting the project in the security community, etc.) | Yes. Make it more visual. Put anouncements and news on your wiki page on owasp. Look at site such as the Appsensor wiki that I mentioned and look at the "News and Events" section. | ||||||||||||||||||
7 | Is the project being maintained with current operating systems and technology? | Yes. Using PHP5. | ||||||||||||||||||
8 | Does the project demonstrate progress to the community and verify that development is on track with the roadmap? (Roadmap Content Definition: Leader must have a roadmap that encompasses activity for the next year, or have a total of no less than 4 milestones within the roadmap) | Need a more detailed roadmap with clear objectives to be reached and with info on objectives goals that have already been reached. | ||||||||||||||||||
9 | ||||||||||||||||||||
10 | Does it meet quality expectations? | |||||||||||||||||||
11 | Does the project have a relevant project summary that can be found on the OWASP Project wiki page? | Yes | Yes, this is listed on the main project page under the main AppSensor heading. | |||||||||||||||||
12 | Does the project have a good track record of resolving issues and answering questions from project consumers? | Yes. Look on github at solved issues. Need to fix issue of unclear install instructions. I sent you guys instructions put it on the README.md or ateast put a link to instructions on your README.md | ||||||||||||||||||
13 | Does it address a security concern? (Leader must state what their unique application security concern they are addressing) | Addresses security concern of "security education" for developers. | ||||||||||||||||||
14 | Does the project represent a minimal viable product? (Note: Minimal Viable Product must be defined by Leader at the start of the project.) | Yes. | ||||||||||||||||||
15 | ||||||||||||||||||||
16 | Does the project follow OWASP Project Best Practices, and is it consistent with OWASP Objectives and the Mission. | |||||||||||||||||||
17 | Does the project use an appropriate Community Friendly License? | The github page uses a type of GNU license. The wiki mentions that Apache license is being used and a picture of the Creative Commons 3.0 license's logo is included on the wiki page. I am not sure what license is being used here? | ||||||||||||||||||
18 | Are project deliverables, information, and releases readily available and accessible to the public? (Note: This can be a link to the repository, or a link to an external web site.) | Two dead links on owasp wiki page: http://hackademic1.teilar.gr/gr and http://hackademic1.teilar.gr | ||||||||||||||||||
19 | Has the project designated who the copyright owner is? | This is unclear due to three different Open Source licenses being used on this project. | ||||||||||||||||||
20 | Do the Project Leaders follow OWASP Project Best Practices as outlined in the Project Leader Handbook, Code of Ethics Section 8.3? Handbook: https://www.owasp.org/images/6/6a/OWASP_Projects_Handbook_2013.pdf | The project leaders seem to follow the OWASP Best Practices. | ||||||||||||||||||
21 | Do the project leaders and contributors treat everyone with respect and dignity? (Note: Input from the community will be required or use your best judgement.) | From what I can tell, Yes. | ||||||||||||||||||
22 | Is the project vendor neutral? | Yes. | ||||||||||||||||||
23 | Does the project provide an innovative approach to address a concern within the software security community? | I don't see how this project is different to any of the other vulnerable applications on the OWASP list of projects, besides that this project has simulated vulnerabilities and in my opinion that teaches the students text book hacking and not real attacker methodology. If this project is aimed at students it should also make an effort to have more training materials and documentation, something this project is lacking at the moment. | ||||||||||||||||||
24 | ||||||||||||||||||||
25 | ||||||||||||||||||||
26 | Does the project have one accepted OWASP reviewed deliverable on record within the new project’s infrastructure? | |||||||||||||||||||
27 | Yes, and the project has a Stable release. | Yes, but needs lots of work. Especially documentation. | ||||||||||||||||||
28 | Yes, and the project has an Beta or Stable release. | Not sure. | Same as above. | |||||||||||||||||
29 |