| A | B | C | D | E | |
|---|---|---|---|---|---|
1 | |||||
2 | OWASP AntiSamy (Java) Project | ||||
3 | |||||
4 | ASSESSEMENT CHECK LIST | ||||
5 | |||||
6 | CRITERIA | ACCOMPLISHED yes/no | LINK If possible, point out the link | ||
7 | |||||
8 | RELEASE QUALITY DOCUMENTATION | ||||
9 | All Beta Quality Requirements plus: | ||||
10 | Be reasonably easy to use | yes | ESAPI uses it - only takes a dozen lines of code | ||
11 | Include online documention built into tool (based on required user documentation) | yes | |||
12 | Include build scripts that facilitate building the application from source (Goal: One-click build) | yes | |||
13 | Publicly accessible bug tracking system established, ideally at the same place as the source code repository (e.g., at Google code, or Sourceforge) | yes | http://code.google.com/p/owaspantisamy/issues/list | ||
14 | Be run through Fortify Software's open source review (if appropriate) and FindBugs. | yes | https://www.owasp.org/index.php/Category:OWASP_Source_Code_Review_OWASP_Projects_Project#OWASP_Projects_Scanned | ||
15 | C/C++ apps (if we have any) should consider being run through Coverity's open source review. Coverity also accepts submissions for open source Java applications. | yes | |||
16 | When approved to be Release Quality: Update the link to it on: the OWASP Project page and update its project quality tag on its project page to be Release Quality. | yes | |||
17 | Recommendations: | ||||
18 | Conference style Powerpoint presentation that describes the use and status of the tool. (This could be used by others to discuss the tool at OWASP Chapter meetings, serve as easy to review offline documentation, etc.) | yes | http://code.google.com/p/owaspantisamy/downloads/list | ||
19 | UAT pass on functionality of the tool | yes | ESAPI has test cases | ||
20 | Developer documents any limitations | yes/not sure | http://code.google.com/p/owaspantisamy/downloads/list | ||
21 | Requirement: 2 Reviewers + 1 OWASP Board Member. | yes | Jeff Williams | ||
22 | |||||
23 | BETA QUALITY DOCUMENTATION | ||||
24 | All Alpha Quality Requirements plus: | ||||
25 | |||||
26 | Have an easy to use installer (Goal: Fully automated installer) (or stand alone executable version) | yes | http://code.google.com/p/owaspantisamy/downloads/list | ||
27 | Include user documentation in Project's OWASP Wiki page(s) | yes | https://www.owasp.org/index.php/Category:OWASP_AntiSamy_Project#How_do_I_get_started.3F | ||
28 | Add a common About Box or help menu in the tool itself (which lists name of tool, author, e-mail address of author, current version number and/or release date) | yes (not really appropriate for a library) | |||
29 | Include documentation on how to build it from code, starting with getting it directly from the code repository. (Ideally, this would include easy to use build scripts, which is required for Release Quality) | yes | http://code.google.com/p/owaspantisamy/downloads/list | ||
30 | This documentation must stored be in the same repository as the code. | yes | http://code.google.com/p/owaspantisamy/downloads/list | ||
31 | When approved to be Beta Quality: Update the link to it on: the OWASP Project page and update its project quality tag on its project page to be Beta. | n/a | |||
32 | Requirement: 2 Reviewers. | yes | |||
33 | |||||
34 | ALPHA QUALITY DOCUMENTATION | ||||
35 | Agree to OWASP's open source license | yes | https://www.owasp.org/index.php/Category:OWASP_AntiSamy_Project#What_is_it.3F | ||
36 | The “main” page for any OWASP tool must be on the OWASP website. This page must: | ||||
37 | describe the tool, the project leader, contact info, and include all relevant links, including a download link for the code and the executable version, | yes | https://www.owasp.org/index.php/Category:OWASP_AntiSamy_Project | ||
38 | includes a roadmap/guideline pointing out the steps to achieve the purpose of project. | yes | https://www.owasp.org/index.php/Category:OWASP_AntiSamy_Project#Project_roadmap | ||
39 | include the Alpha Quality Tool project tag. (Which we still need to define), | n/a | |||
40 | be placed at OWASP Project page. | yes | https://www.owasp.org/index.php/Category:OWASP_AntiSamy_Project | ||
41 | Have its code and any documentation in Googlecode, or Sourceforge. | yes | http://code.google.com/p/owaspantisamy/ | ||
42 | Mailing list for project created. | yes | https://www.owasp.org/index.php/Category:OWASP_AntiSamy_Project#OWASP_AntiSamy_mailing_list | ||
43 | Solves a core application security need. | yes | |||
44 | Requirement: 1 Reviewer. | yes | AntiSamy was a Summor of Code project originally | ||
45 | |||||