OWASP Project Committee
Mission Statement
To provide the support and guidance required by Projects to thrive and contribute to the overall mission and goals of OWASP.
Objectives and Tasks
The Project Committee intends to address these key problems:
- Currently, project management is a hard and sometimes tiring job
- Many projects do not feel sufficiently supported by OWASP
As one of the three legs that support OWASP (Foundation, Chapters and Projects), Projects are a critical part of moving the OWASP mission forward. The Project Committee’s purpose is to help ensure that the quality, lifecycle, and teams are supported as per the Project Committee Scope.
Scope
- Promote project activity, and provide mentorship and guidance to project leads and team members.
- Maintain the project lifecycle within OWASP, including working with staff to improve procedures, and documenting guidelines in an updated or re-written Project Handbook.
- Work with OWASP projects and establish any processes to assist projects to achieve flagship level status, including deleting, revising, or establishing a project review process
- Evangelize OWASP projects publicly, including working with outside projects to become OWASP projects.
- Provide first level dispute resolution for projects, which can be escalated to the Dispute Resolution process or in severe cases, the Foundation, Compliance Committee, or Board.
- Work with the Foundation to build operational automation and provide managed shared infrastructure for projects.
- Advise the Board or Foundation on relevant bylaws or policy changes.
Meetings
The Project Committee meets on the 4th Wednesday of every month at 15:00 UTC virtually via Google Meet. OWASP Members can access the perpetual meeting minutes at https://docs.google.com/document/d/12MaHpNFgDMFG5FHXpqJmCorv4R586bbF6MJqliZrg5k.
You can also find the meeting dates of the Project Commitee in the official OWASP Event Calendar:
Promotions
The Project Committee is responsible for the Project Promotion Process which allows projects to progress through the maturity lifecycle defined in the Project Leader Handbook.
Requesting Promotion
As a project leader you can request a promotion to the next level via https://forms.gle/Gh2Ry3vUjahu73S3A.
Please expect a review time of 4-8 weeks! If this timespan is significantly exceeded, please feel free to ask for an update via the Project Committee email or Slack channel!
Maturity Levels
| Requirement | Incubator | Lab | Production |
|---|---|---|---|
| Activity | - | ≥1 major release | ≥1 major release per year and regular minor/patch releases |
| Documentation | Project website exists and describes project’s intent and purpose | Reasonable instructions for installation, usage or implementation exist | Fully scoped usage documentation, Contribution guidelines etc. exist |
| Support | - | Slack channel or other support queue exists; GitHub issues are taken care of in due time | Slack channel or other support queue are monitored and managed; GitHub issues are properly managed and worked on |
| Contributions | - | Contribution guidelines exist; Contributions (e.g. Pull Requests) are handled in due time | Contributor onboarding is managed properly; Project participated in ≥1 GSoC, OWASP Project Summit or similar event; PRs are monitored and managed |
| Usage | - | - | Evidence of significant use, e.g. via GitHub, DockerHub, SourceForge statistics |
| Age | - | 3-6 months | >1 year |
| OWASP Project Good Practice | Known and considered | Mostly taken into account | Fully taken into account |
| OSSF Best Practices | - | Project registered and self-certification started | Criteria for at least passing level badge fulfilled |
Promotion Process
Maturity Promotion
Promotions from Incubator to Lab level are reviewed by at least one Project Committee member and one volunteer project leader or second Project Committee member. The final decision is with the Project Committee.
Promotions from Lab to Production level are reviewed by at least one Project Committee member and one volunteer project leader or second Project Committee member. The final decision is with the Project Committee.
Strategic Promotion
Please note that promotions to Flagship level are not a maturity progression from Production but reserved for projects of strategic importance to OWASP and its mission. Requests to promotion to Flagship will be evaluated by the Project Committee and a recommendation brought to the OWASP Global Board. The final decision is with the Board.
Good OWASP Projects…
- Uniqueness
- …are submitted as Incubator projects after checking for (and considering to contribute to) a possibily existing similar OWASP project instead.
- …have a unique selling point (USP) or vision that sets them apart from possibly existing similar OWASP projects.
- Vendor Neutrality
- …avoid names that are easily confused with existing organizations or their (commercial) services.
- …are truly free and Open Source and do not hide certain features behind any kind of paywall.
- …adhere to the “Recognizing Supporters” section of the Donations Policy when referring to supporting individuals or organizations.
- …have their own social media presence (e.g. Twitter handle, YouTube channel) and do not “piggy-back” on ones used for commercial purposes.
- …have multiple Project Leaders who are not all employed by the same company.
- Community Support
- …have a channel on the official OWASP Slack optimally named
#project-<name>for easy filtering.
- …have a channel on the official OWASP Slack optimally named
- GitHub
- …live under the https://github.com/OWASP GitHub organization and not in private GitHub accounts.
- …can alternatively have a dedicated GitHub organization if they consist of multiple repositories.
- …respond to GitHub issues and pull requests in a timely and friendly manner.
- …have all Project Leaders as administrators on their GitHub repository (especially when it lives outside of https://github.com/OWASP).
- Website
- …keep their
www-project-<name>website up to date (especially regarding release information and project roadmap). - …clearly state they are an OWASP project and link to their OWASP project page from any website they maintain.
- …keep their
Resources
Please use these icons on your OWASP project websites to support a common look & feel.
Project Maturity Level Icons
Incubator
Lab
Production
Flagship
Project Maturity Level Badges
Project Type Icons
Tool
Code
Documentation
Project Audience Icons
Builder
Breaker
Defender