Project Handbook

Resources

DRAFT Document

The following resources are available to projects. This is not a comprehensive list and may change over time. Except where indicated, a project of any level has access to the resources mentioned. Further resources may be found at the Project Committee Resources tab.

Good Practices

The project committee recommends that projects follow these common good practices:

Good OWASP Projects…

  • Uniqueness
    1. …are submitted as Incubator projects after checking for (and considering to contribute to) a possibily existing similar OWASP project instead.
    2. …have a unique selling point (USP) or vision that sets them apart from possibly existing similar OWASP projects.
  • Vendor Neutrality
    1. …avoid names that are easily confused with existing organizations or their (commercial) services.
    2. …are truly free and Open Source and do not hide certain features behind any kind of paywall.
    3. …adhere to the “Recognizing Supporters” section of the Donations Policy when referring to supporting individuals or organizations.
    4. …have their own social media presence (e.g. Twitter handle, YouTube channel) and do not “piggy-back” on ones used for commercial purposes.
    5. …have multiple Project Leaders who are not all employed by the same company.
  • Community Support
    1. …have a channel on the official OWASP Slack optimally named #project-<name> for easy filtering.
  • GitHub
    1. …live under the https://github.com/OWASP GitHub organization and not in private GitHub accounts.
    2. …can alternatively have a dedicated GitHub organization if they consist of multiple repositories.
    3. …respond to GitHub issues and pull requests in a timely and friendly manner.
    4. …have all Project Leaders as administrators on their GitHub repository (especially when it lives outside of https://github.com/OWASP).
  • Website
    1. …keep their www-project-<name> website up to date (especially regarding release information and project roadmap).
    2. …clearly state they are an OWASP project and link to their OWASP project page from any website they maintain.

Communication

OWASP maintains a number of useful communication channels for projects. The following methods of communication are recommended ways to get information out to the community:

  • Slack - specifically the #owasp-community channel though projects may create their own project-specific channels.
  • OWASP Blog - anyone can do a pull request to add a blog post which is featured on the [OWASP Home Page].(https://owasp.org/)
  • Project Spotlight - highlighted on the OWASP Home Page, any project leader can submit their project, write-up, and images to be featured.
  • Leaders List - a Google group for OWASP leaders in general.
  • YouTube - OWASP’s official YouTube channel. You can have project channels added to OWASP’s channel.
  • Zoom - Zoom accounts can be requested via Contact Us. These may be assigned temporarily for short-term use.

Cloud

OWASP Foundation maintains non-profit status with certain cloud service providers and has a very limited number of free credits through these services. Due to the limited nature of the credits and the relatively high cost of cloud services, the preferred method of using these services is through sponsorship or other donations to the projects. Further, these services are currently restricted to Production level or Flagship attributed projects unless an exception is granted.

OWASP Foundation has services available through:

  • Microsoft Azure
  • Amazon Web Services
  • Google Cloud Platform

Other

  • Project Showcase - OWASP frequently presents a special project track at our OWASP Global Conferences. Watch for email and Slack announcements requesting project applications about 6 to 8 months before the event.
  • Project Summit - From time to time, OWASP will invite projects to a special summit where project members can get together and work on their project without distraction. Watch for announcements in email and on Slack.
  • StreamYard - OWASP is experimenting with StreamYard; though this is typically a chapter resource, projects are not prohibited from requesting an account through [Contact Us].(https://contact.owasp.org/)
  • Contact Us - Not seeing something here or have an idea? Submit it via the contact us JIRA service desk.
  • Legal Review - Legal review is also available for projects, based on level and need.
Watch Star