OWASP Project Committee

Mission Statement

To provide the support and guidance required by Projects to thrive and contribute to the overall mission and goals of OWASP.

Objectives and Tasks

The Project Committee intends to address these key problems:

  • Currently, project management is a hard and sometimes tiring job
  • Many projects do not feel sufficiently supported by OWASP

As one of the three legs that support OWASP (Foundation, Chapters and Projects), Projects are a critical part of moving the OWASP mission forward. The Project Committee’s purpose is to help ensure that the quality, lifecycle, and teams are supported as per the Project Committee Scope.

Scope

  • Promote project activity, and provide mentorship and guidance to project leads and team members.
  • Maintain the project lifecycle within OWASP, including working with staff to improve procedures, and documenting guidelines in an updated or re-written Project Handbook.
  • Work with OWASP projects and establish any processes to assist projects to achieve flagship level status, including deleting, revising, or establishing a project review process
  • Evangelize OWASP projects publicly, including working with outside projects to become OWASP projects.
  • Provide first level dispute resolution for projects, which can be escalated to the Dispute Resolution process or in severe cases, the Foundation, Compliance Committee, or Board.
  • Work with the Foundation to build operational automation and provide managed shared infrastructure for projects.
  • Advise the Board or Foundation on relevant bylaws or policy changes.

Meetings

The Project Committee meets on the 4th Wednesday of every month at 15:00 UTC virtually via Google Meet. OWASP Members can access the perpetual meeting minutes at https://docs.google.com/document/d/12MaHpNFgDMFG5FHXpqJmCorv4R586bbF6MJqliZrg5k.

You can also find the meeting dates of the Project Commitee in the official OWASP Event Calendar:


Promotions

The Project Committee is responsible for the Project Promotion Process which allows projects to progress through the maturity lifecycle defined in the Project Leader Handbook.

Requesting Promotion

As a project leader you can request a promotion to the next level via https://forms.gle/Gh2Ry3vUjahu73S3A.

Please expect a review time of 4-8 weeks! If this timespan is significantly exceeded, please feel free to ask for an update via the Project Committee email or Slack channel!

Maturity Levels

Requirement Incubator Lab Production
Activity - ≥1 major release ≥1 major release per year and regular minor/patch releases
Documentation Project website exists and describes project’s intent and purpose Reasonable instructions for installation, usage or implementation exist Fully scoped usage documentation, Contribution guidelines etc. exist
Support - Slack channel or other support queue exists; GitHub issues are taken care of in due time Slack channel or other support queue are monitored and managed; GitHub issues are properly managed and worked on
Contributions - Contribution guidelines exist; Contributions (e.g. Pull Requests) are handled in due time Contributor onboarding is managed properly; Project participated in ≥1 GSoC, OWASP Project Summit or similar event; PRs are monitored and managed
Usage - - Evidence of significant use, e.g. via GitHub, DockerHub, SourceForge statistics
Age - 3-6 months >1 year
OWASP Project Good Practice Known and considered Mostly taken into account Fully taken into account
OSSF Best Practices - Project registered and self-certification started Criteria for at least passing level badge fulfilled

Promotion Process

Maturity Promotion

Promotions from Incubator to Lab level are reviewed by at least one Project Committee member and one volunteer project leader or second Project Committee member. The final decision is with the Project Committee.

Promotions from Lab to Production level are reviewed by at least one Project Committee member and one volunteer project leader or second Project Committee member. The final decision is with the Project Committee.

Strategic Promotion

Please note that promotions to Flagship level are not a maturity progression from Production but reserved for projects of strategic importance to OWASP and its mission. Requests to promotion to Flagship will be evaluated by the Project Committee and a recommendation brought to the OWASP Global Board. The final decision is with the Board.


Good OWASP Projects…

  • Uniqueness
    1. …are submitted as Incubator projects after checking for (and considering to contribute to) a possibily existing similar OWASP project instead.
    2. …have a unique selling point (USP) or vision that sets them apart from possibly existing similar OWASP projects.
  • Vendor Neutrality
    1. …avoid names that are easily confused with existing organizations or their (commercial) services.
    2. …are truly free and Open Source and do not hide certain features behind any kind of paywall.
    3. …adhere to the “Recognizing Supporters” section of the Donations Policy when referring to supporting individuals or organizations.
    4. …have their own social media presence (e.g. Twitter handle, YouTube channel) and do not “piggy-back” on ones used for commercial purposes.
    5. …have multiple Project Leaders who are not all employed by the same company.
  • Community Support
    1. …have a channel on the official OWASP Slack optimally named #project-<name> for easy filtering.
  • GitHub
    1. …live under the https://github.com/OWASP GitHub organization and not in private GitHub accounts.
    2. …can alternatively have a dedicated GitHub organization if they consist of multiple repositories.
    3. …respond to GitHub issues and pull requests in a timely and friendly manner.
    4. …have all Project Leaders as administrators on their GitHub repository (especially when it lives outside of https://github.com/OWASP).
  • Website
    1. …keep their www-project-<name> website up to date (especially regarding release information and project roadmap).
    2. …clearly state they are an OWASP project and link to their OWASP project page from any website they maintain.

Resources

Please use these icons on your OWASP project websites to support a common look & feel.

Project Maturity Level Icons

Incubator

Lab

Production

Flagship

Project Maturity Level Badges

OWASP Incubator OWASP Lab OWASP Production OWASP Flagship

Project Type Icons

Tool

Code

Documentation

Project Audience Icons

Builder

Breaker

Defender