[Owasp-leaders] What makes an OWASP documentation project Flagship?

Josh Sokol josh.sokol at owasp.org
Sat Jun 7 07:37:56 UTC 2014


While Johanna is hard at work in defining a process for determining whether
a code-based OWASP project is Flagship quality, I figured I'd get the ball
rolling on the documentation projects.  And what better way to get the ball
rolling than to put it out there for the community to discuss?

When I think of what I would want to have in a Flagship documentation
project, a few things come to mind:

1) *Open Source:* Since everything OWASP puts out there is free and open
source, I feel that it is important to validate that all of our
documentation projects live up to this standard.  This means not only
slapping an open source license on the document, but also verifying that
all of the materials that were used to produce the document were properly
licensed as well (nothing proprietary).

2) *Defined and Repeatable:* In my opinion, labeling something as Flagship
is a promise that it will be supportable long-term.  Project leaders and
contributors will come and go, but we need to make sure that the project
can live on.  To this extent, we need to make sure that not only the
document, but also the reference materials that went into creating the
document, and the process to assemble those materials are documented so
that it can be repeated with future iterations.

3) *Publicly Available:* It's counter-intuitive that we would produce any
project that would not be made publicly available, but it's happened before
so I wanted to be explicit.  In order for a project to be Flagship, it
needs to be readily downloadable by anyone who wants it.  No guestbooks or
other forms of data collection for downloads either.

4) *Reviewed/Edited:* No documentation should be developed in a silo and we
certainly don't want the words of one individual to represent the entire
community.  Therefore, I'd suggest that each document has multiple
additional reviewers.  I think that it would make sense to do a pass for
spelling/grammer and another for content accuracy.  Since this is somewhat
labor intensive, perhaps this would be a good place to leverage a
professional editor in our process?

5) *Formatting/Branding:* If Flagship project status truly represents the
best we have, then we should put our best face forward not only in content,
but also in format.  I'd like to see us develop a standardized look and
feel for all of our documentation projects.

Personally, I don't think that any of the above are unreasonable, but I'd
like to get your feedback on these proposed requirements.  Also, can you
think of things that I'm missing here?  What do you think makes an OWASP
documentation project "Flagship"?  Thanks for your feedback!

~josh
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/owasp-leaders/attachments/20140607/0682dd07/attachment.html>


More information about the OWASP-Leaders mailing list