[Owasp_project_leader_list] OWASP Project Audits
Kevin W. Wall
kevin.w.wall at gmail.com
Wed Apr 23 01:12:47 UTC 2014
On Tue, Apr 22, 2014 at 1:59 PM, Samantha Groves
<samantha.groves at owasp.org>wrote:
> Hello Jim,
> I think there is confusion. What you are talking about is a review. The
> audit lets us know if a project is active.
> If simply measuring whether or not the project is "active" or not is the
then I would suggest adding a few other metrics to consider asking about
the excellent ones that Simon suggested. For instance,
1) How many contributors have done a 'commit' (i.e., checked in code to
repository) in the last N months where N is something like 3 or 6.
2) When was the last 'commit' of to your project's code repository by
3) How many active bugs are there in your bug / issues list?
4) When was the last bug reported?
5) How many unfixed bugs are considered 'major' or 'critical'?
6) What is the average time that a bug on your project's bug list remains
open until it is officially fixed in a release.
NSA: All your crypto bit are belong to us.
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Owasp_project_leader_list