[Owasp_project_leader_list] OWASP Project Audits

Kevin W. Wall kevin.w.wall at gmail.com
Wed Apr 23 01:12:47 UTC 2014

On Tue, Apr 22, 2014 at 1:59 PM, Samantha Groves
<samantha.groves at owasp.org>wrote:

> Hello Jim,
> I think there is confusion. What you are talking about is a review. The
> audit lets us know if a project is active.
> ​If simply measuring whether or not the project is "active" or not is the
then I would suggest adding a few other metrics to consider asking about
the excellent ones that Simon suggested. For instance,

1) How many contributors have done a 'commit' (i.e., checked in code to
your code
   repository) in the last N months where N is something like 3 or 6.
2) When was the last 'commit' of to your project's code repository by
3) How many active bugs are there in your bug / issues list?
4) When was the last bug reported?
5) How many unfixed bugs are considered 'major' or 'critical'?
6) What is the average time that a bug on your project's bug list remains
   open until it is officially fixed in a release.


Blog: http://off-the-wall-security.blogspot.com/
NSA: All your crypto bit are belong to us.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/owasp_project_leader_list/attachments/20140422/9cb35b09/attachment.html>

More information about the Owasp_project_leader_list mailing list