Central Web Services reviews all modules that are included as part of the centralized OSU installation. We do this to ensure that OSU Drupal remains a stable, secure and supportable product for the campus. The following are the initial criteria we use to evaluate a module.
Are there any pending security bugs in the bug tracker? What are they and how long have they been there?
Is it performing sql queries directly? If so, does the module escape user input?
How does it handle user input? Is it being escaped? Is user input cleaned before printing it out in a page?
Are permissions check in place? Are the checks manual or does the code rely on other core methods?
Is the code well documented? Does it follow a standard?
Does it have readme, install and upgrade files?
How long has this module or 3rd party program been around?
How many developers are working on it?
Is there a roadmap? What does it look like?
What is the release life cycle?
What is the average turn around time for critical bugs?
How active are the forums or mailing list discussions?
Do other programs use or depend on this library?
Is there user documentation? Is there documentation for developers?
Is a documentation generation system like phpDocumentor used?
How quickly do the developers respond to requests?
Are newer and older versions of Drupal supported?
What is the learning curve like?
Is the module usable through the Drupal interface or does it require users to work with HTML, CSS, theme changes or other advanced techniques?
Does it conflict with other existing plugins or modules or other updates?
Will the module work with OSU Drupal as is, or would some re-write be needed?
How complex are patches to apply? (# of classes, files, and db tables affected)
What % of our users would benefit from this new module or plugin?
Does OSU/CWS already provide this service?
Is this capability already planned for an upcoming Drupal release or update of a currently supported module?
If you would like to request a module for review, please submit a help ticket.