[OWASP-LEADERS] Owasp project standards
manavendrak at hotmail.com
Mon Feb 17 01:10:55 EST 2003
>Wow! This is great.
>I have a few questions:
>1. You make a comment regarding testing and formalization of the testing
>tool. Is there going to be a practices document for each project? Or is
>it just like: "Hey everyone, we will use JUnit"
Like the document says "Project Leaders are advised to formalize the
unit-testing tool for their project" - hence, instead of saying "Hey, lets
use JUnit", the respective OWASP project leader shall have the choice to
choose a unit testing tool and formalize the same across the entire project.
I further toyed around with the idea that we make a list of "acceptable"
unit-testing tools and then OWASP project leaders can select a tool from
that list, but in the spirit of OWASP, lets have the project leaders suggest
>2. I know that this issue is close to my heart, and Ingo and I have
>discussed this extensively:
> "Aspects of importance are in the following order from highest importance
>to least importance: correct operation, security, code readability, ease of
>use, portability, efficiency, power, and features."
> My question is this: Where does performance fall in this?
This was one the hardest lines to write. After tossing it around a lot, I
realized (or someone might say "assumed") that correct operation would
itself involve performance. Correct operation of a program is decided by the
functional requirements laid down upfront by the customer/stakeholder, with
performance as one of the sections. The development team may code simply to
cover the scope of requirements, but they are always communicated about the
expected system behavior, including at peak volumes of data and usage.
IMO, any program/system that does not meet those requirements, does not
fulfill the mandate of "correct operation".
Add photos to your messages with MSN 8. Get 2 months FREE*.
More information about the OWASP-Leaders