[OWASP-LEADERS] Owasp project standards

Manavendra Gupta manavendrak at hotmail.com
Mon Feb 17 01:10:55 EST 2003

>Wow!  This is great.

>I have a few questions:
>1.  You make a comment regarding testing and formalization of the testing 
>tool.  Is there going to be a practices document for each project?  Or is 
>it just like: "Hey everyone, we will use JUnit"
Like the document says "Project Leaders are advised to formalize the 
unit-testing tool for their project" - hence, instead of saying "Hey, lets 
use JUnit", the respective OWASP project leader shall have the choice to 
choose a unit testing tool and formalize the same across the entire project.
I further toyed around with the idea that we make a list of "acceptable" 
unit-testing tools and then OWASP project leaders can select a tool from 
that list, but in the spirit of OWASP, lets have the project leaders suggest 
a tool.

>2.  I know that this issue is close to my heart, and Ingo and I have 
>discussed this extensively:
>	"Aspects of importance are in the following order from highest importance 
>to least importance: correct operation, security, code readability, ease of 
>use, portability, efficiency, power, and features."
>	My question is this:  Where does performance fall in this?
This was one the hardest lines to write. After tossing it around a lot, I 
realized (or someone might say "assumed") that correct operation would 
itself involve performance. Correct operation of a program is decided by the 
functional requirements laid down upfront by the customer/stakeholder, with 
performance as one of the sections. The development team may code simply to 
cover the scope of requirements, but they are always communicated about the 
expected system behavior, including at peak volumes of data and usage.
IMO, any program/system that does not meet those requirements, does not 
fulfill the mandate of "correct operation".


Add photos to your messages with MSN 8. Get 2 months FREE*. 

More information about the OWASP-Leaders mailing list