[OWASP-LEADERS] Owasp project standards

David Raphael david.raphael at ceterum.net
Mon Feb 17 01:59:17 EST 2003


On Monday, February 17, 2003, at 12:10  AM, Manavendra Gupta wrote:

>>
>> Wow!  This is great.
> Thanks.
>
>>
>> I have a few questions:
>>
>> 1.  You make a comment regarding testing and formalization of the 
>> testing tool.  Is there going to be a practices document for each 
>> project?  Or is it just like: "Hey everyone, we will use JUnit"
> Like the document says "Project Leaders are advised to formalize the 
> unit-testing tool for their project" - hence, instead of saying "Hey, 
> lets use JUnit", the respective OWASP project leader shall have the 
> choice to choose a unit testing tool and formalize the same across the 
> entire project.
> I further toyed around with the idea that we make a list of 
> "acceptable" unit-testing tools and then OWASP project leaders can 
> select a tool from that list, but in the spirit of OWASP, lets have 
> the project leaders suggest a tool.
I think that I mis-worded the question.  Let me try again:
Is there a standard template that we make our selections known i.e. 
JUnit.  Or are you simply recommending a good practice for the leaders. 
  One of the big problems that I have is time.  It would be neat if 
there was a norms document for each project.  And then anyone coming 
into the project would know what are the practices.

>
>> 2.  I know that this issue is close to my heart, and Ingo and I have 
>> discussed this extensively:
>> 	"Aspects of importance are in the following order from highest 
>> importance to least importance: correct operation, security, code 
>> readability, ease of use, portability, efficiency, power, and 
>> features."
>> 	My question is this:  Where does performance fall in this?
> This was one the hardest lines to write. After tossing it around a 
> lot, I realized (or someone might say "assumed") that correct 
> operation would itself involve performance. Correct operation of a 
> program is decided by the functional requirements laid down upfront by 
> the customer/stakeholder, with performance as one of the sections. The 
> development team may code simply to cover the scope of requirements, 
> but they are always communicated about the expected system behavior, 
> including at peak volumes of data and usage.
> IMO, any program/system that does not meet those requirements, does 
> not fulfill the mandate of "correct operation".
>
>
> Regards,
> Manav.
>
> _________________________________________________________________
> Add photos to your messages with MSN 8. Get 2 months FREE*. 
> http://join.msn.com/?page=features/featuredemail
>
>
>
> -------------------------------------------------------
> This sf.net email is sponsored by:ThinkGeek
> Welcome to geek heaven.
> http://thinkgeek.com/sf
> _______________________________________________
> Owasp-leaders mailing list
> Owasp-leaders at lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/owasp-leaders
>
>





More information about the OWASP-Leaders mailing list