[OWASP-LEADERS] Owasp project standards
david.raphael at ceterum.net
Mon Feb 17 01:59:17 EST 2003
On Monday, February 17, 2003, at 12:10 AM, Manavendra Gupta wrote:
>> Wow! This is great.
>> I have a few questions:
>> 1. You make a comment regarding testing and formalization of the
>> testing tool. Is there going to be a practices document for each
>> project? Or is it just like: "Hey everyone, we will use JUnit"
> Like the document says "Project Leaders are advised to formalize the
> unit-testing tool for their project" - hence, instead of saying "Hey,
> lets use JUnit", the respective OWASP project leader shall have the
> choice to choose a unit testing tool and formalize the same across the
> entire project.
> I further toyed around with the idea that we make a list of
> "acceptable" unit-testing tools and then OWASP project leaders can
> select a tool from that list, but in the spirit of OWASP, lets have
> the project leaders suggest a tool.
I think that I mis-worded the question. Let me try again:
Is there a standard template that we make our selections known i.e.
JUnit. Or are you simply recommending a good practice for the leaders.
One of the big problems that I have is time. It would be neat if
there was a norms document for each project. And then anyone coming
into the project would know what are the practices.
>> 2. I know that this issue is close to my heart, and Ingo and I have
>> discussed this extensively:
>> "Aspects of importance are in the following order from highest
>> importance to least importance: correct operation, security, code
>> readability, ease of use, portability, efficiency, power, and
>> My question is this: Where does performance fall in this?
> This was one the hardest lines to write. After tossing it around a
> lot, I realized (or someone might say "assumed") that correct
> operation would itself involve performance. Correct operation of a
> program is decided by the functional requirements laid down upfront by
> the customer/stakeholder, with performance as one of the sections. The
> development team may code simply to cover the scope of requirements,
> but they are always communicated about the expected system behavior,
> including at peak volumes of data and usage.
> IMO, any program/system that does not meet those requirements, does
> not fulfill the mandate of "correct operation".
> Add photos to your messages with MSN 8. Get 2 months FREE*.
> This sf.net email is sponsored by:ThinkGeek
> Welcome to geek heaven.
> Owasp-leaders mailing list
> Owasp-leaders at lists.sourceforge.net
More information about the OWASP-Leaders