[OWASP-LEADERS] Owasp project standards

Manavendra Gupta manavendrak at hotmail.com
Mon Feb 17 07:10:22 EST 2003

>>>1.  You make a comment regarding testing and formalization of the testing 
>>>tool.  Is there going to be a practices document for each project?  Or is 
>>>it just like: "Hey everyone, we will use JUnit"
>>Like the document says "Project Leaders are advised to formalize the 
>>unit-testing tool for their project" - hence, instead of saying "Hey, lets 
>>use JUnit", the respective OWASP project leader shall have the choice to 
>>choose a unit testing tool and formalize the same across the entire 
>>I further toyed around with the idea that we make a list of "acceptable" 
>>unit-testing tools and then OWASP project leaders can select a tool from 
>>that list, but in the spirit of OWASP, lets have the project leaders 
>>suggest a tool.
>I think that I mis-worded the question.  Let me try again:
>Is there a standard template that we make our selections known i.e. JUnit.  
>Or are you simply recommending a good practice for the leaders.  One of the 
>big problems that I have is time.  It would be neat if there was a norms 
>document for each project.  And then anyone coming into the project would 
>know what are the practices.
I understand what you mean. Ideally, I would prefer providing a list to 
choose from - and that means OWASP periodically updates that list (as is 
listed in the document itself). But, at the same time, one of the mission 
objectives is to let the enthusiasts/initiators contribue. We can settle for 
a mix of both - provide a list to choose from (for different 
technologies/languages), and let the members contribute (in that case there 
has to be someone to decide whether to allow/deny).

What do you (and others) suggest?


MSN 8 with e-mail virus protection service: 2 months FREE* 

More information about the OWASP-Leaders mailing list