[Owasp-leaders] Fwd: Stepping down as Board Member

Andre Gironda andreg at gmail.com
Mon Feb 14 12:32:02 EST 2011


On Mon, Feb 14, 2011 at 10:06 AM, John Wilander <john.wilander at owasp.org> wrote:
> Eoin, if you write production code weekly you're on my list of coders for
> sure. Did not know that. Cred.
>> So you are of the opinion that writing code is of paramount importance
>> regardless of if its done right?
>
> The "done right" addon can be applied to guidelines and policies too =>
> redundant rhetorics. I also believe I wrote "production code" which in my
> view says something about quality.

It says nothing about quality. You seem obsessed with this "production
code" thing, but you don't define it. So if I'm a dev-test coder, and
only write code that works in integration, then somehow I'm not
qualified to be an OWASP board member? What if I write 7 kloc a day
and the production coders I work with only change tens of loc's per
day? What if all of their success in refactorings are based on my test
automation? What if the production coders are constantly making
mistakes and a quality-oriented person is covering for them --
correcting mistakes and making that shipped code actually work from a
user perspective?

> I don't believe in non-coders teaching coders how to code better. Many OWASP
> outreach attempts fail because we're not on the right level. Web 1.5 code
> snippets on a Powerpoint slide won't cut it. "Demo or die".

I disagree with this point. Customers and users always teach coders
how to code better. Quality engineers even moreso.

> As I said above, as long as you're writing production code weekly you
> understand coders and can take on that role on the board. Good!

I think there is room on the board for more than one type of person.
This seems to over-favor a certain type of application developer.

-Andre


More information about the OWASP-Leaders mailing list