[Owasp-leaders] Instead of OWASP libraries, why don't we ...

Achim achim at owasp.org
Sat Nov 21 21:03:47 UTC 2015


On 21.11.2015 21:06, Josh Sokol wrote:
> Something that I've also mentioned to Jim in the past is that this concept
> of individuals working on individual projects will only take us so far.  As
> an organization, we need to come up with standard function names, inputs,
> outputs, error reporting, etc across different languages and frameworks.
> That way, as an organization, in our documentation we can reference
> something like "For HTML output encoding, use the encodeHTML" function and
> it doesn't matter which language they are working with, the process is the
> same.

Hmm, developers are artists. If you force them to use "your" nameing
scheme, some of them will go away ... they're volunteers, not employees
for OWASP.
For example, if there is something like "encodeHTML" others will arg that
it must be named "escapeHTML" and so on. We already have these discussions
in papers and translations. Don't push it to another area.
Namen sind Schall und Rauch [Goethe's Faust]
It's the functionality which counts, not the function name (not saying
that name obfuscation is a good idea;-).
 
The suggested concept may work in a specific project if there is a strong
leader. If the nameing scheme should be cross-project, then we need a
"all projects" leader who enforces **and controls** the correct usage.
IMHO, not how OWASP works, bottom-up.

I'd go with Jim's comment: not "one or the other" but both. 
Just my 2 pence
Achim


More information about the OWASP-Leaders mailing list