[Owasp-leaders] Instead of OWASP libraries, why don't we ...

Jim Manico jim.manico at owasp.org
Sat Nov 21 21:39:53 UTC 2015

You can map the test suite API's to developers custom function name..This is easily handled, Achim. But good point....

Jim Manico
Global Board Member
OWASP Foundation
Join me in Rome for AppSecEU 2016!

> On Nov 21, 2015, at 3:03 PM, Achim <achim at owasp.org> wrote:
>> On 21.11.2015 21:06, Josh Sokol wrote:
>> Something that I've also mentioned to Jim in the past is that this concept
>> of individuals working on individual projects will only take us so far.  As
>> an organization, we need to come up with standard function names, inputs,
>> outputs, error reporting, etc across different languages and frameworks.
>> That way, as an organization, in our documentation we can reference
>> something like "For HTML output encoding, use the encodeHTML" function and
>> it doesn't matter which language they are working with, the process is the
>> same.
> Hmm, developers are artists. If you force them to use "your" nameing
> scheme, some of them will go away ... they're volunteers, not employees
> for OWASP.
> For example, if there is something like "encodeHTML" others will arg that
> it must be named "escapeHTML" and so on. We already have these discussions
> in papers and translations. Don't push it to another area.
> Namen sind Schall und Rauch [Goethe's Faust]
> It's the functionality which counts, not the function name (not saying
> that name obfuscation is a good idea;-).
> The suggested concept may work in a specific project if there is a strong
> leader. If the nameing scheme should be cross-project, then we need a
> "all projects" leader who enforces **and controls** the correct usage.
> IMHO, not how OWASP works, bottom-up.
> I'd go with Jim's comment: not "one or the other" but both. 
> Just my 2 pence
> Achim
> _______________________________________________
> OWASP-Leaders mailing list
> OWASP-Leaders at lists.owasp.org
> https://lists.owasp.org/mailman/listinfo/owasp-leaders
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/owasp-leaders/attachments/20151121/837a6ad3/attachment-0001.html>

More information about the OWASP-Leaders mailing list