[Owasp-leaders] Instead of OWASP libraries, why don't we ...

Jim Manico jim.manico at owasp.org
Sat Nov 21 21:39:53 UTC 2015


You can map the test suite API's to developers custom function name..This is easily handled, Achim. But good point....

--
Jim Manico
Global Board Member
OWASP Foundation
https://www.owasp.org
Join me in Rome for AppSecEU 2016!

> On Nov 21, 2015, at 3:03 PM, Achim <achim at owasp.org> wrote:
> 
>> On 21.11.2015 21:06, Josh Sokol wrote:
>> Something that I've also mentioned to Jim in the past is that this concept
>> of individuals working on individual projects will only take us so far.  As
>> an organization, we need to come up with standard function names, inputs,
>> outputs, error reporting, etc across different languages and frameworks.
>> That way, as an organization, in our documentation we can reference
>> something like "For HTML output encoding, use the encodeHTML" function and
>> it doesn't matter which language they are working with, the process is the
>> same.
> 
> Hmm, developers are artists. If you force them to use "your" nameing
> scheme, some of them will go away ... they're volunteers, not employees
> for OWASP.
> For example, if there is something like "encodeHTML" others will arg that
> it must be named "escapeHTML" and so on. We already have these discussions
> in papers and translations. Don't push it to another area.
> Namen sind Schall und Rauch [Goethe's Faust]
> It's the functionality which counts, not the function name (not saying
> that name obfuscation is a good idea;-).
> 
> The suggested concept may work in a specific project if there is a strong
> leader. If the nameing scheme should be cross-project, then we need a
> "all projects" leader who enforces **and controls** the correct usage.
> IMHO, not how OWASP works, bottom-up.
> 
> I'd go with Jim's comment: not "one or the other" but both. 
> Just my 2 pence
> Achim
> _______________________________________________
> OWASP-Leaders mailing list
> OWASP-Leaders at lists.owasp.org
> https://lists.owasp.org/mailman/listinfo/owasp-leaders
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/owasp-leaders/attachments/20151121/837a6ad3/attachment-0001.html>


More information about the OWASP-Leaders mailing list