Purpose of the Developer Guide

[jgadsden]

It would be good to think again about the purpose of the OWASP Developer Guide

I see it as a similar resource to the Application Security Wayfinder diagram, in that it is an explanatory document for the wide range of activities that developers are required to know about

It should provide short introductions to all the major activities, and then provide enough further detail to be able to hand-off to the particular OWASP projects - these projects already provide the level of detail required by developers

[jgadsden]

This would need a change to the major section ordering, along the lines of:

1. Requirements
2. Design
3. implementation
4. Verification
5. Training / Education
6. Culture Building & Process Maturing
7. Operation

and possibly sections on:

• Metrics
• Policy Gap Evaluation

[jgadsden]

The sections that we use at the moment are taken from the previous Developer Guide, which did not get to completion, and maybe we need to take a fresh look at the structure of the Developer Guide

[jgadsden]

A pull request #89 has been created to start this process

[hblankenship]

I think this is a brilliant direction.

[jgadsden]

The pull requests #89 and #92 implement the reorganisation of the Developer Guide to follow this new direction.
Points to note:

• each project from the wayfinder is given a page to describe what it is, why it should be used, and how to use it
• it would be good to get the project leaders themselves to provide this content, but if not then I can fill it in
• @Shruti-s-kulkarni 's content is preserved in its entirety as a collection of Do's and Don'ts in the Implementation and Verification chapters
• The developer guide is now long - around 130 pages - so this is about our maximum on content