Software Security/Group 1/Wanted Documentation

Uit Werkplaats
Ga naar: navigatie, zoeken

We have not encountered any significant documentation relevant to the requirements we have been reviewing. The few pieces of documentation that were provided (in /docs) merely contained installation instructions, version requirements, code layout guidelines, and some very basic vague "best practices".

Ideally, we would want documentation that documents each function's preconditions and postconditions, indicates invariants, identifies concerns, distributes responsibilities, explains rationales, etc. And on a bigger scale, we really could have used things like architecture overviews explaining things like the precise role of the database, the privilege system, and the use of the templating engine.