Software Security/Group 1/Wanted Documentation
Uit Werkplaats
< Software Security | Group 1
We have not encountered any significant documentation relevant to the requirements we have been reviewing. The few pieces of documentation that were provided (in /docs) merely contained installation instructions, version requirements, code layout guidelines, and some very basic vague "best practices".
Ideally, we would want documentation that documents each function's preconditions and postconditions, indicates invariants, identifies concerns, distributes responsibilities, explains rationales, etc. And on a bigger scale, we really could have used things like architecture overviews explaining things like the precise role of the database, the privilege system, and the use of the templating engine.