Audience for Developer Guide

[jgadsden]

We need to think about who the target audience for the Developer Guide is. Clearly from the title the main audience is application developers, but it is of course not limited to developers.

The question is - what do we mean by application developers and what do we expect them to be mainly interested in?

[hblankenship]

I think we should identify at least two groups - application developers (web, desktop, mobile, and cloud) and API developers. Further, it should be explained why security is not just for web applications (when I say 'desktop' applications I am thinking software created for kiosk applications like the ones for ordering prints from photos in stores). I would think developers would be interested in 1.) how does this apply to me, 2.) will this slow me down, 3.)how will this affect performance, 4.) are there relevant and meaningful examples?

That said, do we think we should generate 'personas' as well, like:
Jim, 20 year old web application developer, in a fast-paced industry where turnaround time is key. Interested in security but doesn't want it to slow him down?

[jgadsden]

Yes, sounds good - developers who are working within a secure software development lifecycle and who want some guidance, or even developers who want to adopt an SDLC but are not doing it yet

Do we want to structure the document using a 'notional' development lifecycle? If we did then many of the phases would be a brief description and then backed up by links to other OWASP projects ... ASVS for example