The group discussed code-auditing tools and error handling in Java applications. Ken Raeburn from the Kerberos team came to discuss code-auditing tools he's surveyed for C code on behalf of his team. Vijay Konda came from the CAMS project to gather feedback from the group on how he should approach error handling in his Java web applications.
- The group deciding that code-auditing tools make a sensible addition to MAP.
- The group members will document their perceived code-auditing requirements as part of map-contrib.
- It makes sense to focus on tools for C and Java. It makes most sense to focus on tools that will work both as part of the development cycle and as something we can integrate into a continuous integration (Bamboo) environment.
- Tools for different programming language will be necessary but they should be able to fit into the same support and distribution model. Support for desktop-environment configuration, beyond documentation, is prohibitive.
- The group determined that error handling is a function of style. It was difficult for the group to point to any best practice concrete enough to create a MAP standard.
- Difference of opinion on whether relying on, or casting all errors into, standard exception handling mechanisms makes sense.
- One best practice is to default to using interception tools in Struts for MAP-based applications.
- A basic categorization of errors seemed to surface: business/validation, dependent system availability/error, coding error in the local java application.