Designing a good knowledge base

One of the most difficult thing, while developing a security tool, is designing the knowledge base.

A good knowledge base must have:

  • a high level of  maintainability;
  • smooth upgrade mechanism;
  • a comprehensive grammar.

The latest point is the most difficult to achieve. For the new Orizon tool, I started thinking about using JSON text file format, with a timestamp to be used to check against KB freshness.

For a grammar, I started wondering about using plain English to describe an unsafe pattern.

Check the file owasp-orizon-kb.json and tell me your opinion. Do you think it would be enough to describe a generic unsafe coding pattern?

Tell me yours.


Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )


Connecting to %s