[Owasp-board] Flagship Code Products

Jim Manico jim.manico at owasp.org
Fri Mar 28 09:46:34 UTC 2014


This makes me very sad.

_Flagship Code Projects_

* OWASP AntiSamy Project  <  Abandoned, had to pay someone to update the 
wiki, not project leads. Roadmap is from 2011, no updates, etc.

* OWASP Enterprise Security API <  Abandoned, wiki out of date, old 
template, no code changes, we paid good money to have a codeathon in NYC 
and got... nothing.

* WASP CSRFGuard Project <  Somewhat being maintained, abandoned by 
author but picked up by another leaders, but is a horrific design and 
only works on the most basic of websites. This is a bad bad design for 
complex web 2.0 applications (since it uses JavaScript to inject tokes 
into the DOM which is fraught with error).

* OWASP ModSecurity Core Rule Set Project <  Awesome updates, wiki 
updated by project owner, 
https://www.owasp.org/index.php/Category:OWASP_ModSecurity_Core_Rule_Set_Project

I've been helping manage several production quality, highly scalable 
secure coding components (that were written by PhD level software 
engineers) and I'm sad to see them still stuck in incubator.  We also 
have projects like Dependency Check that are incredibly fantastic tools, 
still stuck in incubator.

Samantha has been working hard on this, but every time I see our project 
list it really upsets me because when dev folks really try to use these 
components; it's so far from production quality that it makes us look 
really bad. No wonder we can't really get developers to be a part of our 
community or use our stuff.

I am sure I will get flack for this, but I stand by my opinions that 
this is something that is critical to fix at OWASP. I was recently 
trying to get a software company to be the first top tier corporate 
sponsor, but as part of this, they looked at our flagship projects and 
wiki, saw how crusty they both were, and said "no way". Sad.

- Jim
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/owasp-board/attachments/20140328/50f72735/attachment.html>


More information about the Owasp-board mailing list