[Esapi-user] Recommending ESAPI?
mike.boberski at gmail.com
Sun Jan 10 19:21:51 EST 2010
I'm not sure I know what you're referring to, where it was ever suggested
that OWASP should offer any paid services. Seems kind of obvious as a
"non-profit", but for sure I don't know the intricacies past a point about
how non-profits are screwed together, maybe there's something you're
referring to that I don't know about.
FWIW/FYI, I personally am not waiting for anyone to make any sort of
decisions, I needed a PHP version, so I started contributing to the project,
and for the proprietary bits (i.e. the adapter components), I'm just
building out what I need on my own. Same goes for documentation. Similar
story from what I've gleaned for the folks who are now contributing
developer cycles to the PHP version, certainly don't mean to speak for
If people need more or different help than the mail lists or documentation
can provide using ESAPI, it's no trouble to put up a wiki page somewhere to
help users find service providers, towards the end of helping the planet
adopt ESAPI. If anyone would like to discuss further, please email me
directly. Happy to throw something together and to work with whomever on it.
On Sat, Jan 9, 2010 at 10:22 PM, Dinis Cruz <dinis.cruz at googlemail.com>wrote:
> (CCing esapi-user list)
> My view is that OWASP should NOT be providing these commercial services
> (even if it could afford to).
> ESAPI to grow and be adopted needs to be commercially supported.
> And it will happen, the only question I have is if Aspect Security will do
> it first, or if somebody else will jump in and run with it.
> Jeff & Dave, you need to make up your mind(s) on what you want to do with
> Aspect and ESAPI in 2010 :)
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Esapi-user