[Esapi-user] ESAPI 2.0 production status

Jim Manico jim.manico at owasp.org
Sat Jan 8 06:24:39 EST 2011


ESAPI Community,

 

We recently received feedback from the NSA (and from Mr. Walton) on our
Encryptor implementation. Other than a few issues, which can be fixed in
short order, it was a generally positive review. Kevin Wall will email more
details on this soon.

 

The need for a third party encryption review was the main reason I've been
championing NOT pushing ESAPI live. Now that we have had this review, I'm
eager to see 2.0 go live!

 

There are still several 2.0 "blocking" issues in the Google code tracker.

 

http://code.google.com/p/owasp-esapi-java/issues/list?can=2
<http://code.google.com/p/owasp-esapi-java/issues/list?can=2&q=&sort=milesto
ne&colspec=ID%20Type%20Status%20Priority%20Milestone%20Component%20Owner%20S
ummary>
&q=&sort=milestone&colspec=ID%20Type%20Status%20Priority%20Milestone%20Compo
nent%20Owner%20Summary

 

I'd like your triage help. Could you kindly review the link above and let me
know if you think any of the 2.0 issues can wait for a future version?  I
think we only need to focus on real security weaknesses in the library. The
rest can wait. Fair?

 

I'd like to err on the side of pushing ESAPI 2.0 live as soon as possible,
it's been long enough.

 

Your thoughts on this matter are greatly appreciated.

 

Aloha!

- Jim

 

-------------- next part --------------
An HTML attachment was scrubbed...
URL: https://lists.owasp.org/pipermail/esapi-user/attachments/20110108/751d03cf/attachment.html 


More information about the Esapi-user mailing list