[Esapi-user] ESAPI changing of the guard
mseil at acm.org
Sat Dec 17 22:43:18 UTC 2016
Sorry for the double email, had to make sure which email address was
I am honored, I am humbled, and I have big shoes to fill!
About a year ago I dove into trying to revive maintenance on the project
after OWASP leadership yanked ESAPI's flagship status. I hope to work with
Kevin to work out a more regular release schedule. Actually, I have to
call myself out as I have a months-old code review to address for Kevin.
As to my background, I have nearly 8 years of experience as a Java software
engineer, six of that dedicated to web application attack and defense as
well as developer training. I'm all but thesis on my Master's in
Cybersecurity where I'm working on using NVIDIA's CUDA technology to
develop proof of concept rootkits for AV avoidance as well as Windows
Anti-Forensics. Currently I have made the switch to embedded systems
design, but I do not expect that my passion for web security will wane.
Thanks again, and I am truly honored.
On Sat, Dec 17, 2016 at 3:38 PM Matt Seil <mseil at acm.org> wrote:
On Fri, Dec 16, 2016 at 9:18 PM Kevin W. Wall <kevin.w.wall at gmail.com>
[NOTE: Apologies in advance for cross-posting this
to 3 OWASP mailing lists at once. If you decide
you want to Reply-All, make sure you are
subscribed to all the groups or delete from the
To:/Cc: lines to those that you are not subscribed
to. If you fail to do so, you will get your email
bounced from whatever mailing lists that you have
not subscribed to.]
It is with mixed emotions that I am making this
announcement, that Chris Schmidt is stepping down
as long-time ESAPI co-leader and that Matt Seil will be
taking over that position and attempting to fill
On one hand, I'm saddened because Chris was such a
great leader and contributor for ESAPI. Chris took
over as co-leader sometime in May 2011, at the same
time that I did, when Jim Manico handed over us the reigns,
but Chris' contributions to ESAPI go back way before my
involvement and his contributions are much broader than mine.
While I focused mostly on ESAPI's crypto and provided some
occasional general ESAPI bug zapping, Chris had his hands
in almost everything ESAPI (and I mean that in a good way).
For instance, he single-handedly created the ESAPI for
Chris also played the major role in the ESAPI 2.x's
release management as well as creating the outline
for the ESAPI 3.x interfaces. His wisdom, insigh, and
broad experience will be sorely missed by ESAPI.
However, Chris should be admired in admitting that
as of late, because of job and personal
obligations, he has lacked the "time to really
provide any value to the ESAPI team" and therefore
is stepping down in the best interest of ESAPI.
I personally have enjoyed working with Chris for
these past 5.5 years and have learned a lot from
him. I hope that he periodically finds time to
continue to contribute ESAPI in whatever way
On the other hand, I am eagerly looking forward to
working with Matt Seil as the new ESAPI co-lead.
Matt was a major contributor to bug fixes for the
ESAPI 220.127.116.11 release last February. He and I
worked well together and I think he is highly
respected in the OWASP community by those who
Shortly after this New Years, Matt and I hope to get
together and discuss future plans for ESAPI, both
short-term and long-term goals. Once we have the
initial groundwork for that recorded in electrons
somewhere, we will share them with the broader
ESAPI community to get feedback and then revise
them as needed. (In the meantime, if you have some
suggestions that you would like us to potentially
consider, please email them to Matt and I. [And please
do so under a new, separate thread! Thanks])
As I am not sure how to "formalize" this changing
of the guard from Chris to Matt, I have updated
the main OWASP wiki pages and GitHub pages and
added Matt as an "owner" of the ESAPI GitHub
repo. (If there's anyone on the OWASP Global Project
Committee [do we still even have that?] or the OWASP
staff who is reading this and knows of some other
specific step(s) I need to take to affect this transition
in a more formal manner, please contact me privately
to follow up. Thanks.)
In the meantime, I hope that along with me, you will
extend your thanks and appreciation to Chris for his
labor of love on ESAPI and extend your welcome to
Matt as the new ESAPI project co-lead.
Thanks for listening,
Blog: http://off-the-wall-security.blogspot.com/ | Twitter: @KevinWWall
NSA: All your crypto bit are belong to us.
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Esapi-user