[Owasp-board] Crapping on projects

Jeff Williams jeff.williams at owasp.org
Thu Oct 1 19:23:33 UTC 2009



I hate to call you out, but I think your tweet to Paolo Parego (theSp0nge)
was inappropriate in several ways.  If I misunderstood, I apologize and
please help me understand.


       > I have one word for you @thesp0nge : #WALA (from #IBM) It's open
source and is miles ahead of where you are now #owasp #owasporizon


First, as a board member, I think we need to be encouraging to the folks
that dedicate their free time to helping OWASP's mission.  If we think that
a project is not likely to succeed because it isn't as good as some other
library, then we should try to constructively steer that project towards
something useful.  I think your message to Paolo would be discouraging to
other project leads as it sends the message that the OWASP Board does not
have their back!


Second, you have a commercial relationship with IBM (of some sort) which
makes your thoughts about open-source static analysis projects seem biased.
(I say *seem* because I know that you are not - but I'm talking about
appearances here).  I know WALA is open source too, but I believe it comes
across wrong.  We just need to be careful here.


Third, Orizon is security-focused and supports many languages.  WALA appears
to be for Java only and is not security focused.  Were you suggesting that
Orizon look to WALA as an engine to help with security analysis?


I know this is always going to be a challenge for us, as we all have
commercial relationships, but I'm hoping to keep on top of it so that we
protect non-commercial nature of OWASP.





-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/owasp-board/attachments/20091001/ed69182d/attachment-0002.html>

More information about the Owasp-board mailing list