[Owasp-board] Crapping on projects

dinis cruz dinis.cruz at owasp.org
Thu Oct 1 20:01:22 UTC 2009


Sorry forgot to include the link to the WALA page:
http://wala.sourceforge.net/wiki/index.php/Main_Page
Dinis

2009/10/1 dinis cruz <dinis.cruz at owasp.org>

> Jeff, thx for point it out (and I will relook at this issue with fresh
> eyes).
> I can't reply in length at the moment, but you are aware that WALA is Open
> Source right?
>
> Dinis
>
> 2009/10/1 Jeff Williams <jeff.williams at owasp.org>
>
>>  Dinis,
>>
>>
>>
>> I hate to call you out, but I think your tweet to Paolo Parego (theSp0nge)
>> was inappropriate in several ways.  If I misunderstood, I apologize and
>> please help me understand.
>>
>>
>>
>>        > I have one word for you @thesp0nge : #WALA (from #IBM) It's open
>> source and is miles ahead of where you are now #owasp #owasporizon
>>
>>
>>
>> First, as a board member, I think we need to be encouraging to the folks
>> that dedicate their free time to helping OWASP’s mission.  If we think that
>> a project is not likely to succeed because it isn’t as good as some other
>> library, then we should try to constructively steer that project towards
>> something useful.  I think your message to Paolo would be discouraging to
>> other project leads as it sends the message that the OWASP Board does not
>> have their back!
>>
>>
>>
>> Second, you have a commercial relationship with IBM (of some sort) which
>> makes your thoughts about open-source static analysis projects seem biased.
>> (I say **seem** because I know that you are not – but I’m talking about
>> appearances here).  I know WALA is open source too, but I believe it comes
>> across wrong.  We just need to be careful here.
>>
>>
>>
>> Third, Orizon is security-focused and supports many languages.  WALA
>> appears to be for Java only and is not security focused.  Were you
>> suggesting that Orizon look to WALA as an engine to help with security
>> analysis?
>>
>>
>>
>> I know this is always going to be a challenge for us, as we all have
>> commercial relationships, but I’m hoping to keep on top of it so that we
>> protect non-commercial nature of OWASP.
>>
>>
>>
>> --Jeff
>>
>>
>>
>>
>>
>> _______________________________________________
>> Owasp-board mailing list
>> Owasp-board at lists.owasp.org
>> https://lists.owasp.org/mailman/listinfo/owasp-board
>>
>>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/owasp-board/attachments/20091001/6ec66727/attachment-0002.html>


More information about the Owasp-board mailing list