[Owasp-board] ESAPI

Samantha Groves samantha.groves at owasp.org
Thu Jan 17 13:05:33 UTC 2013


Thank you for pointing that out, Jason. We discussed this last year during
our GPC meetings, and we agreed that the Flagship status was tentative as
we were developing a new system of project designation. As Jason pointed
out, the projects that are currently labeled Flagship do provide strategic
value to OWASP, but I agree that we need to work on polishing the quality
of each if they are to keep the Flagship status.

I don't think, however, that we should remove any of our Flagship projects
from that designation quite yet as we have not given them an opportunity to
improve. We are just now launching this new projects infrastructure, and to
try and pick and choose which projects deserve this designation at this
point is a bit redundant. The GPC have put in an extraordinary amount of
work researching the strategic value of each initiative, and I am confident
in their Flagship project choices. After our new infrastructure is
launched, we can then give them 6 months to a year to bump up the quality,
or they can be removed. This might take more time, but I feel it is the
best way as it gives all of our project leaders an opportunity to work on
their project with the support of the new infrastructure.

That being said, I do agree with Jim that the quality of ESAPI must
certainly be worked on. However, I feel that spending money on a problem
that will only solve that problem in the short term is not a very
sustainable or scalable solution. I would much rather spend my time doing a
bit of extra work developing a creative solution that will benefit all of
our projects instead of putting our time, effort and resources into a quick
fix that will only benefit one project and one project leader.

SG

On Wed, Jan 16, 2013 at 11:53 PM, Jason Li <jason.li at owasp.org> wrote:

> One note - no project is currently "Flagship".
>
> We have projects that we think are strategically valuable enough that they
> we should try to push them to that status.
>
> To Jim's point, the project (and really any project that we would want to
> be a Flagship project) needs some polish, support and love to really be in
> that class.
>
> There are several "strategic" projects that I believe OWASP should look to
> push to Flagship status, but if the project is not of sufficient quality,
> it should not be referred to as Flagship regardless of how strategic or
> important the project is.
>
> -Jason
>
>
> On Wednesday, January 16, 2013, Samantha Groves wrote:
>
>> Hello Seba and Jim,
>>
>> I certainly do think that ESAPI needs a committed project leader and a
>> dedicated project support team to help take it to the next level of
>> development. As ESAPI is one of our Flagship projects, I see nothing wrong
>> with giving the initiative an extra amount of support from the foundation.
>> That being said, the amount of support we choose to give this project will
>> need to be reproduced for at least all 15 Flagship projects. I suggest we
>> keep this in mind when discussing how to provide support to ESAPI.
>>
>> SG
>>
>> On Wed, Jan 16, 2013 at 6:13 AM, Seba <seba at owasp.org> wrote:
>>
>>> Hi Jim
>>> sounds like a good suggestion for the short term
>>> on longer term, ESAPI needs a committed project manager and
>>> project/support team to evolve it in the de facto standard security
>>> framework example/implementation supported by a reliable community
>>>
>>> Samantha: what are your thoughts?
>>>
>>> --seba
>>>
>>>
>>> On Tue, Jan 15, 2013 at 9:25 PM, Jim Manico <jim.manico at owasp.org>wrote:
>>>
>>>> We have 5k in funding for ESAPI. ESAPI for Java is the main version of
>>>> ESAPI.
>>>>
>>>> Most everyone who was on the project dropped out, myself included.
>>>>
>>>> Kevin Wall is the "last man standing" working on the project. And
>>>> frankly, his code is the highest quality - by far - on the project.
>>>>
>>>> Can we spend some of the 5k in ESAPI funding to pay Kevin to finish the
>>>> next release?
>>>>
>>>> He did not ask for this, this is my suggestion to use funds to move a
>>>> key project along in support of our mission.
>>>>
>>>> - Jim
>>>>
>>>> _______________________________________________
>>>> Owasp-board mailing list
>>>> Owasp-board at lists.owasp.org
>>>> https://lists.owasp.org/mailman/listinfo/owasp-board
>>>>
>>>
>>>
>>
>>
>> --
>>
>> *Samantha Groves, MBA*****
>>
>> *OWASP Project Manager*
>>
>> *
>> *
>>
>> The OWASP Foundation
>>
>> London, United Kingdom
>>
>> Email: samantha.groves at owasp.org
>>
>> Skype: samanthahz
>>
>>
>> Book a Meeting with Me <http://goo.gl/mZXdZ>
>>
>> OWASP Contact US Form <http://owasp4.owasp.org/contactus.html>
>>
>> New Project Application Form<https://docs.google.com/a/owasp.org/spreadsheet/viewform?formkey=dHZfWGhHZ0Z4UFFwZU42djBXcVVLSlE6MQ#gid=0>
>>
>>
>>
>>


-- 

*Samantha Groves, MBA*****

*OWASP Project Manager*

*
*

The OWASP Foundation

London, United Kingdom

Email: samantha.groves at owasp.org

Skype: samanthahz


Book a Meeting with Me <http://goo.gl/mZXdZ>

OWASP Contact US Form <http://owasp4.owasp.org/contactus.html>

New Project Application
Form<https://docs.google.com/a/owasp.org/spreadsheet/viewform?formkey=dHZfWGhHZ0Z4UFFwZU42djBXcVVLSlE6MQ#gid=0>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/owasp-board/attachments/20130117/56b7484a/attachment-0003.html>


More information about the Owasp-board mailing list