[Owasp-board] ESAPI

Samantha Groves samantha.groves at owasp.org
Fri Jan 18 11:54:06 UTC 2013


Not at all. We are simply using this forum to discuss your idea and
alternative solutions to the problem. I think overall, there are a few
concerns, but that doesn't mean we can't move forward. At the end of the
day, I believe this is a strategic decision which is why I felt it was a
good idea to bring it up to the board. If the community decides to go in
this direction, we will support the decision and move forward with
implementation from an operations perspective, of course.

SG

On Thu, Jan 17, 2013 at 7:53 PM, Jim Manico <jim.manico at owasp.org> wrote:

>
> > That being said, I do agree with Jim that the quality of ESAPI must
> > certainly be worked on. However, I feel that spending money on a problem
> > that will only solve that problem in the short term is not a very
> > sustainable or scalable solution. I would much rather spend my time
> doing a
> > bit of extra work developing a creative solution that will benefit all of
> > our projects instead of putting our time, effort and resources into a
> quick
> > fix that will only benefit one project and one project leader.
>
>
> So the alternative is to leave ESAPI as is - a abandoned Flagship
> project. That leaves us in a place of very low integrity as an
> organization.
>
> - Jim
>
>
> >
> > SG
> >
> > On Wed, Jan 16, 2013 at 11:53 PM, Jason Li <jason.li at owasp.org> wrote:
> >
> >> One note - no project is currently "Flagship".
> >>
> >> We have projects that we think are strategically valuable enough that
> they
> >> we should try to push them to that status.
> >>
> >> To Jim's point, the project (and really any project that we would want
> to
> >> be a Flagship project) needs some polish, support and love to really be
> in
> >> that class.
> >>
> >> There are several "strategic" projects that I believe OWASP should look
> to
> >> push to Flagship status, but if the project is not of sufficient
> quality,
> >> it should not be referred to as Flagship regardless of how strategic or
> >> important the project is.
> >>
> >> -Jason
> >>
> >>
> >> On Wednesday, January 16, 2013, Samantha Groves wrote:
> >>
> >>> Hello Seba and Jim,
> >>>
> >>> I certainly do think that ESAPI needs a committed project leader and a
> >>> dedicated project support team to help take it to the next level of
> >>> development. As ESAPI is one of our Flagship projects, I see nothing
> wrong
> >>> with giving the initiative an extra amount of support from the
> foundation.
> >>> That being said, the amount of support we choose to give this project
> will
> >>> need to be reproduced for at least all 15 Flagship projects. I suggest
> we
> >>> keep this in mind when discussing how to provide support to ESAPI.
> >>>
> >>> SG
> >>>
> >>> On Wed, Jan 16, 2013 at 6:13 AM, Seba <seba at owasp.org> wrote:
> >>>
> >>>> Hi Jim
> >>>> sounds like a good suggestion for the short term
> >>>> on longer term, ESAPI needs a committed project manager and
> >>>> project/support team to evolve it in the de facto standard security
> >>>> framework example/implementation supported by a reliable community
> >>>>
> >>>> Samantha: what are your thoughts?
> >>>>
> >>>> --seba
> >>>>
> >>>>
> >>>> On Tue, Jan 15, 2013 at 9:25 PM, Jim Manico <jim.manico at owasp.org
> >wrote:
> >>>>
> >>>>> We have 5k in funding for ESAPI. ESAPI for Java is the main version
> of
> >>>>> ESAPI.
> >>>>>
> >>>>> Most everyone who was on the project dropped out, myself included.
> >>>>>
> >>>>> Kevin Wall is the "last man standing" working on the project. And
> >>>>> frankly, his code is the highest quality - by far - on the project.
> >>>>>
> >>>>> Can we spend some of the 5k in ESAPI funding to pay Kevin to finish
> the
> >>>>> next release?
> >>>>>
> >>>>> He did not ask for this, this is my suggestion to use funds to move a
> >>>>> key project along in support of our mission.
> >>>>>
> >>>>> - Jim
> >>>>>
> >>>>> _______________________________________________
> >>>>> Owasp-board mailing list
> >>>>> Owasp-board at lists.owasp.org
> >>>>> https://lists.owasp.org/mailman/listinfo/owasp-board
> >>>>>
> >>>>
> >>>>
> >>>
> >>>
> >>> --
> >>>
> >>> *Samantha Groves, MBA*****
> >>>
> >>> *OWASP Project Manager*
> >>>
> >>> *
> >>> *
> >>>
> >>> The OWASP Foundation
> >>>
> >>> London, United Kingdom
> >>>
> >>> Email: samantha.groves at owasp.org
> >>>
> >>> Skype: samanthahz
> >>>
> >>>
> >>> Book a Meeting with Me <http://goo.gl/mZXdZ>
> >>>
> >>> OWASP Contact US Form <http://owasp4.owasp.org/contactus.html>
> >>>
> >>> New Project Application Form<
> https://docs.google.com/a/owasp.org/spreadsheet/viewform?formkey=dHZfWGhHZ0Z4UFFwZU42djBXcVVLSlE6MQ#gid=0
> >
> >>>
> >>>
> >>>
> >>>
> >
> >
> >
> >
> > _______________________________________________
> > Owasp-board mailing list
> > Owasp-board at lists.owasp.org
> > https://lists.owasp.org/mailman/listinfo/owasp-board
> >
>
>


-- 

*Samantha Groves, MBA*****

*OWASP Project Manager*

*
*

The OWASP Foundation

London, United Kingdom

Email: samantha.groves at owasp.org

Skype: samanthahz


Book a Meeting with Me <http://goo.gl/mZXdZ>

OWASP Contact US Form <http://owasp4.owasp.org/contactus.html>

New Project Application
Form<https://docs.google.com/a/owasp.org/spreadsheet/viewform?formkey=dHZfWGhHZ0Z4UFFwZU42djBXcVVLSlE6MQ#gid=0>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/owasp-board/attachments/20130118/e32ad6b1/attachment.html>


More information about the Owasp-board mailing list