[Owasp-board] Project Request from Mark Curphey
jim.manico at owasp.org
Wed Apr 9 20:54:55 UTC 2014
Samantha and Board,
Mark Curphey is thinking of moving his project, "Headlines", to OWASP.
This project is an open source Java collection of HTTP response headers
to elevate the security of your web app! This makes it a LOT easier for
Java dev's to do things like create Content Security Policy and the
like. This really fits into my vision of giving developers a series of
_easy to use_ security components.
Here is Mark's request.
1. Start a Secure Headers OWASP Project
2. Mark or one of his people from the company "*SourceClear*" will be
the project leader
3. Move the current *SourceClear* Headlines Java to the OWASP Project
for future development https://github.com/sourceclear/headlines
4. Define a charter to create feature parity (where appropriate libs) in
PHP, .NET, Node etc. Maybe be able to do this by pulling in existing
libs (we know if a few) or forking them.
5. *SourceClear* will offer some cash prize money for good open source
implementations ($1K per implementation)
6. Mark wants to then use use the Headlines scanner tool to scan many
apps on the web and to then produce an /OWASP Secure Headers/ quarterly
report on who us using what headers.
So, I seek out "pure OWASP projects" with minimal to no commercial
branding. Mark wants to do this primarily to give SourceClear some
publicity. Can you help me work with him to figure out what a good
balance would be? I really like this idea, I just want to keep OWASP's
integrity as vendor neutral intact.
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Owasp-board