[Owasp-board] Project Request from Mark Curphey

Wed Apr 9 20:54:55 UTC 2014

Samantha and Board,

Mark Curphey is thinking of moving his project, "Headlines", to OWASP.  
This project is an open source Java collection of HTTP response headers 
to elevate the security of your web app! This makes it a LOT easier for 
Java dev's to do things like create Content Security Policy and the 
like. This really fits into my vision of giving developers a series of 
_easy to use_ security components.

Here is Mark's request.

1. Start a Secure Headers OWASP Project
2. Mark or one of his people from the company "*SourceClear*" will be 
the project leader
3. Move the current *SourceClear* Headlines Java to the OWASP Project 
for future development https://github.com/sourceclear/headlines
4. Define a charter to create feature parity (where appropriate libs) in 
PHP, .NET, Node etc. Maybe be able to do this by pulling in existing 
libs (we know if a few) or forking them.
5. *SourceClear* will offer some cash prize money for good open source 
implementations ($1K per implementation)
6. Mark wants to then use use the Headlines scanner tool to scan many 
apps on the web and to then produce an /OWASP Secure Headers/ quarterly 
report on who us using what headers.

So, I seek out "pure OWASP projects" with minimal to no commercial 
branding. Mark wants to do this primarily to give SourceClear some 
publicity. Can you help me work with him to figure out what a good 
balance would be? I really like this idea, I just want to keep OWASP's 
integrity as vendor neutral intact.

Thank you,
Jim

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/owasp-board/attachments/20140409/f450b05c/attachment-0001.html>