[Owasp-board] ESAPI - results

johanna curiel curiel johanna.curiel at owasp.org
Sat Jun 14 18:33:38 UTC 2014

Hi Board members

After doing some testing and source code analysis of ESAPI, and contacting
their project leaders I can conclude that:

   - The only project that can be considered as Flagship is ESAPI Java
   - There are no future plans for the other projects to continue
   - Other projects have become outdated and have come to end end of their
   development cycle
   - There is very little participation from the community in these
   projects including ESAPI Java

ESAPI Java is surviving but is not strong as compare to ZAP for example.
Kevin is the  only active contributor so far and this is not a good sign
for sustainability of a project.

I think it will be fair to say that we can allow ESAPI Java to be there
because of its maturity level for a while more but we need to monitor its
progress in the coming months

I propose we update this info but I would like to know your opinion.

I'm going to do some Code analysis on Esapi Java for vulnerabilities and
that will be my final test

The other projects will be set as inactive in the WIki


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/owasp-board/attachments/20140614/91a8879a/attachment.html>

More information about the Owasp-board mailing list