[Owasp-board] ESAPI - results
tobias.gondrom at owasp.org
Tue Jun 17 16:40:51 UTC 2014
I would agree with Johanna's conclusion:
- keep it in LAB status for now
- define the ESAPI Java value proposition / unique selling point.
Just my 2cents.
Best wishes, Tobias
On 15/06/14 02:39, johanna curiel curiel wrote:
> Kevin , Jim
> What I'm really interested as Java programmer is which
> features/functionalities does ESAPI Java contain that I can't find
> I think we need to promote those ones that :
> * A java Programmer needs in order to secure their applications
> * Cannot be found anywhere only in ESAPI
> What is ESAPI Java unique selling proposition?
> Regarding the status I think the best is to leave it in LAB status
> considering the maturity level and what we need is to re-think a
> selling/marketing strategy proposition to promote esapi and maybe
> focus in those features that are a must-have, unique of ESAPI.
> If ESAPI Java does not have unique features then the chance of
> surviving decreases as java programmers will find easier to install
> plugins through the marketplace or use built in functionalities in
> existing Java Frameworks.
> What do you think?
> On Sat, Jun 14, 2014 at 9:28 PM, Jim Manico <jim.manico at owasp.org
> <mailto:jim.manico at owasp.org>> wrote:
> > ....and just try to reach a point of stability where ESAPI
> is not bleeding too badly.
> Exactly. Make it usable and not in of itself vulnerable, and I support
> returning it to Flagship, for what it's worth.
> .... I do not want to lose sight that this is Johannas call, not mine.
> Jim Manico
> (808) 652-3805 <tel:%28808%29%20652-3805>
> > On Jun 15, 2014, at 9:13 AM, "Kevin W. Wall"
> <kevin.w.wall at gmail.com <mailto:kevin.w.wall at gmail.com>> wrote:
> > I think we should
> > deal with the realistic assumption that it is unlikely there will be
> > an ESAPI 3.0 (at least anytime soon, and by "soon" I mean within
> > a year or less) and just try to reach a point of stability where
> > is not bleeding too badly. To me, that means that we would
> Owasp-board mailing list
> Owasp-board at lists.owasp.org
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Owasp-board