[Owasp-board] ESAPI - results

• Previous message: [Owasp-board] ESAPI - results
• Next message: [Owasp-board] Fwd: AppSec Eurpe 2014 - OWASP board members meeting in Cambridge Friday, June 27th
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

I would agree with Johanna's conclusion: 
- keep it in LAB  status for now
- define the ESAPI Java value proposition / unique selling point.

Just my 2cents.

Best wishes, Tobias



On 15/06/14 02:39, johanna curiel curiel wrote:
> Kevin , Jim
>
> What I'm really interested as Java programmer is which
> features/functionalities does ESAPI Java contain that I can't find
> anywhere?
>
> I think we need to promote those ones that :
>
>   * A java Programmer needs in order to secure their applications
>   * Cannot be found anywhere only in ESAPI
>
>
> What is ESAPI Java unique selling proposition?
>  
> Regarding the status I think the best is to leave it in LAB status
> considering the maturity level and what we need is to re-think a
> selling/marketing strategy proposition to promote esapi and maybe
> focus in those features that are a must-have, unique of ESAPI.
>
> If ESAPI Java does not have unique features then the chance of
> surviving decreases as java programmers will find easier to install
> plugins through the marketplace or use built in functionalities in
> existing Java Frameworks.
>
> What do you think?
>
>
>
>
> On Sat, Jun 14, 2014 at 9:28 PM, Jim Manico <jim.manico at owasp.org
> <mailto:jim.manico at owasp.org>> wrote:
>
>     >  ....and just try to reach a point of stability where ESAPI
>     is not bleeding too badly.
>
>     Exactly. Make it usable and not in of itself vulnerable, and I support
>     returning it to Flagship, for what it's worth.
>
>     .... I do not want to lose sight that this is Johannas call, not mine.
>
>     Aloha,
>     --
>     Jim Manico
>     @Manicode
>     (808) 652-3805 <tel:%28808%29%20652-3805>
>
>     > On Jun 15, 2014, at 9:13 AM, "Kevin W. Wall"
>     <kevin.w.wall at gmail.com <mailto:kevin.w.wall at gmail.com>> wrote:
>     >
>     > I think we should
>     > deal with the realistic assumption that it is unlikely there will be
>     > an ESAPI 3.0 (at least anytime soon, and by "soon" I mean within
>     > a year or less) and just try to reach a point of stability where
>     ESAPI
>     > is not bleeding too badly. To me, that means that we would
>
>
>
>
> _______________________________________________
> Owasp-board mailing list
> Owasp-board at lists.owasp.org
> https://lists.owasp.org/mailman/listinfo/owasp-board

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/owasp-board/attachments/20140617/f58a5f20/attachment.html>

• Previous message: [Owasp-board] ESAPI - results
• Next message: [Owasp-board] Fwd: AppSec Eurpe 2014 - OWASP board members meeting in Cambridge Friday, June 27th
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]