[Owasp-board] Flagship Code Products
Jim Manico
jim.manico at owasp.org
Fri Mar 28 09:46:34 UTC 2014
This makes me very sad.
_Flagship Code Projects_
* OWASP AntiSamy Project < Abandoned, had to pay someone to update the
wiki, not project leads. Roadmap is from 2011, no updates, etc.
* OWASP Enterprise Security API < Abandoned, wiki out of date, old
template, no code changes, we paid good money to have a codeathon in NYC
and got... nothing.
* WASP CSRFGuard Project < Somewhat being maintained, abandoned by
author but picked up by another leaders, but is a horrific design and
only works on the most basic of websites. This is a bad bad design for
complex web 2.0 applications (since it uses JavaScript to inject tokes
into the DOM which is fraught with error).
* OWASP ModSecurity Core Rule Set Project < Awesome updates, wiki
updated by project owner,
https://www.owasp.org/index.php/Category:OWASP_ModSecurity_Core_Rule_Set_Project
I've been helping manage several production quality, highly scalable
secure coding components (that were written by PhD level software
engineers) and I'm sad to see them still stuck in incubator. We also
have projects like Dependency Check that are incredibly fantastic tools,
still stuck in incubator.
Samantha has been working hard on this, but every time I see our project
list it really upsets me because when dev folks really try to use these
components; it's so far from production quality that it makes us look
really bad. No wonder we can't really get developers to be a part of our
community or use our stuff.
I am sure I will get flack for this, but I stand by my opinions that
this is something that is critical to fix at OWASP. I was recently
trying to get a software company to be the first top tier corporate
sponsor, but as part of this, they looked at our flagship projects and
wiki, saw how crusty they both were, and said "no way". Sad.
- Jim
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/owasp-board/attachments/20140328/50f72735/attachment.html>
More information about the Owasp-board
mailing list