[Owasp-board] Let the ESAPI raid on code begin
jim.manico at owasp.org
Sat Mar 29 06:26:55 UTC 2014
The other thing I'm working on with a few folks is to begin a raid on
ESAPI Java for gold. (ie: valuable code).
We are going to create several smaller projects that are NOT under the
ESAPI banner and make them stand-alone projects (like the
OWASP-Java-Encoder and the OWASP-HTML-Sananetizer) that are
no-dependency drop-in single-task security libraries that are projection
I have asked the team that wants to do this to submit formal project
proposals for these, we are on it.
Sarah, I try not to bitch unless I'm willing to do something about it,
which is well underway and has been for well over a year now. My troops
have been at the border waiting to raid, but I've told them not raid in
order to give ESAPI a chance to reform. That time is over, and the the
raid is about to begin with a cry of, "FOR SECURE CODING! CHARGE".
We will submit several proposals to Samantha regarding this soon.
PS: I feel that just about any metaphor or ideal can be expressed in
youtube videos. Here you go. http://www.youtube.com/watch?v=zj_3vYo2gF0
More information about the Owasp-board