[Owasp-board] Let the ESAPI raid on code begin

Jim Manico jim.manico at owasp.org
Sat Mar 29 06:26:55 UTC 2014


Sarah,

The other thing I'm working on with a few folks is to begin a raid on 
ESAPI Java for gold. (ie: valuable code).

We are going to create several smaller projects that are NOT under the 
ESAPI banner and make them stand-alone projects (like the 
OWASP-Java-Encoder and the OWASP-HTML-Sananetizer) that are 
no-dependency drop-in single-task security libraries that are projection 
quality.

I have asked the team that wants to do this to submit formal project 
proposals for these, we are on it.

Sarah, I try not to bitch unless I'm willing to do something about it, 
which is well underway and has been for well over a year now. My troops 
have been at the border waiting to raid, but I've told them not raid in 
order to give ESAPI a chance to reform. That time is over, and the the 
raid is about to begin with a cry of, "FOR SECURE CODING! CHARGE"[1].

We will submit several proposals to Samantha regarding this soon.

Thank you.
- Jim

PS: I feel that just about any metaphor or ideal can be expressed in 
youtube videos. Here you go. http://www.youtube.com/watch?v=zj_3vYo2gF0






More information about the Owasp-board mailing list