<html>
<head>
<meta http-equiv="content-type" content="text/html; charset=ISO-8859-1">
</head>
<body bgcolor="#FFFFFF" text="#000000">
This makes me very sad.<br>
<br>
<u>Flagship Code Projects</u><br>
<br>
* OWASP AntiSamy Project < Abandoned, had to pay someone to
update the wiki, not project leads. Roadmap is from 2011, no
updates, etc.<br>
<br>
* OWASP Enterprise Security API < Abandoned, wiki out of date,
old template, no code changes, we paid good money to have a
codeathon in NYC and got... nothing.<br>
<br>
* WASP CSRFGuard Project < Somewhat being maintained, abandoned
by author but picked up by another leaders, but is a horrific design
and only works on the most basic of websites. This is a bad bad
design for complex web 2.0 applications (since it uses JavaScript to
inject tokes into the DOM which is fraught with error). <br>
<br>
* OWASP ModSecurity Core Rule Set Project < Awesome updates,
wiki updated by project owner,
<a class="moz-txt-link-freetext"
href="https://www.owasp.org/index.php/Category:OWASP_ModSecurity_Core_Rule_Set_Project">https://www.owasp.org/index.php/Category:OWASP_ModSecurity_Core_Rule_Set_Project</a><br>
<br>
I've been helping manage several production quality, highly scalable
secure coding components (that were written by PhD level software
engineers) and I'm sad to see them still stuck in incubator. We
also have projects like Dependency Check that are incredibly
fantastic tools, still stuck in incubator.<br>
<br>
Samantha has been working hard on this, but every time I see our
project list it really upsets me because when dev folks really try
to use these components; it's so far from production quality that it
makes us look really bad. No wonder we can't really get developers
to be a part of our community or use our stuff.<br>
<br>
I am sure I will get flack for this, but I stand by my opinions that
this is something that is critical to fix at OWASP. I was recently
trying to get a software company to be the first top tier corporate
sponsor, but as part of this, they looked at our flagship projects
and wiki, saw how crusty they both were, and said "no way". Sad.<br>
<br>
- Jim<br>
</body>
</html>