[OWASP-ESAPI] Congratulations

Andrew van der Stock vanderaj at owasp.org
Fri Nov 7 22:00:53 EST 2008

Hi Sebastian,

Jeff Williams is the architect of ESAPI, and he's in Portugal now.  
Hopefully, he can elucidate what's coming down the pipeline.

As for fixes for 1.4.1, I'm half way through fixing the remaining test  
failures, and then I'm going to start fixing all the TODOs in the  
code. I'm about to add a bunch of core TODOs that should be fixed  
before the next dot release. I don't have a release schedule for 1.4.1.

I'm also working with Kuai and hopefully others on the PHP version.  
We'll be trying to reach near feature parity by 1.6. There will most  
likely be a subset of functions (validator, encoder,  
AccessReferenceMap, and a few other key classes) soon, with more in  
the 1.5 time frame, with 1.6 implementing User, AccessControl, and  
Authenticator. Further releases will most likely push further to try  
and do the filters, but as that's more than three releases away, I  
will not promise anything.


On Nov 7, 2008, at 9:22 AM, Sebastian Kübeck wrote:

> I don't know if that is the right way to do it but anyway:
> congratulations to that great project!
> To be honest: I have been looking for a project like this for a couple
> of years now. In desperation, I had to implement a great deal of this
> functionality on my own and it would have saved me and my clients  
> allot
> of hard work if it had been there before.
> So thanks allot in the name of all developers out there struggling to
> get security done and in the name of all security experts having a  
> hard
> time helping companies to secure their applications!
> Best regards,
> Sebastian Kübeck
> BTW: Do you have a public TODO list with items you intend to implement
> in the near future?
> _______________________________________________
> OWASP-ESAPI mailing list
> OWASP-ESAPI at lists.owasp.org
> https://lists.owasp.org/mailman/listinfo/owasp-esapi

Andrew van der Stock
Lead Author, OWASP Guide and OWASP Top 10

More information about the OWASP-ESAPI mailing list