Jeff Williams jeff.williams at owasp.org
Fri Aug 21 02:32:57 EDT 2009

I think this is an excellent idea, and I've put in the request to OWASP
technical support. I'll get the data on subscribers and post it as soon as I


> -----Original Message-----
> From: owasp-esapi-bounces at lists.owasp.org [mailto:owasp-esapi-
> bounces at lists.owasp.org] On Behalf Of Roman Hustad
> Sent: Thursday, August 20, 2009 2:01 AM
> To: owasp-esapi at lists.owasp.org
> Subject: [OWASP-ESAPI] ESAPI-user and ESAPI-dev
> I would like to propose that the main ESAPI list is split into ESAPI-
> dev and ESAPI-user.
> The reason for this is that I suspect there are many lurkers on this
> list who are actually trying to implement ESAPI but don't feel
> comfortable seeking help on the list because of all the development
> chatter.  Most of you are probably familiar with this arrangement for
> other open-source projects and IMHO it works pretty well.  The simple
> fact is that there are very few posts here from the masses, and for
> ESAPI to be adopted widely we need to have a lot of volume; first so
> that there is obvious momentum - with a "tipping point" someday; and
> second to ensure that the API actually works well for most of the
> target audience in the real world.
> I say this as someone who has preached ESAPI as a security consultant
> since it was introduced, and am now implementing it on a legacy system
> back in the enterprise development world.  (More feedback to come as
> our project progresses.)  I want ESAPI to succeed!
> As a data point for consideration, perhaps the list owner would be
> willing to share the current number of subscribers for the existing
> ESAPI lists.  This level of transparency was well received on the SC-L
> list recently.
> Thanks for your consideration of the idea,
> Roman Hustad
> _______________________________________________
> OWASP-ESAPI mailing list
> OWASP-ESAPI at lists.owasp.org
> https://lists.owasp.org/mailman/listinfo/owasp-esapi

More information about the OWASP-ESAPI mailing list