[Owasp-leaders] Open Source Project Ideas

Jason Li jason.li at owasp.org
Wed Aug 17 09:44:54 EDT 2011


Christian,

It's really not that complicated.

The showcase is to highlight open source projects. Therefore, the primary
question is whether the project source is available under an open source
license? As far as I know, Burp is closed source and not available under an
open source license.

As I have already said, if a specific organization is concerned about their
eligibility, they are welcome to seek clarification about their specific
situation. We will be happy to address any such requests from an interested
organization or project.

However, your imaginary requests and hypothetical examples are not
productive. As a volunteer organization, one of the most valuable
commodities that OWASP has is the *time* of its volunteers. Rather than
spend that time dreaming up edge cases and addressing superfluous
hypothetical questions, our time is better spent doing something concrete to
accomplish something for OWASP and its mission.

As I have mentioned to you before (
https://lists.owasp.org/pipermail/global_education_committee/2011-July/000928.html),
OWASP is an organization driven by people that *do* something.

As others have said (
https://lists.owasp.org/pipermail/committees-chairs/2011-August/000406.html),
the community is looking forward to seeing a positive contribution to OWASP.

-Jason

On Wed, Aug 17, 2011 at 1:53 AM, Christian Heinrich <
christian.heinrich at owasp.org> wrote:

> Jason,
>
> So for example then it would/won't be possible for Dafydd to showcase
>
> http://blog.portswigger.net/2011/06/burp-suite-free-edition-v14-released.html
> because this is *not* a common open source license, rather
> http://portswigger.net/burp/tc-free.html ?
>
> The above is an example only and I am not implying that Dafydd intends
> to submit or has submitted for the showcase.
>
> On Wed, Aug 17, 2011 at 1:49 PM, Jason Li <jason.li at owasp.org> wrote:
> > Christian,
> >
> > The showcase guidelines are written here:
> > http://www.appsecusa.org/oss.html
> >
> > Any open source project is free to submit their project for
> consideration.
> >
> > As is always the case in such situations, if a particular organization
> > is concerned about their eligibility, they are welcome to seek
> > clarification about their specific situation.
> >
> > -Jason
> >
> > On Tue, Aug 16, 2011 at 7:52 PM, Christian Heinrich
> > <christian.heinrich at owasp.org> wrote:
> >> Jason,
> >>
> >> It might be worth defining the criteria first.
> >>
> >> For instance, Snort is a (paid) subscription based model i.e.
> >> http://www.snort.org/snort-rules/ and is this therefore acceptable?
> >>
> >> 2011/8/8 Jason Li <jason.li at owasp.org>:
> >>> Looking for projects that want to have a booth (showcase) in the open
> source
> >>> section of the conference.
> >>> -Jason
> >>>
> >>> On Aug 7, 2011, at 10:38 AM, mark curphey <mark at curphey.com> wrote:
> >>>
> >>> Are you looking to invite projects to the showcase or to speak? If it's
> the
> >>> latter (and while not part of the core project) Brian Sullivan (ex
> >>> Spi-Dynamics, ex MSFT, now Adobe) has some great work starting to do
> the
> >>> rounds on NoSQL where he walks through the security issues of Hadoop,
> >>> Cassandra, MondoDB etc. Very topical stuff for big data …..
> >>>
> >>> On Aug 5, 2011, at 4:48 PM, Jason Li wrote:
> >>>
> >>> All,
> >>> As you already know, we are hosting an Open Source Projects Showcase at
> >>> AppSec USA 2011 (http://appsecusa.org/oss.html).
> >>> In addition to OWASP Projects, we would like to reach out to projects
> >>> outside of OWASP. Based on the talk tracks, we should try and invite
> open
> >>> source projects in those spaces.
> >>> I'm not an expert on each of these track topics, so I was hoping some
> folks
> >>> would chime in with some ideas (or connections):
> >>> New Attacks & Defenses: Snort? Wireshark?
> >>> Cloud Security: Apache Hadoop? OpenStack? Nimbus? Eucalyptus?
> OpenNebula?
> >>> Reservoir Framework?
> >>> Mobile Security: Android? MeeGo?
> >>> Software & Architecture Patterns for Security: Spring Security? Apache
> >>> Struts? Hibernate Validator?
> >>> Secure SDLC: JUnit? Confluence? Secure CI?
> >>> Software Assurance: FindBugz? Checkstyle? Sonar? FxCop? PMD?
> >>> Does anyone have any thoughts on the above of any other suggestions?
> >>> -Jason
> >>> _______________________________________________
> >>> OWASP-Leaders mailing list
> >>> OWASP-Leaders at lists.owasp.org
> >>> https://lists.owasp.org/mailman/listinfo/owasp-leaders
> >>>
> >>>
> >>> _______________________________________________
> >>> OWASP-Leaders mailing list
> >>> OWASP-Leaders at lists.owasp.org
> >>> https://lists.owasp.org/mailman/listinfo/owasp-leaders
> >>>
> >>>
> >>
> >>
> >>
> >> --
> >> Regards,
> >> Christian Heinrich
> >> http://www.owasp.org/index.php/user:cmlh
> >>
> >
>
>
>
> --
> Regards,
> Christian Heinrich
> http://www.owasp.org/index.php/user:cmlh
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: https://lists.owasp.org/pipermail/owasp-leaders/attachments/20110817/767b8d57/attachment.html 


More information about the OWASP-Leaders mailing list