[Owasp-leaders] Open Source Project Ideas

Christian Heinrich christian.heinrich at owasp.org
Mon Aug 29 20:41:39 EDT 2011


On Wed, Aug 17, 2011 at 11:44 PM, Jason Li <jason.li at owasp.org> wrote:
> However, your imaginary requests and hypothetical examples are not
> productive. As a volunteer organization, one of the most valuable
> commodities that OWASP has is the *time* of its volunteers. Rather than
> spend that time dreaming up edge cases and addressing superfluous
> hypothetical questions, our time is better spent doing something concrete to
> accomplish something for OWASP and its mission.

I take some offense to this considering I was the Organizer of
http://www.snort.org/community/user-groups/ for both Australia and
New Zealand and hence have insider knowledge of Sourcefire's (lack of)
commitment to Open Source for Snort.

Sourcefire are a VC backed commercial vendor who exploit "Open Source"
by deliberately separating the "rules" from the "engine" and then
require the end user to register to obtain the rules which are then
converted into sales.  I have actually observed Sourcefire deny other
hardware vendors access to the rules produced by Snort because the end
user purchased better hardware produced by a competitor of Sourcefire.

I have a number of other examples of the above but believe my point is made?

I would prefer that edge cases identified by Michael Coates were
removed as this is easier then attempting to quantify them.  However,
if you would still like to proceed with Snort then
http://base.secureideas.net/ or related open source community driven
project for Snort should at least be considered over Sourefire.
On Wed, Aug 17, 2011 at 11:44 PM, Jason Li <jason.li at owasp.org> wrote:
> As I have mentioned to you before
> (https://lists.owasp.org/pipermail/global_education_committee/2011-July/000928.html),
> OWASP is an organization driven by people that *do* something.
> As others have said
> (https://lists.owasp.org/pipermail/committees-chairs/2011-August/000406.html),
> the community is looking forward to seeing a positive contribution to OWASP.

These are quoted out of context considering my replies to the above
and the thread in their entirity.

That stated, I pride myself on identifying conflicts of interest and
removing commercial exploitation from open source communities and
hence have no hesitation in seeking clarification rather than
establising a precedence due to lack of information at the time which
favors those who might exploit OWASP.

Christian Heinrich

More information about the OWASP-Leaders mailing list