[Owasp-leaders] Open Source Project Ideas

Jason Li jason.li at owasp.org
Mon Aug 29 20:59:30 EDT 2011


We were brainstorming for ideas for potential projects to look into and
reach out to.

As I have already stated in this thread, the rules for the Open Source
Showcase are explicitly clear.

Your concerns about Snort are not relevant because they did not apply for
the showcase. As I said repeatedly on this thread, had an organization that
generated some concern applied, then we would have carefully considered the
implications and ensured that the spirit of the showcase was
upheld. However, Snort did not apply to the showcase.

The application period for the showcase has closed and there should be no
further need for discussion..


On Mon, Aug 29, 2011 at 8:41 PM, Christian Heinrich <
christian.heinrich at owasp.org> wrote:

> Jason,
> On Wed, Aug 17, 2011 at 11:44 PM, Jason Li <jason.li at owasp.org> wrote:
> > However, your imaginary requests and hypothetical examples are not
> > productive. As a volunteer organization, one of the most valuable
> > commodities that OWASP has is the *time* of its volunteers. Rather than
> > spend that time dreaming up edge cases and addressing superfluous
> > hypothetical questions, our time is better spent doing something concrete
> to
> > accomplish something for OWASP and its mission.
> I take some offense to this considering I was the Organizer of
> http://www.snort.org/community/user-groups/ for both Australia and
> New Zealand and hence have insider knowledge of Sourcefire's (lack of)
> commitment to Open Source for Snort.
> Sourcefire are a VC backed commercial vendor who exploit "Open Source"
> by deliberately separating the "rules" from the "engine" and then
> require the end user to register to obtain the rules which are then
> converted into sales.  I have actually observed Sourcefire deny other
> hardware vendors access to the rules produced by Snort because the end
> user purchased better hardware produced by a competitor of Sourcefire.
> I have a number of other examples of the above but believe my point is
> made?
> I would prefer that edge cases identified by Michael Coates were
> removed as this is easier then attempting to quantify them.  However,
> if you would still like to proceed with Snort then
> http://base.secureideas.net/ or related open source community driven
> project for Snort should at least be considered over Sourefire.
> .
> On Wed, Aug 17, 2011 at 11:44 PM, Jason Li <jason.li at owasp.org> wrote:
> > As I have mentioned to you before
> > (
> https://lists.owasp.org/pipermail/global_education_committee/2011-July/000928.html
> ),
> > OWASP is an organization driven by people that *do* something.
> >
> > As others have said
> > (
> https://lists.owasp.org/pipermail/committees-chairs/2011-August/000406.html
> ),
> > the community is looking forward to seeing a positive contribution to
> These are quoted out of context considering my replies to the above
> and the thread in their entirity.
> That stated, I pride myself on identifying conflicts of interest and
> removing commercial exploitation from open source communities and
> hence have no hesitation in seeking clarification rather than
> establising a precedence due to lack of information at the time which
> favors those who might exploit OWASP.
> --
> Regards,
> Christian Heinrich
> http://www.owasp.org/index.php/user:cmlh
-------------- next part --------------
An HTML attachment was scrubbed...
URL: https://lists.owasp.org/pipermail/owasp-leaders/attachments/20110829/5035e899/attachment.html 

More information about the OWASP-Leaders mailing list