[Owasp-leaders] ESAPI, money and changing OWASP for the better

Jim Manico jim.manico at owasp.org
Sun Jan 9 13:11:33 EST 2011

Hello Leaders,


I would like to see ESAPI reach production status and soon. If we compare
ESAPI to other production quality libraries, ESAPI falls short, especially
when it comes to usable documentation.


Writing useful documentation is painful time-consuming work. And more
documentation is just *one* thing we need at ESAPI to make it *truly*
production quality. The documentation efforts to date have been wrapped
around ASVS which developers frankly do not care about. The documentation we
need is more about how to use ESAPI, not why it's cool. 


I'd like to see ESAPI get a full time employee; as well as professional
(paid) technical documentation expert resources. The volunteers of ESAPI do,
and should do, what interests them.  That does not always translate into
what needs to be done. Combine some paid resources who do the "necessities"
with the volunteer group - and we have a winning combination that pushes us
towards real production ESAPI fast.  There are many open source projects
which have this same model.


A sharp full-time ESAPI employee of OWASP would have positive effects on the
industry and help us reach developers more.


So what I'm looking for is a major sea change for OWASP around FTE's; as
well as a big budget (200k USD or more per year) for ESAPI.


I think we should ripple this idea to other key projects as well.


OWASP is at a tipping point. There are barbarians at the gate, and key OWASP
volunteers are starting to get flat out angry at some of the leadership
communication. And frankly, I don't want to blame anyone. We are all
volunteers and have limited resources to run this organization.


The solution, in my mind, is to bring on more full time employees.  And not
more admin; we need technical employees running projects. It will quickly
help OWASP turn into a more polished, professional, and production quality
organization. This is something that world at large desperately needs. 


So hey friend, can you spare 200kUSD for ESAPI, per year?



Jim Manico


-------------- next part --------------
An HTML attachment was scrubbed...
URL: https://lists.owasp.org/pipermail/owasp-leaders/attachments/20110109/3eff61b0/attachment.html 

More information about the OWASP-Leaders mailing list