[Owasp-leaders] Who founded OWASP?

Dennis Groves dennis.groves at owasp.org
Fri Sep 14 02:17:19 UTC 2012

Dear Jim,

Actually Jim there isn't any debate at all about who started OWASP with Mr.


I have virtually no confusion at all. I recall it all well, and have many
private documents to support my claims as well - I assure you. ;-)

However, you are correct Curphey made the announcement on the 24th, after
we spent the 23rd reviewing the announcement email - a great deal of work
went into building the website with Kevin; along with many, many other
things such as choosing a license, becoming a non-profit and the projects.

In fact, this choosing an open source license and becoming a non-profit
were major turing points for early OWASP. And are the very decisions that
brought many others into the mix to contribute. Before that the volenteers
were afraid that Curphey would take all the credit for their work and
become rich of off their contributions. Indeed -  it was Jeremiah whom was
spreading this idea through out the community and perhaps he was correct,
and I assure you Curphey did not change his mind over night.

Further, even after OWASP was officially formed and this non-profit status
and open source licenses chosen, diffusing Jeremiahs claims about Curphey.
Jeremiah did not want to be involved. Jeremiah did not see why anybody
would give away for free what could be profited from. He thought it was a
stupid thing to do.

Jeremiah was certainly around - but he was definitely not an OWASP
supporter, contributor, nor founder. Jeremiah eventually came around much,
much later, after Stephanie joined WhiteHat in 2004, and Mark had left the
organization. Indeed Jeremiah hated Curphey and OWASP so much that he
started a rival group WASC.  Jeremiah was around in the early days, this
much is true - but to say that he was a supporter, founder or contributor
is liberally rewriting history big time.



Apologies to Jeremiah, whom I have great respect for. Jeremiah has gone on
to do an enormous amount for OWASP, perhaps more than any other individual
through his investments via WhiteHat.

*Subject: **[Owasp-leaders] Who founded OWASP?*
*Date: *September 13, 2012 7:34:48 PM EDT
*To: *"owasp-leaders at lists.owasp.org" <owasp-leaders at lists.owasp.org>

There is quite a bit of debate around who started OWASP with Mr. Curphy.

Here is a bit of historical data around the first OWASP spark. :)


You'll see no mention of it beforehand.

Here is the first public mention of "OWASP" and its original projects:

For your historical amusement,

Jim Manico
OWASP Volunteer/Historian
(808) 652-3805
OWASP-Leaders mailing list
OWASP-Leaders at lists.owasp.org

Dennis Groves <http://about.me/dennis.groves>, MSc
dennis.groves at owasp.org


*This work is licensed under the Creative Commons
Attribution-NonCommercial-NoDerivs 3.0 Unported License. To view a copy of
this license, visit http://creativecommons.org/licenses/by-nc-nd/3.0/ or
send a letter to Creative Commons, 444 Castro Street, Suite 900, Mountain
View, California, 94041, USA.*
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/owasp-leaders/attachments/20120914/a7ee360e/attachment.html>

More information about the OWASP-Leaders mailing list