[Owasp-leaders] Who founded OWASP?

Jeff Williams jeff.williams at owasp.org
Fri Sep 14 21:30:14 UTC 2012


Hi,

I'm not sure the point of all this, but I have called myself an OWASP
founder although I was not there at the absolute beginning. If anyone
thinks that's not justified, then I'm happy to stop.  My first interaction
was in early 2002 and soon after I contributed WebGoat. Later that year I
wrote the first OWASP Top 10.  I also did the work to create the legal
entity of the OWASP Foundation and get our 501c3 charitable status.

Personally I'm much more interested in the next ten years of appsec.  We
have *huge* challenges ahead.  Our tools are failing in the face of
technological change.  Systems are getting more critical.  Attackers more
organized and brazen.  It's go time.

--Jeff



On Thu, Sep 13, 2012 at 10:17 PM, Dennis Groves <dennis.groves at owasp.org>wrote:

> Dear Jim,
>
> Actually Jim there isn't any debate at all about who started OWASP with
> Mr. Curphey.
>
>
> http://web.archive.org/web/20011225110113/http://www.owasp.org/about_owasp/orgchart.shtml
>
> I have virtually no confusion at all. I recall it all well, and have many
> private documents to support my claims as well - I assure you. ;-)
>
> However, you are correct Curphey made the announcement on the 24th, after
> we spent the 23rd reviewing the announcement email - a great deal of work
> went into building the website with Kevin; along with many, many other
> things such as choosing a license, becoming a non-profit and the projects.
>
> In fact, this choosing an open source license and becoming a non-profit
> were major turing points for early OWASP. And are the very decisions that
> brought many others into the mix to contribute. Before that the volenteers
> were afraid that Curphey would take all the credit for their work and
> become rich of off their contributions. Indeed -  it was Jeremiah whom was
> spreading this idea through out the community and perhaps he was correct,
> and I assure you Curphey did not change his mind over night.
>
> Further, even after OWASP was officially formed and this non-profit status
> and open source licenses chosen, diffusing Jeremiahs claims about Curphey.
> Jeremiah did not want to be involved. Jeremiah did not see why anybody
> would give away for free what could be profited from. He thought it was a
> stupid thing to do.
>
> Jeremiah was certainly around - but he was definitely not an OWASP
> supporter, contributor, nor founder. Jeremiah eventually came around much,
> much later, after Stephanie joined WhiteHat in 2004, and Mark had left the
> organization. Indeed Jeremiah hated Curphey and OWASP so much that he
> started a rival group WASC.  Jeremiah was around in the early days, this
> much is true - but to say that he was a supporter, founder or contributor
> is liberally rewriting history big time.
>
> Cheers,
>
> Dennis
>
> Apologies to Jeremiah, whom I have great respect for. Jeremiah has gone on
> to do an enormous amount for OWASP, perhaps more than any other individual
> through his investments via WhiteHat.
>
>
> *Subject: **[Owasp-leaders] Who founded OWASP?*
> *Date: *September 13, 2012 7:34:48 PM EDT
> *To: *"owasp-leaders at lists.owasp.org" <owasp-leaders at lists.owasp.org>
>
> There is quite a bit of debate around who started OWASP with Mr. Curphy.
>
> Here is a bit of historical data around the first OWASP spark. :)
>
> http://archives.neohapsis.com/archives/sf/www-mobile/2001-q3/thread.html#53
>
> You'll see no mention of it beforehand.
>
> Here is the first public mention of "OWASP" and its original projects:
> http://archives.neohapsis.com/archives/sf/www-mobile/2001-q3/0109.html
>
> For your historical amusement,
>
> --
> Jim Manico
> OWASP Volunteer/Historian
> (808) 652-3805
>  _______________________________________________
> OWASP-Leaders mailing list
> OWASP-Leaders at lists.owasp.org
> https://lists.owasp.org/mailman/listinfo/owasp-leaders
>
>
>
>
> --
> --
> Dennis Groves <http://about.me/dennis.groves>, MSc
> dennis.groves at owasp.org
>
>  <http://www.owasp.org/>
>
> *This work is licensed under the Creative Commons
> Attribution-NonCommercial-NoDerivs 3.0 Unported License. To view a copy of
> this license, visit http://creativecommons.org/licenses/by-nc-nd/3.0/ or
> send a letter to Creative Commons, 444 Castro Street, Suite 900, Mountain
> View, California, 94041, USA.*
>
>
> _______________________________________________
> OWASP-Leaders mailing list
> OWASP-Leaders at lists.owasp.org
> https://lists.owasp.org/mailman/listinfo/owasp-leaders
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/owasp-leaders/attachments/20120914/37ed3939/attachment.html>


More information about the OWASP-Leaders mailing list