[Owasp-leaders] Who founded OWASP?

Ludovic Petit ludovic.petit at owasp.org
Sat Sep 15 08:42:09 UTC 2012


Wise words Jeff.

Let's look forward... and beyond.

Ludovic
Le 14 sept. 2012 23:30, "Jeff Williams" <jeff.williams at owasp.org> a écrit :

> Hi,
>
> I'm not sure the point of all this, but I have called myself an OWASP
> founder although I was not there at the absolute beginning. If anyone
> thinks that's not justified, then I'm happy to stop.  My first interaction
> was in early 2002 and soon after I contributed WebGoat. Later that year I
> wrote the first OWASP Top 10.  I also did the work to create the legal
> entity of the OWASP Foundation and get our 501c3 charitable status.
>
> Personally I'm much more interested in the next ten years of appsec.  We
> have *huge* challenges ahead.  Our tools are failing in the face of
> technological change.  Systems are getting more critical.  Attackers more
> organized and brazen.  It's go time.
>
> --Jeff
>
>
>
> On Thu, Sep 13, 2012 at 10:17 PM, Dennis Groves <dennis.groves at owasp.org>wrote:
>
>> Dear Jim,
>>
>> Actually Jim there isn't any debate at all about who started OWASP with
>> Mr. Curphey.
>>
>>
>> http://web.archive.org/web/20011225110113/http://www.owasp.org/about_owasp/orgchart.shtml
>>
>> I have virtually no confusion at all. I recall it all well, and have many
>> private documents to support my claims as well - I assure you. ;-)
>>
>> However, you are correct Curphey made the announcement on the 24th, after
>> we spent the 23rd reviewing the announcement email - a great deal of work
>> went into building the website with Kevin; along with many, many other
>> things such as choosing a license, becoming a non-profit and the projects.
>>
>> In fact, this choosing an open source license and becoming a non-profit
>> were major turing points for early OWASP. And are the very decisions that
>> brought many others into the mix to contribute. Before that the volenteers
>> were afraid that Curphey would take all the credit for their work and
>> become rich of off their contributions. Indeed -  it was Jeremiah whom was
>> spreading this idea through out the community and perhaps he was correct,
>> and I assure you Curphey did not change his mind over night.
>>
>> Further, even after OWASP was officially formed and this non-profit
>> status and open source licenses chosen, diffusing Jeremiahs claims about
>> Curphey. Jeremiah did not want to be involved. Jeremiah did not see why
>> anybody would give away for free what could be profited from. He thought it
>> was a stupid thing to do.
>>
>> Jeremiah was certainly around - but he was definitely not an OWASP
>> supporter, contributor, nor founder. Jeremiah eventually came around much,
>> much later, after Stephanie joined WhiteHat in 2004, and Mark had left the
>> organization. Indeed Jeremiah hated Curphey and OWASP so much that he
>> started a rival group WASC.  Jeremiah was around in the early days, this
>> much is true - but to say that he was a supporter, founder or contributor
>> is liberally rewriting history big time.
>>
>> Cheers,
>>
>> Dennis
>>
>> Apologies to Jeremiah, whom I have great respect for. Jeremiah has gone
>> on to do an enormous amount for OWASP, perhaps more than any other
>> individual through his investments via WhiteHat.
>>
>>
>> *Subject: **[Owasp-leaders] Who founded OWASP?*
>> *Date: *September 13, 2012 7:34:48 PM EDT
>> *To: *"owasp-leaders at lists.owasp.org" <owasp-leaders at lists.owasp.org>
>>
>> There is quite a bit of debate around who started OWASP with Mr. Curphy.
>>
>> Here is a bit of historical data around the first OWASP spark. :)
>>
>>
>> http://archives.neohapsis.com/archives/sf/www-mobile/2001-q3/thread.html#53
>>
>> You'll see no mention of it beforehand.
>>
>> Here is the first public mention of "OWASP" and its original projects:
>> http://archives.neohapsis.com/archives/sf/www-mobile/2001-q3/0109.html
>>
>> For your historical amusement,
>>
>> --
>> Jim Manico
>> OWASP Volunteer/Historian
>> (808) 652-3805
>>  _______________________________________________
>> OWASP-Leaders mailing list
>> OWASP-Leaders at lists.owasp.org
>> https://lists.owasp.org/mailman/listinfo/owasp-leaders
>>
>>
>>
>>
>> --
>> --
>> Dennis Groves <http://about.me/dennis.groves>, MSc
>> dennis.groves at owasp.org
>>
>>  <http://www.owasp.org/>
>>
>> *This work is licensed under the Creative Commons
>> Attribution-NonCommercial-NoDerivs 3.0 Unported License. To view a copy of
>> this license, visit http://creativecommons.org/licenses/by-nc-nd/3.0/ or
>> send a letter to Creative Commons, 444 Castro Street, Suite 900, Mountain
>> View, California, 94041, USA.*
>>
>>
>> _______________________________________________
>> OWASP-Leaders mailing list
>> OWASP-Leaders at lists.owasp.org
>> https://lists.owasp.org/mailman/listinfo/owasp-leaders
>>
>>
>
> _______________________________________________
> OWASP-Leaders mailing list
> OWASP-Leaders at lists.owasp.org
> https://lists.owasp.org/mailman/listinfo/owasp-leaders
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/owasp-leaders/attachments/20120915/56d79958/attachment-0001.html>


More information about the OWASP-Leaders mailing list