[Owasp-leaders] Who founded OWASP?
andrew.muller at owasp.org
Sun Sep 16 00:21:44 UTC 2012
History is great, as long as it stays where it is
On Saturday, September 15, 2012, Ludovic Petit wrote:
> Wise words Jeff.
> Let's look forward... and beyond.
> a écrit :
> I'm not sure the point of all this, but I have called myself an OWASP
> founder although I was not there at the absolute beginning. If anyone
> thinks that's not justified, then I'm happy to stop. My first interaction
> was in early 2002 and soon after I contributed WebGoat. Later that year I
> wrote the first OWASP Top 10. I also did the work to create the legal
> entity of the OWASP Foundation and get our 501c3 charitable status.
> Personally I'm much more interested in the next ten years of appsec. We
> have *huge* challenges ahead. Our tools are failing in the face of
> technological change. Systems are getting more critical. Attackers more
> organized and brazen. It's go time.
> On Thu, Sep 13, 2012 at 10:17 PM, Dennis Groves <dennis.groves at owasp.org>wrote:
> Dear Jim,
> Actually Jim there isn't any debate at all about who started OWASP with
> Mr. Curphey.
> I have virtually no confusion at all. I recall it all well, and have many
> private documents to support my claims as well - I assure you. ;-)
> However, you are correct Curphey made the announcement on the 24th, after
> we spent the 23rd reviewing the announcement email - a great deal of work
> went into building the website with Kevin; along with many, many other
> things such as choosing a license, becoming a non-profit and the projects.
> In fact, this choosing an open source license and becoming a non-profit
> were major turing points for early OWASP. And are the very decisions that
> brought many others into the mix to contribute. Before that the volenteers
> were afraid that Curphey would take all the credit for their work and
> become rich of off their contributions. Indeed - it was Jeremiah whom was
> spreading this idea through out the community and perhaps he was correct,
> and I assure you Curphey did not change his mind over night.
> Further, even after OWASP was officially formed and this non-profit status
> and open source licenses chosen, diffusing Jeremiahs claims about Curphey.
> Jeremiah did not want to be involved. Jeremiah did not see why anybody
> would give away for free what could be profited from. He thought it was a
> stupid thing to do.
> Jeremiah was certainly around - but he was definitely not an OWASP
> supporter, contributor, nor founder. Jeremiah eventually came around much,
> much later, after Stephanie joined WhiteHat in 2004, and Mark had left the
> organization. Indeed Jeremiah hated Curphey and OWASP so much that he
> started a rival group WASC. Jeremiah was around in the early days, this
> much is true - but to say that he was a supporter, founder or contributor
> is liberally rewriting history big time.
> Apologies to Jeremiah, whom I have great respect for. Jeremiah has gone on
> to do an enormous amount for OWASP, perhaps more than any other individual
> through his investments via WhiteHat.
> *Subject: **[Owasp-leaders] Who founded OWASP?*
> *Date: *September 13, 2012 7:34:48 PM EDT
> *To: *"owasp-leaders at lists.owasp.org" <owasp-leaders at lists.owasp.org>
> There is quite a bit of debate around who started OWASP with Mr. Curphy.
> Here is a bit of historical data around the first OWASP spark. :)
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the OWASP-Leaders