[Owasp-leaders] Who founded OWASP?

Andrew Muller andrew.muller at owasp.org
Sun Sep 16 00:21:44 UTC 2012


History is great, as long as it stays where it is

On Saturday, September 15, 2012, Ludovic Petit wrote:

> Wise words Jeff.
> Let's look forward... and beyond.
> Ludovic
> Le 14 sept. 2012 23:30, "Jeff Williams" <jeff.williams at owasp.org<javascript:_e({}, 'cvml', 'jeff.williams at owasp.org');>>
> a écrit :
> Hi,
> I'm not sure the point of all this, but I have called myself an OWASP
> founder although I was not there at the absolute beginning. If anyone
> thinks that's not justified, then I'm happy to stop.  My first interaction
> was in early 2002 and soon after I contributed WebGoat. Later that year I
> wrote the first OWASP Top 10.  I also did the work to create the legal
> entity of the OWASP Foundation and get our 501c3 charitable status.
> Personally I'm much more interested in the next ten years of appsec.  We
> have *huge* challenges ahead.  Our tools are failing in the face of
> technological change.  Systems are getting more critical.  Attackers more
> organized and brazen.  It's go time.
> --Jeff
> On Thu, Sep 13, 2012 at 10:17 PM, Dennis Groves <dennis.groves at owasp.org>wrote:
> Dear Jim,
> Actually Jim there isn't any debate at all about who started OWASP with
> Mr. Curphey.
> http://web.archive.org/web/20011225110113/http://www.owasp.org/about_owasp/orgchart.shtml
> I have virtually no confusion at all. I recall it all well, and have many
> private documents to support my claims as well - I assure you. ;-)
> However, you are correct Curphey made the announcement on the 24th, after
> we spent the 23rd reviewing the announcement email - a great deal of work
> went into building the website with Kevin; along with many, many other
> things such as choosing a license, becoming a non-profit and the projects.
> In fact, this choosing an open source license and becoming a non-profit
> were major turing points for early OWASP. And are the very decisions that
> brought many others into the mix to contribute. Before that the volenteers
> were afraid that Curphey would take all the credit for their work and
> become rich of off their contributions. Indeed -  it was Jeremiah whom was
> spreading this idea through out the community and perhaps he was correct,
> and I assure you Curphey did not change his mind over night.
> Further, even after OWASP was officially formed and this non-profit status
> and open source licenses chosen, diffusing Jeremiahs claims about Curphey.
> Jeremiah did not want to be involved. Jeremiah did not see why anybody
> would give away for free what could be profited from. He thought it was a
> stupid thing to do.
> Jeremiah was certainly around - but he was definitely not an OWASP
> supporter, contributor, nor founder. Jeremiah eventually came around much,
> much later, after Stephanie joined WhiteHat in 2004, and Mark had left the
> organization. Indeed Jeremiah hated Curphey and OWASP so much that he
> started a rival group WASC.  Jeremiah was around in the early days, this
> much is true - but to say that he was a supporter, founder or contributor
> is liberally rewriting history big time.
> Cheers,
> Dennis
> Apologies to Jeremiah, whom I have great respect for. Jeremiah has gone on
> to do an enormous amount for OWASP, perhaps more than any other individual
> through his investments via WhiteHat.
> *Subject: **[Owasp-leaders] Who founded OWASP?*
> *Date: *September 13, 2012 7:34:48 PM EDT
> *To: *"owasp-leaders at lists.owasp.org" <owasp-leaders at lists.owasp.org>
> There is quite a bit of debate around who started OWASP with Mr. Curphy.
> Here is a bit of historical data around the first OWASP spark. :)
> <http://archives.neohapsis.com/archives/sf/www-mobile/2001-q3/thread.html#53>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/owasp-leaders/attachments/20120916/e9316fb4/attachment.html>

More information about the OWASP-Leaders mailing list