[Owasp-leaders] Fwd: Getting in touch with the leader ?

Jim Manico jim.manico at owasp.org
Thu Mar 28 18:32:52 UTC 2013


Chris,

I agree that ESAPI is not dead, and I'm eager to see you and others return to actively working on the project.

But I do objectively feel that it's not a release quality project and I no longer recommend that organizations use it. I think it's a great research project, but other projects trump ESAPI in terms of quality and activity like I mentioned earlier.

1) The singleton is a fundamental design flaw and needs to be removed
2) The project has a large number of active bugs, many of these are VERY significant https://code.google.com/p/owasp-esapi-java/issues/list
3) There has not been major coding activity on ESAPI for Java since July 2012.

When these things change, I'll change my tune.

- Jim

> Sebastian and all -
> 
> While we try to monitor what is happening on the list all the time, understandably we all get busy from time to time. That being said, the ESAPI project is far from dead. Sebastian, feel free to contact Jeff and Myself off-list and we would be more than happy to address any questions that you have! Thanks!
> 
> ~Chris
> 
> From: Samantha Groves <samantha.groves at owasp.org<mailto:samantha.groves at owasp.org>>
> Date: Thursday, March 28, 2013 11:10 AM
> To: Konstantinos Papapanagiotou <Konstantinos at owasp.org<mailto:Konstantinos at owasp.org>>
> Cc: "spyrosgaster at gmail.com<mailto:spyrosgaster at gmail.com>" <spyrosgaster at gmail.com<mailto:spyrosgaster at gmail.com>>, Leaders <owasp-leaders at lists.owasp.org<mailto:owasp-leaders at lists.owasp.org>>
> Subject: Re: [Owasp-leaders] Fwd: Getting in touch with the leader ?
> 
> Agreed.
> 
> Can I get a list of names of the individuals actively contributing to this project. I need to update our records.
> 
> Additionally, I need someone to volunteer to manage requests and questions that come into the ESAPI mailing list. Please message me if you are interested. This person will be responsible for answering questions, and liaising between contributors and the community.
> 
> Thank you, Leaders.
> 
> Sam G.
> 
> On Thu, Mar 28, 2013 at 4:47 PM, Konstantinos Papapanagiotou <Konstantinos at owasp.org<mailto:Konstantinos at owasp.org>> wrote:
> All,
> 
> Spyros (cc-ed as he's not on the leaders list) is also already working on an ESAPI for PHP rewrite and actually a few days ago also tried to get in touch with someone on the ESAPI mailing lists.
> Since apparently people are working on it we should have some kind of co-ordination.
> 
> Kostas
> 
> 
> On Thursday, March 28, 2013, Abbas Naderi wrote:
> Hello
> We're doing some PHP security project, which would hopefully result in a rewrite of ESAPI. the current ESAPI PHP is 100% against PHP programming values.
> Thanks
> -Abbas
> On ۸ فروردین ۱۳۹۲, at ۱۷:۴۷, Samantha Groves <samantha.groves at owasp.org> wrote:
> 
> Hello All,
> 
> Chris Schmidt & Kevin Wall are both co-leading this project at the moment. A few months ago, we put together a proposal for funding from the DHS that included a management and technical management roadmap that we submitted for funding. We have been waiting for a decision.
> 
> I have just gotten word from DHS that funding for their programs has now been approved for 2013. The last I heard is that our ESAPI Project proposal was in round two of reviews. In answer to your questions, ESAPI is not dead, we were just placed at a halt after our proposal was submitted to DHS.
> 
> I hope this clears thing up. Let me know if you have questions, concerns, etc.
> 
> Cheers now, All.
> 
> SG
> 
> On Thu, Mar 28, 2013 at 11:27 AM, vanderaj vanderaj <vanderaj at owasp.org> wrote:
> I thought that Chris Schmidt had taken over the helm of ESAPI?
> 
> thanks,
> Andrew
> 
> 
> On Thu, Mar 28, 2013 at 9:11 PM, Sebastien Gioria <sebastien.gioria at owasp.org> wrote:
> No news from anyone ? Is ESAPI dev definitively dead ?
> 
> I'm in touch with a new potential big corporate member who has
> integrate ESAPI in his product and have problem. Any value for them
> before making they membership could be the OWASP capacity to be in
> touch with the leader of the ESAPI Java.
> 
> We (France) are in touch with them to Host the First OWASP France Day
> and many more other opportunity.
> 
> It's really a big reference for OWASP if we have it.
> 
> Thanks.
> 
> 
> ---------- Forwarded message ----------
> From: Sebastien Gioria <sebastien.gioria at owasp.org>
> Date: 2013/3/26
> Subject: Getting in touch with the leader ?
> To: owasp-esapi-dev <owasp-esapi-dev at owasp.org>
> Cc : Jeff Williams <jeff.williams at owasp.org>
> 
> 
> Hi guys,
> 
> I'm not sure Jeff is always the leader of the JavaEE ESAPI project,
> and I need to be in touch with the leader of the project for some
> related presentations and experiences exchange with a big french
> company.
> 
> Thanks in advance
> 
> 
> --
> OWASP French Chapter Leader
> GSM: +33 6 70 59 11 44
> 
> 
> --
> OWASP French Chapter Leader
> GSM: +33 6 70 59 11 44
> _______________________________________________
> OWASP-Leaders mailing list
> OWASP-Leaders at lists.owasp.org
> https://lists.owasp.org/mailman/listinfo/owasp-leaders
> 
> 
> _______________________________________________
> OWASP-Leaders mailing list
> OWASP-Leaders at lists.owasp.org
> https://lists.owasp.org/mailman/listinfo/owasp-leaders
> 
> 
> 
> 
> --
> Samantha Groves, MBA
> OWASP Project Manager
> 
> The OWASP Foundation
> 
> 
> 
> --
> 
> Samantha Groves, MBA
> 
> OWASP Project Manager
> 
> 
> The OWASP Foundation
> 
> Lisbon, Portugal
> 
> Email: samantha.groves at owasp.org<mailto:samantha.groves at owasp.org>
> 
> Skype: samanthahz
> 
> 
> OWASP Global Projects<https://www.owasp.org/index.php/Category:OWASP_Project>
> 
> Book a Meeting with Me<http://goo.gl/mZXdZ>
> 
> OWASP Contact US Form<http://owasp4.owasp.org/contactus.html>
> 
> New Project Application Form<https://docs.google.com/a/owasp.org/spreadsheet/viewform?formkey=dHZfWGhHZ0Z4UFFwZU42djBXcVVLSlE6MQ#gid=0>
> 
> 
> 
> 
> _______________________________________________
> OWASP-Leaders mailing list
> OWASP-Leaders at lists.owasp.org
> https://lists.owasp.org/mailman/listinfo/owasp-leaders
> 



More information about the OWASP-Leaders mailing list