[Owasp-leaders] Publishing project

psiinon psiinon at gmail.com
Sat Oct 4 10:47:45 UTC 2014

Hi Nikola,

OWASP is an extremely decentralized organization: as a project leader you
can and should do whatever you think is necessary for your project
(including releasing it) without asking for permission.
So go for it :)

My take on it is that OWASP projects are open source projects that have
aligned themselves with OWASP.
OWASP has accepted your project as one that is appropriate and suitable for
the organization.

You can do anything you like with your project, including removing it from
OWASP can likewise decide that your project is no longer suitable and also
remove it from OWASP. Its not a common occurrence, but it can happen.
OWASP cannot remove you as project leader from your project - it does not
have that 'right'.

If you are about to do something that you think is potentially
controversial then I'd recommend asking for advice and feedback from fellow
leaders, either on this list or specific individuals you trust.
Or you can decide that its easier to ask for forgiveness rather than
permission ;)

If you are seen to be leading your project badly then 'normal' open source
conventions apply: you with find it increasingly hard to attract and retain
both contributors and users.
And your project could be forked by anyone else, OWASP member or not.
In theory this fork could in time be accepted as an OWASP project.

OK, that was all off topic ;)

A slightly more relevant topic is how to publicize your releases.
I would definitely recommend posting again to this list.
However I'm not sure on how suitable this list is for publicizing _every_
I tend to post about 'major' ZAP releases here, but not bugfix releases.I
do the same on BugTraq <http://www.securityfocus.com/archive/1>.
I always tweet about every release, and its always worth posting to
I always used to post to http://freecode.com/ but thats no longer being
maintained :(
Can anyone else recommend any other good options?



On Sat, Oct 4, 2014 at 10:07 AM, Nikola Milosevic <
nikola.milosevic at owasp.org> wrote:

> Hello Leaders,
> I would like to ask a simple question. Is there any procedure about
> publishing OWASP projects for the first time?
> During the Google Summer of Code, we kinda crafted the first version on
> OWASP Seraphimdroid (
> https://www.owasp.org/index.php/OWASP_SeraphimDroid_Project), which is
> android project focused on user privacy mainly, but also has some security
> and educational aspects. I would like to publish current version on Google
> play. May I just do it or should someone approve it?
> Pozdrav/Best regards,
> Nikola Milošević
> OWASP Seraphimdroid project leader
> nikola.milosevic at owasp.org
> OWASP - Open Web Application Security Project
> <https://www.owasp.org/index.php/Main_Page>
> OWASP Seraphimdroid Project
> <https://www.owasp.org/index.php/OWASP_SeraphimDroid_Project>
> _______________________________________________
> OWASP-Leaders mailing list
> OWASP-Leaders at lists.owasp.org
> https://lists.owasp.org/mailman/listinfo/owasp-leaders

OWASP ZAP <https://www.owasp.org/index.php/ZAP> Project leader
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/owasp-leaders/attachments/20141004/6f8d854a/attachment.html>

More information about the OWASP-Leaders mailing list