[Owasp-leaders] Should OWASP projects (and in particular ZAP) aim to leave the OWASP nest?

psiinon psiinon at gmail.com
Wed Dec 2 09:05:41 UTC 2015

In a recent thread
Dinis stated:

"all Owasp projects should be seen as research projects. The moment they
are big enough (i.e. big team, support, deliverables) and wish to move
beyond the 'research label' , is the moment where they need to leave the
'Owasp nest' and face the real world by themselves"

I have a lot of sympathy for this perspective, and have indeed been
wondering if now is the right time for ZAP to "go it alone".

I'd like to stress that this is not just because of recent controversies,
so I'd like to discuss these as general principals rather than in relation
to recent events.

I believe that OWASP has been very beneficial to ZAP, but I'm not sure that
OWASP is really set up to support projects that have grown to ZAP's size.

So, the 2 questions I'd be very interested in feedback on:

   - Should OWASP projects aim to stand on their own outside of OWASP?
   - Is this the right time for ZAP to do so?

Many thanks,


OWASP ZAP <https://www.owasp.org/index.php/ZAP> Project leader
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/owasp-leaders/attachments/20151202/367204fc/attachment.html>

More information about the OWASP-Leaders mailing list