[Owasp-leaders] Fwd: Re: Should OWASP projects (and in particular ZAP) aim to leave the OWASP nest?

Mario Robles OWASP mario.robles at owasp.org
Wed Dec 2 14:27:57 UTC 2015


+1

At the beginning OWASP was a good home for ZAP providing a spot in the security world, a brand name from a well known organisation, right now OWASP is getting more visibility every day thanks to ZAP, in my view the focus should be “what is better for the community” instead of “what is better for OWASP”

I prefer to see ZAP growing with the support from a more mature software based open source org (resources, budget, processes) than limit or slow its progress trying to stick it into an OWASP project process that we all know it’s not working very well these days, however OWASP will always be a home for ZAP, I don’t see any reason why ZAP could break the relationship with OWASP, both can continue supporting each other in my view even if ZAP is part of another organisation

> On Dec 2, 2015, at 07:24, Dinis Cruz <dinis.cruz at owasp.org> wrote:
> 
> Small clarification, in my mind 'leaving owasp' is more like a 'child leaving home' vs a divorce
> 
> I wouldn't expect ZAP to be suddenly completely divorced from Owasp or its community. There would always be a connection and collaboration between them. I would also expect ZAP to show it's roots and connection to OWASP (especially in integrations with other Owasp projects).Simon would still be an Owasp leader
> 
> Ironically if ZAP was much widely used by developers , it would expose Owasp to a much wider audience
> 
> On 2 Dec 2015 9:38 am, "Christo" <christo.goosen at owasp.org <mailto:christo.goosen at owasp.org>> wrote:
> 
> Hi
> 
> I would hate to see the ZAP project go.
> 
> Its been one of the success stories of OWASP. Gives OWASP a lot of recognition considering how often it rates top 5 in Security scanner tool surveys.
> 
> Thanks for the hard work Simon, but you must do what is best for the project.
> 
> If possible keep it in OWASP
> 
> CG
> 
> On 02/12/2015 11:29, Jim Manico wrote:
>> Simon,
>> 
>> I am just glad that ZAP is out there in the open source world.
>> 
>> And frankly, I do not see OWASP doing a lot of support it. If you moved it to Mozilla, especially if Mozilla was willing to provide resources to continue making it stronger, I would support such a move and continue to promote it.
>> 
>> Respectfully,
>> Jim
>> 
>> 
>> On 12/2/15 11:05 AM, psiinon wrote:
>>> In a recent thread <http://lists.owasp.org/pipermail/owasp-leaders/2015-December/015726.html> Dinis stated:
>>> 
>>> "all Owasp projects should be seen as research projects. The moment they are big enough (i.e. big team, support, deliverables) and wish to move beyond the 'research label' , is the moment where they need to leave the 'Owasp nest' and face the real world by themselves"
>>> 
>>> I have a lot of sympathy for this perspective, and have indeed been wondering if now is the right time for ZAP to "go it alone".
>>> 
>>> I'd like to stress that this is not just because of recent controversies, so I'd like to discuss these as general principals rather than in relation to recent events.
>>> 
>>> I believe that OWASP has been very beneficial to ZAP, but I'm not sure that OWASP is really set up to support projects that have grown to ZAP's size.
>>> 
>>> So, the 2 questions I'd be very interested in feedback on:
>>> Should OWASP projects aim to stand on their own outside of OWASP?
>>> Is this the right time for ZAP to do so?
>>> Many thanks,
>>> 
>>> Simon
>>> 
>>> --
>>> OWASP ZAP <https://www.owasp.org/index.php/ZAP> Project leader
>>> 
>>> 
>>> _______________________________________________
>>> OWASP-Leaders mailing list
>>> OWASP-Leaders at lists.owasp.org <mailto:OWASP-Leaders at lists.owasp.org>
>>> https://lists.owasp.org/mailman/listinfo/owasp-leaders <https://lists.owasp.org/mailman/listinfo/owasp-leaders>
>> 
>> 
>> 
>> _______________________________________________
>> OWASP-Leaders mailing list
>> OWASP-Leaders at lists.owasp.org <mailto:OWASP-Leaders at lists.owasp.org>
>> https://lists.owasp.org/mailman/listinfo/owasp-leaders <https://lists.owasp.org/mailman/listinfo/owasp-leaders>
> 
> --
> <Mail Attachment.png>
> 
> Christo Goosen
> OWASP Cape Town Chapter Leader
> OWASP Foundation
> https://www.owasp.org <https://www.owasp.org/>
> 
> 
> _______________________________________________
> OWASP-Leaders mailing list
> OWASP-Leaders at lists.owasp.org <mailto:OWASP-Leaders at lists.owasp.org>
> https://lists.owasp.org/mailman/listinfo/owasp-leaders <https://lists.owasp.org/mailman/listinfo/owasp-leaders>
> 
> _______________________________________________
> OWASP-Leaders mailing list
> OWASP-Leaders at lists.owasp.org
> https://lists.owasp.org/mailman/listinfo/owasp-leaders

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/owasp-leaders/attachments/20151202/89376fe5/attachment-0001.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 496 bytes
Desc: Message signed with OpenPGP using GPGMail
URL: <http://lists.owasp.org/pipermail/owasp-leaders/attachments/20151202/89376fe5/attachment-0001.pgp>


More information about the OWASP-Leaders mailing list