[Owasp-leaders] Fwd: Re: Should OWASP projects (and in particular ZAP) aim to leave the OWASP nest?

Jim Manico jim.manico at owasp.org
Thu Dec 3 00:26:51 UTC 2015


Yes, right on Dinis.

Mozilla has a lot more money, developers, global branding and other 
support staff to help make ZAP even better and more widely distributed.

I just think that getting ZAP in the hands of MANY more people is much 
more important than keeping it at OWASP.

Now, I see efforts to increase project maturity at OWASP. If that 
continues, then we may have a different tale to tell. But right now 
OWASP does not provide a great deal of support for ZAP in terms of 
fostering a production quality product. Mozilla and Apache are more 
aligned for those efforts.

Aloha,
Jim

On 12/2/15 3:24 PM, Dinis Cruz wrote:
>
> Small clarification, in my mind 'leaving owasp' is more like a 'child 
> leaving home' vs a divorce
>
> I wouldn't expect ZAP to be suddenly completely divorced from Owasp or 
> its community. There would always be a connection and collaboration 
> between them. I would also expect ZAP to show it's roots and 
> connection to OWASP (especially in integrations with other Owasp 
> projects).Simon would still be an Owasp leader
>
> Ironically if ZAP was much widely used by developers , it would expose 
> Owasp to a much wider audience
>
> On 2 Dec 2015 9:38 am, "Christo" <christo.goosen at owasp.org 
> <mailto:christo.goosen at owasp.org>> wrote:
>
>
>     Hi
>
>     I would hate to see the ZAP project go.
>
>     Its been one of the success stories of OWASP. Gives OWASP a lot of
>     recognition considering how often it rates top 5 in Security
>     scanner tool surveys.
>
>     Thanks for the hard work Simon, but you must do what is best for
>     the project.
>
>     If possible keep it in OWASP
>
>     CG
>
>     On 02/12/2015 11:29, Jim Manico wrote:
>>     Simon,
>>
>>     I am just glad that ZAP is out there in the open source world.
>>
>>     And frankly, I do not see OWASP doing a lot of support it. If you
>>     moved it to Mozilla, especially if Mozilla was willing to provide
>>     resources to continue making it stronger, I would support such a
>>     move and continue to promote it.
>>
>>     Respectfully,
>>     Jim
>>
>>
>>     On 12/2/15 11:05 AM, psiinon wrote:
>>>     In a recent thread
>>>     <http://lists.owasp.org/pipermail/owasp-leaders/2015-December/015726.html>
>>>     Dinis stated:
>>>
>>>     "all Owasp projects should be seen as research projects. The
>>>     moment they are big enough (i.e. big team, support,
>>>     deliverables) and wish to move beyond the 'research label' , is
>>>     the moment where they need to leave the 'Owasp nest' and face
>>>     the real world by themselves"
>>>
>>>     I have a lot of sympathy for this perspective, and have indeed
>>>     been wondering if now is the right time for ZAP to "go it alone".
>>>
>>>     I'd like to stress that this is not just because of recent
>>>     controversies, so I'd like to discuss these as general
>>>     principals rather than in relation to recent events.
>>>
>>>     I believe that OWASP has been very beneficial to ZAP, but I'm
>>>     not sure that OWASP is really set up to support projects that
>>>     have grown to ZAP's size.
>>>
>>>     So, the 2 questions I'd be very interested in feedback on:
>>>
>>>       * Should OWASP projects aim to stand on their own outside of
>>>         OWASP?
>>>       * Is this the right time for ZAP to do so?
>>>
>>>     Many thanks,
>>>
>>>     Simon
>>>
>>>     -- 
>>>     OWASP ZAP <https://www.owasp.org/index.php/ZAP> Project leader
>>>
>>>
>>>     _______________________________________________
>>>     OWASP-Leaders mailing list
>>>     OWASP-Leaders at lists.owasp.org <mailto:OWASP-Leaders at lists.owasp.org>
>>>     https://lists.owasp.org/mailman/listinfo/owasp-leaders
>>
>>
>>
>>     _______________________________________________
>>     OWASP-Leaders mailing list
>>     OWASP-Leaders at lists.owasp.org <mailto:OWASP-Leaders at lists.owasp.org>
>>     https://lists.owasp.org/mailman/listinfo/owasp-leaders
>
>     -- 
>     OWASP Logo
>
>       
>     Christo Goosen
>     OWASP Cape Town Chapter Leader
>     OWASP Foundation
>     https://www.owasp.org
>
>
>
>
>     _______________________________________________
>     OWASP-Leaders mailing list
>     OWASP-Leaders at lists.owasp.org <mailto:OWASP-Leaders at lists.owasp.org>
>     https://lists.owasp.org/mailman/listinfo/owasp-leaders
>
>
>
> _______________________________________________
> OWASP-Leaders mailing list
> OWASP-Leaders at lists.owasp.org
> https://lists.owasp.org/mailman/listinfo/owasp-leaders

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/owasp-leaders/attachments/20151203/8c985ac9/attachment-0001.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: image/png
Size: 331357 bytes
Desc: not available
URL: <http://lists.owasp.org/pipermail/owasp-leaders/attachments/20151203/8c985ac9/attachment-0001.png>


More information about the OWASP-Leaders mailing list