[Owasp-leaders] Fwd: Re: Should OWASP projects (and in particular ZAP) aim to leave the OWASP nest?

Dinis Cruz dinis.cruz at owasp.org
Thu Dec 3 17:19:44 UTC 2015


It doesn't need to be at Mozilla

It could be at the ZAP Foundation :)
On 3 Dec 2015 12:26 am, "Jim Manico" <jim.manico at owasp.org> wrote:

> Yes, right on Dinis.
>
> Mozilla has a lot more money, developers, global branding and other
> support staff to help make ZAP even better and more widely distributed.
>
> I just think that getting ZAP in the hands of MANY more people is much
> more important than keeping it at OWASP.
>
> Now, I see efforts to increase project maturity at OWASP. If that
> continues, then we may have a different tale to tell. But right now OWASP
> does not provide a great deal of support for ZAP in terms of fostering a
> production quality product. Mozilla and Apache are more aligned for those
> efforts.
>
> Aloha,
> Jim
>
> On 12/2/15 3:24 PM, Dinis Cruz wrote:
>
> Small clarification, in my mind 'leaving owasp' is more like a 'child
> leaving home' vs a divorce
>
> I wouldn't expect ZAP to be suddenly completely divorced from Owasp or its
> community. There would always be a connection and collaboration between
> them. I would also expect ZAP to show it's roots and connection to OWASP
> (especially in integrations with other Owasp projects).Simon would still be
> an Owasp leader
>
> Ironically if ZAP was much widely used by developers , it would expose
> Owasp to a much wider audience
> On 2 Dec 2015 9:38 am, "Christo" <christo.goosen at owasp.org> wrote:
>
>>
>> Hi
>>
>> I would hate to see the ZAP project go.
>>
>> Its been one of the success stories of OWASP. Gives OWASP a lot of
>> recognition considering how often it rates top 5 in Security scanner tool
>> surveys.
>>
>> Thanks for the hard work Simon, but you must do what is best for the
>> project.
>>
>> If possible keep it in OWASP
>>
>> CG
>>
>> On 02/12/2015 11:29, Jim Manico wrote:
>>
>> Simon,
>>
>> I am just glad that ZAP is out there in the open source world.
>>
>> And frankly, I do not see OWASP doing a lot of support it. If you moved
>> it to Mozilla, especially if Mozilla was willing to provide resources to
>> continue making it stronger, I would support such a move and continue to
>> promote it.
>>
>> Respectfully,
>> Jim
>>
>>
>> On 12/2/15 11:05 AM, psiinon wrote:
>>
>> In a recent thread
>> <http://lists.owasp.org/pipermail/owasp-leaders/2015-December/015726.html>
>> Dinis stated:
>>
>> "all Owasp projects should be seen as research projects. The moment they
>> are big enough (i.e. big team, support, deliverables) and wish to move
>> beyond the 'research label' , is the moment where they need to leave the
>> 'Owasp nest' and face the real world by themselves"
>>
>> I have a lot of sympathy for this perspective, and have indeed been
>> wondering if now is the right time for ZAP to "go it alone".
>>
>> I'd like to stress that this is not just because of recent controversies,
>> so I'd like to discuss these as general principals rather than in relation
>> to recent events.
>>
>> I believe that OWASP has been very beneficial to ZAP, but I'm not sure
>> that OWASP is really set up to support projects that have grown to ZAP's
>> size.
>>
>> So, the 2 questions I'd be very interested in feedback on:
>>
>>    - Should OWASP projects aim to stand on their own outside of OWASP?
>>    - Is this the right time for ZAP to do so?
>>
>> Many thanks,
>>
>> Simon
>>
>> --
>> OWASP ZAP <https://www.owasp.org/index.php/ZAP> Project leader
>>
>>
>> _______________________________________________
>> OWASP-Leaders mailing listOWASP-Leaders at lists.owasp.orghttps://lists.owasp.org/mailman/listinfo/owasp-leaders
>>
>>
>>
>>
>> _______________________________________________
>> OWASP-Leaders mailing listOWASP-Leaders at lists.owasp.orghttps://lists.owasp.org/mailman/listinfo/owasp-leaders
>>
>>
>> --
>> [image: OWASP Logo]
>>
>>
>> Christo Goosen
>> OWASP Cape Town Chapter Leader
>> OWASP Foundationhttps://www.owasp.org
>>
>>
>>
>>
>> _______________________________________________
>> OWASP-Leaders mailing list
>> OWASP-Leaders at lists.owasp.org
>> https://lists.owasp.org/mailman/listinfo/owasp-leaders
>>
>>
>
> _______________________________________________
> OWASP-Leaders mailing listOWASP-Leaders at lists.owasp.orghttps://lists.owasp.org/mailman/listinfo/owasp-leaders
>
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/owasp-leaders/attachments/20151203/e52c2b02/attachment-0001.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: image/png
Size: 331357 bytes
Desc: not available
URL: <http://lists.owasp.org/pipermail/owasp-leaders/attachments/20151203/e52c2b02/attachment-0001.png>


More information about the OWASP-Leaders mailing list