[Owasp-leaders] Naming of 'OWASP' tools

Munir Njiru munir.njiru at owasp.org
Fri Dec 4 11:44:53 UTC 2015

Personally I don't see a conflict within this. Look at it this way for new
entrant projects tagged with the prefix OWASP on tools , this enables
someone see what new projects are on OWASP frankly most people get them via
google not via the project inventory list pars'e, Plus it would be easy to
distinguish what is truly under the OWASP umbrella versus what isn't
especially when it comes to opensource tools that attempt to accomplish the

Lets use ZAP as an example at incubator stage when no one knows what tools
are free to test based on OWASP top 10 they'd google it and get the link to
it from the OWASP titles someone would then identify the project. If ZAP
for instance exits OWASP and moved to for instance ZAP foundation people
would still look for it as OWASP ZAP , however while it has a new home *"a
simple line such as ZAP formally known as OWASP ZAP....." *would suffice in
explaining the change. This also ensures that people can follow up on its
roots which is ideally a good thing.

My 2 cents.

Munir Njenga,
OWASP Chapter Leader (Kenya) || Information Security Consultant || Developer
Mob   (KE) +254 (0) 734960670

Chapter Page: www.owasp.org/index.php/Kenya
Email: munir.njiru at owasp.org
Facebook: https://www.facebook.com/OWASP.Kenya
Mailing List: https://lists.owasp.org/mailman/listinfo/owasp-Kenya

On Fri, Dec 4, 2015 at 1:18 PM, psiinon <psiinon at gmail.com> wrote:

> A couple of people have pointed out on other threads that tools shouldnt
> really call themselves "OWASP XYZ Project" as (in most cases) the tools are
> not actually owned by OWASP.
> Documentation projects are another matter, so I'm not talking about those
> here.
> And I'm definitely one of the offenders, although in my defence I thought
> renaming ZAP to "OWASP ZAP" was actually acceptable and even expected ;)
> I think its worth us discussing this subject, regardless of what route we
> take with ZAP in the future.
> Should tools (code projects?) use "OWASP" in their name?
> And I'm not talking about the rules here - the rules can be amended to
> whatever we, the OWASP community, think are appropriate.
> Should we recommend (and maybe at some point in the future require)
> projects to use phrases like:
> Name: Zed Attack Proxy (ZAP)
> ZAP is an OWASP Flagship project
> I'm sure lots of people will carry on referring to "OWASP ZAP" whatever we
> do but changing the 'official' project names and documentation is still a
> good start (in my opinion).
> Cheers,
> Simon
> --
> OWASP ZAP <https://www.owasp.org/index.php/ZAP> Project leader
> _______________________________________________
> OWASP-Leaders mailing list
> OWASP-Leaders at lists.owasp.org
> https://lists.owasp.org/mailman/listinfo/owasp-leaders
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/owasp-leaders/attachments/20151204/fb30bdbe/attachment.html>

More information about the OWASP-Leaders mailing list