[Owasp-leaders] Naming of 'OWASP' tools

Dinis Cruz dinis.cruz at owasp.org
Fri Dec 4 13:51:19 UTC 2015


That is less of a problem if all OWASP projects are seen as research
projects

Then the dropping of the Owasp part of the name could be part of the
project's maturity and evolution

And btw, I don't expect that projects that evolve beyond Owasp to have no
ties (and cross links) with Owasp

Even in the scenario where ZAP has its own website and non-owasp name, I
would still expect the Owasp home page (and projects page) to link to ZAP
Foundation's website
On 4 Dec 2015 11:47 am, "Munir Njiru" <munir.njiru at owasp.org> wrote:

> Personally I don't see a conflict within this. Look at it this way for new
> entrant projects tagged with the prefix OWASP on tools , this enables
> someone see what new projects are on OWASP frankly most people get them via
> google not via the project inventory list pars'e, Plus it would be easy to
> distinguish what is truly under the OWASP umbrella versus what isn't
> especially when it comes to opensource tools that attempt to accomplish the
> same.
>
> Lets use ZAP as an example at incubator stage when no one knows what tools
> are free to test based on OWASP top 10 they'd google it and get the link to
> it from the OWASP titles someone would then identify the project. If ZAP
> for instance exits OWASP and moved to for instance ZAP foundation people
> would still look for it as OWASP ZAP , however while it has a new home *"a
> simple line such as ZAP formally known as OWASP ZAP....." *would suffice
> in explaining the change. This also ensures that people can follow up on
> its roots which is ideally a good thing.
>
> My 2 cents.
>
> Munir Njenga,
> OWASP Chapter Leader (Kenya) || Information Security Consultant ||
> Developer
> Mob   (KE) +254 (0) 734960670
>
> =============================
> Chapter Page: www.owasp.org/index.php/Kenya
> Email: munir.njiru at owasp.org
> Facebook: https://www.facebook.com/OWASP.Kenya
> Mailing List: https://lists.owasp.org/mailman/listinfo/owasp-Kenya
>
>
> On Fri, Dec 4, 2015 at 1:18 PM, psiinon <psiinon at gmail.com> wrote:
>
>> A couple of people have pointed out on other threads that tools shouldnt
>> really call themselves "OWASP XYZ Project" as (in most cases) the tools are
>> not actually owned by OWASP.
>> Documentation projects are another matter, so I'm not talking about those
>> here.
>>
>> And I'm definitely one of the offenders, although in my defence I thought
>> renaming ZAP to "OWASP ZAP" was actually acceptable and even expected ;)
>>
>> I think its worth us discussing this subject, regardless of what route we
>> take with ZAP in the future.
>>
>> Should tools (code projects?) use "OWASP" in their name?
>> And I'm not talking about the rules here - the rules can be amended to
>> whatever we, the OWASP community, think are appropriate.
>>
>> Should we recommend (and maybe at some point in the future require)
>> projects to use phrases like:
>>
>> Name: Zed Attack Proxy (ZAP)
>> ZAP is an OWASP Flagship project
>>
>> I'm sure lots of people will carry on referring to "OWASP ZAP" whatever
>> we do but changing the 'official' project names and documentation is still
>> a good start (in my opinion).
>>
>> Cheers,
>>
>> Simon
>>
>> --
>> OWASP ZAP <https://www.owasp.org/index.php/ZAP> Project leader
>>
>> _______________________________________________
>> OWASP-Leaders mailing list
>> OWASP-Leaders at lists.owasp.org
>> https://lists.owasp.org/mailman/listinfo/owasp-leaders
>>
>>
>
> _______________________________________________
> OWASP-Leaders mailing list
> OWASP-Leaders at lists.owasp.org
> https://lists.owasp.org/mailman/listinfo/owasp-leaders
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/owasp-leaders/attachments/20151204/6c86687b/attachment.html>


More information about the OWASP-Leaders mailing list