[Owasp-leaders] Naming of 'OWASP' tools
dinis.cruz at owasp.org
Fri Dec 4 13:51:19 UTC 2015
That is less of a problem if all OWASP projects are seen as research
Then the dropping of the Owasp part of the name could be part of the
project's maturity and evolution
And btw, I don't expect that projects that evolve beyond Owasp to have no
ties (and cross links) with Owasp
Even in the scenario where ZAP has its own website and non-owasp name, I
would still expect the Owasp home page (and projects page) to link to ZAP
On 4 Dec 2015 11:47 am, "Munir Njiru" <munir.njiru at owasp.org> wrote:
> Personally I don't see a conflict within this. Look at it this way for new
> entrant projects tagged with the prefix OWASP on tools , this enables
> someone see what new projects are on OWASP frankly most people get them via
> google not via the project inventory list pars'e, Plus it would be easy to
> distinguish what is truly under the OWASP umbrella versus what isn't
> especially when it comes to opensource tools that attempt to accomplish the
> Lets use ZAP as an example at incubator stage when no one knows what tools
> are free to test based on OWASP top 10 they'd google it and get the link to
> it from the OWASP titles someone would then identify the project. If ZAP
> for instance exits OWASP and moved to for instance ZAP foundation people
> would still look for it as OWASP ZAP , however while it has a new home *"a
> simple line such as ZAP formally known as OWASP ZAP....." *would suffice
> in explaining the change. This also ensures that people can follow up on
> its roots which is ideally a good thing.
> My 2 cents.
> Munir Njenga,
> OWASP Chapter Leader (Kenya) || Information Security Consultant ||
> Mob (KE) +254 (0) 734960670
> Chapter Page: www.owasp.org/index.php/Kenya
> Email: munir.njiru at owasp.org
> Facebook: https://www.facebook.com/OWASP.Kenya
> Mailing List: https://lists.owasp.org/mailman/listinfo/owasp-Kenya
> On Fri, Dec 4, 2015 at 1:18 PM, psiinon <psiinon at gmail.com> wrote:
>> A couple of people have pointed out on other threads that tools shouldnt
>> really call themselves "OWASP XYZ Project" as (in most cases) the tools are
>> not actually owned by OWASP.
>> Documentation projects are another matter, so I'm not talking about those
>> And I'm definitely one of the offenders, although in my defence I thought
>> renaming ZAP to "OWASP ZAP" was actually acceptable and even expected ;)
>> I think its worth us discussing this subject, regardless of what route we
>> take with ZAP in the future.
>> Should tools (code projects?) use "OWASP" in their name?
>> And I'm not talking about the rules here - the rules can be amended to
>> whatever we, the OWASP community, think are appropriate.
>> Should we recommend (and maybe at some point in the future require)
>> projects to use phrases like:
>> Name: Zed Attack Proxy (ZAP)
>> ZAP is an OWASP Flagship project
>> I'm sure lots of people will carry on referring to "OWASP ZAP" whatever
>> we do but changing the 'official' project names and documentation is still
>> a good start (in my opinion).
>> OWASP ZAP <https://www.owasp.org/index.php/ZAP> Project leader
>> OWASP-Leaders mailing list
>> OWASP-Leaders at lists.owasp.org
> OWASP-Leaders mailing list
> OWASP-Leaders at lists.owasp.org
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the OWASP-Leaders