[Owasp-leaders] Fwd: Is it feasible to have an OWASP project that is a web application?

Mike Goodwin mike.goodwin at owasp.org
Wed Mar 25 15:21:40 UTC 2015

Hello all,

All the OWASP projects I have looked at are either

   - Media projects (e.g. ASVS), or
   - Locally installed tools (e.g. ZAP)

Is it feasible do you think to have a project that is a web application? I
am thinking about a collaborative threat modelling tool. It feels like it
should be a web application rather than an installed application.

It seems like the cost of operating a secure multi-user web app with all
the hosting, backup, availability and security responsibilities that come
along with that would make it infeasible for an organisation like OWASP.

On the other hand, it seems odd that an organisation that is about web
applications does not run any (other than the OWASP web site, obviously).

Thoughts welcome...

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/owasp-leaders/attachments/20150325/fe5c5f7c/attachment.html>

More information about the OWASP-Leaders mailing list