[Owasp-leaders] Fwd: Is it feasible to have an OWASP project that is a web application?
jim.manico at owasp.org
Wed Mar 25 15:27:14 UTC 2015
Several of our products are web applications. Take WebGoat - a purposely
insecure application for education.
Keep in mind that all OWASP projects must be under an open source license.
So if you want to drive a project that includes a live website for some
reason, all code that drives it must be open source in order for it to be
an OWASP project.
On Mar 25, 2015, at 9:23 AM, Mike Goodwin <mike.goodwin at owasp.org> wrote:
All the OWASP projects I have looked at are either
- Media projects (e.g. ASVS), or
- Locally installed tools (e.g. ZAP)
Is it feasible do you think to have a project that is a web application? I
am thinking about a collaborative threat modelling tool. It feels like it
should be a web application rather than an installed application.
It seems like the cost of operating a secure multi-user web app with all
the hosting, backup, availability and security responsibilities that come
along with that would make it infeasible for an organisation like OWASP.
On the other hand, it seems odd that an organisation that is about web
applications does not run any (other than the OWASP web site, obviously).
OWASP-Leaders mailing list
OWASP-Leaders at lists.owasp.org
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the OWASP-Leaders