[Owasp-leaders] Poor crypto code in OWASP phpsec hurts our reputation

Jim Manico jim.manico at owasp.org
Wed Nov 25 17:54:28 UTC 2015

Yup, it's bad.

Johanna Curiel and Claudia are leading the charge here. They are in the 
process of fully removing the project from GitHub. As in, right now…

- Jim

On 11/25/15 7:50 PM, erlend.oftedal at owasp.org wrote:
> Hi
> See https://twitter.com/voodooKobra/status/669537889500311553 and the 
> link in that message.
> According to the OWASP website the project is inactive, yet 
> contributions are made on github, and there are no signs of the 
> project status on github.
> The crypto code is bad, as voodooKobra rightly points out. With a 
> known key and iv, this encryption is useless.
> And the code is referenced from stackoverflow++.
> When deactivating a project we need to make sure the deactivation is 
> clearly visble on github as well.
> Best regards
> Erlend Oftedal
> OWASP Norway
> @webtonull
> _______________________________________________
> OWASP-Leaders mailing list
> OWASP-Leaders at lists.owasp.org
> https://lists.owasp.org/mailman/listinfo/owasp-leaders

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/owasp-leaders/attachments/20151125/e38477e0/attachment-0001.html>

More information about the OWASP-Leaders mailing list