[Owasp-leaders] Poor crypto code in OWASP phpsec hurts our reputation

johanna curiel curiel johanna.curiel at owasp.org
Wed Nov 25 18:17:02 UTC 2015


Hi Erlend

We are aware of the issues and remediation is underway ;-)

regards

Johanna

On Wed, Nov 25, 2015 at 1:54 PM, Jim Manico <jim.manico at owasp.org> wrote:

> Yup, it's bad.
>
> Johanna Curiel and Claudia are leading the charge here. They are in the
> process of fully removing the project from GitHub. As in, right now…
>
> - Jim
>
>
>
> On 11/25/15 7:50 PM, erlend.oftedal at owasp.org wrote:
>
> Hi
>
> See https://twitter.com/voodooKobra/status/669537889500311553 and the
> link in that message.
>
> According to the OWASP website the project is inactive, yet contributions
> are made on github, and there are no signs of the project status on github.
> The crypto code is bad, as voodooKobra rightly points out. With a known
> key and iv, this encryption is useless.
> And the code is referenced from stackoverflow++.
>
> When deactivating a project we need to make sure the deactivation is
> clearly visble on github as well.
>
> Best regards
> Erlend Oftedal
> OWASP Norway
> @webtonull
>
>
> _______________________________________________
> OWASP-Leaders mailing listOWASP-Leaders at lists.owasp.orghttps://lists.owasp.org/mailman/listinfo/owasp-leaders
>
>
>
> _______________________________________________
> OWASP-Leaders mailing list
> OWASP-Leaders at lists.owasp.org
> https://lists.owasp.org/mailman/listinfo/owasp-leaders
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/owasp-leaders/attachments/20151125/c13a210c/attachment.html>


More information about the OWASP-Leaders mailing list