[Owasp-leaders] Poor crypto code in OWASP phpsec hurts our reputation

Abbas Naderi abiusx at owasp.org
Wed Nov 25 18:20:32 UTC 2015


They are trying to troll the project.
Read the thread at https://github.com/OWASP/phpsec/issues/108#issuecomment-159676446 <https://github.com/OWASP/phpsec/issues/108#issuecomment-159676446> to realize that.
We have provided ample opportunity for them to contribute, fix, or help the project.
All they want is to take the project down, which I obviously refuse.

I don’t think it really hurts OWASP reputation. If anyone delves into the technical discussions that would be apparent.
Regards
-Abbas

> On Nov 25, 2015, at 1:17 PM, johanna curiel curiel <johanna.curiel at owasp.org> wrote:
> 
> Hi Erlend
> 
> We are aware of the issues and remediation is underway ;-)
> 
> regards
> 
> Johanna
> 
> On Wed, Nov 25, 2015 at 1:54 PM, Jim Manico <jim.manico at owasp.org <mailto:jim.manico at owasp.org>> wrote:
> Yup, it's bad.
> 
> Johanna Curiel and Claudia are leading the charge here. They are in the process of fully removing the project from GitHub. As in, right now…
> 
> - Jim
> 
> 
> 
> On 11/25/15 7:50 PM, erlend.oftedal at owasp.org <mailto:erlend.oftedal at owasp.org> wrote:
>> Hi
>> 
>> See https://twitter.com/voodooKobra/status/669537889500311553 <https://twitter.com/voodooKobra/status/669537889500311553> and the link in that message. 
>> 
>> According to the OWASP website the project is inactive, yet contributions are made on github, and there are no signs of the project status on github.
>> The crypto code is bad, as voodooKobra rightly points out. With a known key and iv, this encryption is useless.
>> And the code is referenced from stackoverflow++.
>> 
>> When deactivating a project we need to make sure the deactivation is clearly visble on github as well.
>> 
>> Best regards
>> Erlend Oftedal
>> OWASP Norway
>> @webtonull
>> 
>> 
>> _______________________________________________
>> OWASP-Leaders mailing list
>> OWASP-Leaders at lists.owasp.org <mailto:OWASP-Leaders at lists.owasp.org>
>> https://lists.owasp.org/mailman/listinfo/owasp-leaders <https://lists.owasp.org/mailman/listinfo/owasp-leaders>
> 
> 
> _______________________________________________
> OWASP-Leaders mailing list
> OWASP-Leaders at lists.owasp.org <mailto:OWASP-Leaders at lists.owasp.org>
> https://lists.owasp.org/mailman/listinfo/owasp-leaders <https://lists.owasp.org/mailman/listinfo/owasp-leaders>
> 
> 
> _______________________________________________
> OWASP-Leaders mailing list
> OWASP-Leaders at lists.owasp.org
> https://lists.owasp.org/mailman/listinfo/owasp-leaders

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/owasp-leaders/attachments/20151125/01e350d4/attachment.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 3571 bytes
Desc: not available
URL: <http://lists.owasp.org/pipermail/owasp-leaders/attachments/20151125/01e350d4/attachment.bin>


More information about the OWASP-Leaders mailing list