[OWASP-TESTING] Re: [Owasp-dotnet] Farewell OWASP, take care!

keremkusmezer keremkusmezer at superonline.com
Thu Nov 25 18:08:58 EST 2004

Farewell Mark, you inputs wont be be forgotten.
We will miss you :(

----- Original Message ----- 
From: "Mark Curphey" <mark at curphey.com>
To: <owasp-dotnet at lists.sourceforge.net>; 
<owasp-leaders at lists.sourceforge.net>; <owasp-guide at lists.sourceforge.net>; 
<owasp-testing at lists.sourceforge.net>; 
<owasp-chapters at lists.sourceforge.net>; 
<owasp-advisors at lists.sourcforge.net>; 
<owasp-metrics-request at lists.sourceforge.net>; <ingo at ingostruck.de>; 
<alex at netwindows.org>; <dendler at tippingpoint.com>; <jermey at poteet.com>; 
<admin at mokshafaced.com>; <david.raphael at ceterum.net>
Sent: Wednesday, December 22, 2004 4:51 AM
Subject: [Owasp-dotnet] Farewell OWASP, take care!


Its with a degree of sadness that I have decided to leave the OWASP project
behind and move on to pastures new. This decision has been a long time
coming and not something I have decided to do without a lot of thought. When
we started it in 2000 I had no idea I would become so attached to this
virtual community. I really have.

Sadly my naïve vision of the utopian dream of lots of people coming together
and working in collaboration to build cool software and documentation just
hasn't materialized the way I had hoped. I have actually become very
disillusioned with open source projects and simply feel my ever increasingly
limited time is best spent in other directions in which I personally get
more fulfillment and less frustration. At this point of my game I think the
majority of people want free software and not open source; a sad conclusion
that's debatable but I think true. I wanted to produce high quality
documents and software and lots of it. Like Renuad Derason of Nessus fame I
am bitterly disappointed at the amount of people that take and don't give
back to the community and as a consequence things just don't seem to have
been moving in a positive direction at a pace I am comfortable with. For
OWASP the model was broken. We hear of companies having based commercial
policies on OWASP Guides and using the portal for Intranets, but we never
hear from them. I really believe that OWASP still has the potential to have
a huge impact on the web application security world but suspect it needs to
dramatically re-group and re-organize to achieve that goal. I know Jeff has
started that process.

I am certainly not disappearing from the software security scene, quite the
opposite. Foundstone is a phenomenal place to work and with the commercial
side of life, cool clients and interesting projects we just seem to be able
to get more fun stuff done. You will see a new project with a very different
model from OWASP (commercially backed, shared source)in the new year called
ThreatsandCountermeausures.com and lots of free software security tools from
Foundstone. These are not competitive to what OWASP is doing in anyway, just
different....and to me more rewarding at this point. I am one of those ADD
people that has to see progress every week or I get frustrated ;-) T&C by
the way was going to be an OWASP project until a radical left wing person
expressed their voice about MS and I just didn't have the appetite to deal
with it anymore. This kind of thing is not constructive and needs to be
stopped if OWASP is to grow. Dinis finds a great balance and should be an
inspiration to us all IMHO.

Like I said it is of the utmost importance that OWASP carries on to spurn
the marketing FUD from the likes of WASC and the web app firewall vendors.
The potential is huge and very important, the possibility of it failing is
not nice so I hope you folks huddle up and make it happen. I just ask one
thing please keep out the riff raff !!

I have met some people I regard as lifelong friends through OWASP. You know
who you are. Its has been a great ride. I thank you for your inspiration and
those long nights online, especially in the early days. Ingo, Alex, Endler,
Steve T, Dave, Dinis etc..I learnt a lot from you guys and everyone who has
been involved.

Anything you would have mailed me about for OWASP you can contact Jeff
Williams (jeff.williams at owasp.org)

I'll see you all at the OWASP conference in NYC which I wouldn't miss for
the world !

Have a great Christmas and a peaceful new year!


SF email is sponsored by - The IT Product Guide
Read honest & candid reviews on hundreds of IT Products from real users.
Discover which products truly live up to the hype. Start reading now.
Owasp-dotnet mailing list
Owasp-dotnet at lists.sourceforge.net

More information about the Owasp-testing mailing list