[Owasp-testing] Flagship Project Status

Christian Heinrich christian.heinrich at cmlh.id.au
Sun Jun 1 11:33:00 UTC 2014


I'll review a sample of the [review] notes of Rick Mitchell against
the standard set for Flagship status and I provide an independent
opinion if it should be upheld or not.

I don't believe it should be removed by default.

On Sun, Jun 1, 2014 at 12:49 PM, Jim Manico <jim.manico at owasp.org> wrote:
> Christian,
> All flagships were demoted, give us a few days and the board will send
> out a formal notice... I certainly think the testing guide should
> reapply for flagship status - it's AWESOME and is certainly of very
> high quality!!!
> Aloha Christian,
> --
> Jim Manico
> @Manicode
> (808) 652-3805
>> On May 31, 2014, at 3:38 PM, Christian Heinrich <christian.heinrich at cmlh.id.au> wrote:
>> Jim,
>> I note that you have removed the listing of the OWASP Testing Guide as
>> a Flagship Project without telling the Project Leaders beforehand i.e.
>> http://lists.owasp.org/pipermail/owasp-board/2014-May/013789.html ?
>> Based on your own admission to me that your agenda and ulterior motive
>> is nothing more than to attack Aspect Security as a disgruntled former
>> employee and to remove the competition of ESAPI to your own alternate
>> OWASP project (which in my opinion is a conflict of interest for an
>> OWASP Board Member) As far as I am aware the Testing Guide has little
>> to do with Aspect Security, aside from their Risk Rating Methodology
>> which I believe will not included in the upcoming v4 release.
>> It should be noted that you also protested my removal of the OWASP
>> Risk Rating Methodology from the Testing Guide because in my own
>> experience in dealing with you I hold the opinion that your a
>> "turncoat".
>> I will also remind the OWASP Board of
>> https://www.owasp.org/index.php/OWASP_Inquiries/Google_Hacking_Project
>> the fact that everyone considered it poor conduct to inflict on a
>> volunteer to remove my from both the OWASP Leaders List and mark by
>> Project without notice or supporting evidence for that matter.  I do
>> not want to see this happen to other Project Leaders who volunteer to
>> support OWASP.
>> Since the next release of the OWASP Testing Guide is imminent, can I
>> request that this project maintain its Flagship Status?  If not, can
>> the OWASP Project Reviewer(s) please indicate what the OWASP Testing
>> Guide lack to maintain their flagship status?
>> I urge you to reconsider this poor decision.
>> --
>> Regards,
>> Christian Heinrich
>> http://cmlh.id.au/contact

Christian Heinrich


More information about the Owasp-testing mailing list