[Owasp-testing] Flagship Project Status

Jim Manico jim.manico at owasp.org
Sun Jun 1 19:18:16 UTC 2014

I personally agree that the testing guide is of flagship caliber. We
(the board) decided to drop all flagship projects down one notch to
"labs status" and ask that they all reapply for status. Here is text
that I proposed for the announcement; I'm waiting for board approval.


I can understand your concern here Christian. Heck, I even had a
project that I was managing demoted because it was not active.... I am
trying to be fair.

I'll rally the board and get
pushed to the community sooner than later.

Jim Manico
(808) 652-3805

> On Jun 1, 2014, at 1:33 AM, Christian Heinrich <christian.heinrich at cmlh.id.au> wrote:
> Jim,
> I'll review a sample of the [review] notes of Rick Mitchell against
> the standard set for Flagship status and I provide an independent
> opinion if it should be upheld or not.
> I don't believe it should be removed by default.
>> On Sun, Jun 1, 2014 at 12:49 PM, Jim Manico <jim.manico at owasp.org> wrote:
>> Christian,
>> All flagships were demoted, give us a few days and the board will send
>> out a formal notice... I certainly think the testing guide should
>> reapply for flagship status - it's AWESOME and is certainly of very
>> high quality!!!
>> Aloha Christian,
>> --
>> Jim Manico
>> @Manicode
>> (808) 652-3805
>>> On May 31, 2014, at 3:38 PM, Christian Heinrich <christian.heinrich at cmlh.id.au> wrote:
>>> Jim,
>>> I note that you have removed the listing of the OWASP Testing Guide as
>>> a Flagship Project without telling the Project Leaders beforehand i.e.
>>> http://lists.owasp.org/pipermail/owasp-board/2014-May/013789.html ?
>>> Based on your own admission to me that your agenda and ulterior motive
>>> is nothing more than to attack Aspect Security as a disgruntled former
>>> employee and to remove the competition of ESAPI to your own alternate
>>> OWASP project (which in my opinion is a conflict of interest for an
>>> OWASP Board Member) As far as I am aware the Testing Guide has little
>>> to do with Aspect Security, aside from their Risk Rating Methodology
>>> which I believe will not included in the upcoming v4 release.
>>> It should be noted that you also protested my removal of the OWASP
>>> Risk Rating Methodology from the Testing Guide because in my own
>>> experience in dealing with you I hold the opinion that your a
>>> "turncoat".
>>> I will also remind the OWASP Board of
>>> https://www.owasp.org/index.php/OWASP_Inquiries/Google_Hacking_Project
>>> the fact that everyone considered it poor conduct to inflict on a
>>> volunteer to remove my from both the OWASP Leaders List and mark by
>>> Project without notice or supporting evidence for that matter.  I do
>>> not want to see this happen to other Project Leaders who volunteer to
>>> support OWASP.
>>> Since the next release of the OWASP Testing Guide is imminent, can I
>>> request that this project maintain its Flagship Status?  If not, can
>>> the OWASP Project Reviewer(s) please indicate what the OWASP Testing
>>> Guide lack to maintain their flagship status?
>>> I urge you to reconsider this poor decision.
>>> --
>>> Regards,
>>> Christian Heinrich
>>> http://cmlh.id.au/contact
> --
> Regards,
> Christian Heinrich
> http://cmlh.id.au/contact

More information about the Owasp-testing mailing list