[Owasp-testing] Flagship Project Status

Yvan Boily yvanboily at gmail.com
Sun Jun 8 06:13:00 UTC 2014

Paros was retired by the dev team in favour of a commercial product
(milescan iirc).  The sourceforge page shows that the code hasn't been
updated in many, many years.

You haven't explained how people working at an open source browser company
that ships free software presents a conflict of interest to working in
volunteer role.

Why are you attacking people who have made positive contributions, why are
you attempting to damage their reputations, and how is this not a violation
of the code of ethics?

You really should take some time to put together a coherent response to
this, because otherwise my next step will be to collect the evidence to
back my concerns, and then file a complaint with the board about your
abusive behaviour.

On Sat, Jun 7, 2014 at 4:59 PM, Christian Heinrich <
christian.heinrich at cmlh.id.au> wrote:

> Simon,
> No offence but I have to correct your record.
> You promoted ZAP to OWASP as a web proxy intended for developers and
> not webappsec professionals and your subsequent development has
> focused on features for the webappsec end user.  For comparison
> purposes http://www.charlesproxy.com/ development has continued to
> focus on web application developers.
> I would assume that Paros had no end users and that its developer(s)
> either didn't respond or refused to accept your patches (I am not sure
> of the exact background) because they no longer wanted to maintain
> Paros.  Furthermore, a majority of WebScarab end users where
> transiting http://portswigger.net/burp/ which has a modest fee to
> support its development.
> Paros has the worst UI have ever seen and ZAP has not improved on the
> UI after I tried it based on the recommendation of "The Testicles"
> i.e. https://twitter.com/search?f=realtime&q=sergicles%20ZAP&src=typd
> Your promotion of ZAP on mailing lists not hosted by OWASP appears to
> the public that WebScarab that it is no longer being developed and is
> therefore devalued.
> Both you and Michael (OWASP Chair) work[ed] at Mozilla and this is a
> conflict of interest.  Also, Paul Theriaut (Mozilla) wanted to present
> ZAP during the very unsuccessful relaunch of the OWASP Sydney,
> Australia Chapter, of which he is also one of the [chapter] leaders
> of.
> Those are the facts as I understand them, please let me know if I am
> incorrect?
> On Sat, Jun 7, 2014 at 7:34 PM, psiinon <psiinon at gmail.com> wrote:
> > On the contrary, I was very aware of WebScarab and its importance to
> > at the time - I half expected my application for ZAP to become an OWASP
> > project to be rejected due to the clear overlap with WebScarab.
> > I wanted to create a powerful but easy to use security tool for
> developers,
> > and I seriously considered using WebScarab as the basis for that tool.
> > However while WebScarab had much more of the functionality that I wanted
> > than Paros did, I found WebScarab very complicated and unintuitive.
> > I decided that I would rather add functionality to Paros than try to make
> > WebScarab easier to use, and I've not regretted that decision :)
> >
> > I do agree that OWASP has not been very effective at promoting any of its
> > projects, including ZAP.
> > However I'm not going to point fingers at any individuals.
> > OWASP is primarily a volunteer organization, and its up to all of us to
> > address issues that we are concerned with.
> > While I think OWASP could do a better job of promoting all of its
> projects I
> > dont have any big ideas how that could be achieved - marketing is not my
> > area of expertise ;)
> > I dont like criticizing unless I can offer constructive alternatives.
> --
> Regards,
> Christian Heinrich
> http://cmlh.id.au/contact
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/owasp-testing/attachments/20140607/30f4c646/attachment-0001.html>

More information about the Owasp-testing mailing list