[WASC-WAFEC] Making WAFEC a joined WASC/OWASP project

Jeff Williams jeff.williams at aspectsecurity.com
Thu Nov 1 06:19:51 EDT 2012

Hi Ofer,

Thanks for the laugh.  If OWASP can help promote WAFEC, then of course you're welcome.


On Nov 1, 2012, at 4:33 AM, "Christian Heinrich" <christian.heinrich at cmlh.id.au> wrote:

> Ofer,
> On Thu, Nov 1, 2012 at 6:14 PM, Ofer Shezaf <ofer at shezaf.com> wrote:
> > I don't think the OWASP elections are of essence in this case. Neither
> > organizations nor projects should stop due to elections, and in any case the
> > elections have taken place and the not much has changed on the board.
> The stability of the OWASP Board is of the upmost importance and their recent election is under dispute.
> However, I don't believe that a formal relationship with OWASP would provide WAFEC with any additional benefit and would greatly harm WAFEC:
> 1. Trustwave dominate the OWASP Board and have exerted the influence to manipulate various outcomes to their sole benefit e.g. https://lists.owasp.org/pipermail/committees-chairs/2011-September/000574.html
> 2. The OWASP GPC is abused by Aspect Security to maintain exclusive control of various projects, such as the https://lists.owasp.org/pipermail/global-projects-committee/2011-August/002311.html i.e. Jason Li, Arshan Dabirsiaghi and Juan Carlos Calderon are all employees of Aspect Security and neither has development continued on owasp-java-waf since this e-mail by Juan (who had nothing to do with these politics at the time of this event as he was not an Aspect Security employee at the time).
> 3. OWASP own admission is that WASC has further reach via our websecurity@ mailing list i.e. http://lists.owasp.org/pipermail/owasp-board/2007-March/005552.html and this is further supported by their continued spam of WASC mailing lists i.e. https://www.google.com.au/search?q=site:lists.webappsec.org+owasp
> Ultimately, OWASP intents to dissolve WASC and take ownership of our high quality projects from the WASC Board i.e. "Talking about WASC, we should merge :) (as in WASC joins OWASP , and OWASP keeps the brand)" as quoted from http://lists.owasp.org/pipermail/owasp-board/2007-July/005773.html.
> Furthermore, I will no longer be able to participate in WAFEC as I have been terminated (without a corresponding bylaw) from OWASP even thought it is widely disputed that I won both the unfair trial and flawed appeal when the OWASP Board deliberately chose not to consider natural justice, procedural fairness or impartiality and the OWASP Board has deliberately withheld the release of information i.e. http://lists.owasp.org/pipermail/owasp-leaders/2012-February/006827.html
> Going forward, the relationship I would support would be promoting WAFEC on https://lists.owasp.org/listinfo/owasp-leaders as https://www.owasp.org/index.php/User:Oshezaf and I am also willing to consider an offer from OWASP to promote the final release of WAFECv2 on their owasp-all@ mailing list? 
> --
> Regards,
> Christian Heinrich
> http://cmlh.id.au/contact
> _______________________________________________
> wasc-wafec mailing list
> wasc-wafec at lists.webappsec.org
> http://lists.webappsec.org/mailman/listinfo/wasc-wafec_lists.webappsec.org
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.webappsec.org/pipermail/wasc-wafec_lists.webappsec.org/attachments/20121101/a7d14be6/attachment-0003.html>

More information about the wasc-wafec mailing list