[WASC-WAFEC] Making WAFEC a joined WASC/OWASP project

Ofer Shezaf ofer at shezaf.com
Thu Nov 1 06:24:57 EDT 2012


Thanks Jeff.

 

I would like to make two comments on Christian’s e-mail:

·         While I am not in agreement, I value his opinion and welcome him sharing it on the list.

·         I will make sure that such a move does not prevent Christian from participating in WAFEC due his dispute with OWASP. Whether he chooses to participate is his own choice.

 

~ Ofer

 

From: Jeff Williams [mailto:jeff.williams at aspectsecurity.com] 
Sent: Thursday, November 01, 2012 12:20 PM
To: Christian Heinrich
Cc: Ofer Shezaf; wasc-wafec at lists.webappsec.org
Subject: Re: [WASC-WAFEC] Making WAFEC a joined WASC/OWASP project

 

Hi Ofer,

 

Thanks for the laugh.  If OWASP can help promote WAFEC, then of course you're welcome.


--Jeff

 

 


On Nov 1, 2012, at 4:33 AM, "Christian Heinrich" <christian.heinrich at cmlh.id.au> wrote:

Ofer,

On Thu, Nov 1, 2012 at 6:14 PM, Ofer Shezaf <ofer at shezaf.com> wrote:
> I don't think the OWASP elections are of essence in this case. Neither
> organizations nor projects should stop due to elections, and in any case the
> elections have taken place and the not much has changed on the board.

The stability of the OWASP Board is of the upmost importance and their recent election is under dispute.

However, I don't believe that a formal relationship with OWASP would provide WAFEC with any additional benefit and would greatly harm WAFEC:

1. Trustwave dominate the OWASP Board and have exerted the influence to manipulate various outcomes to their sole benefit e.g. https://lists.owasp.org/pipermail/committees-chairs/2011-September/000574.html

2. The OWASP GPC is abused by Aspect Security to maintain exclusive control of various projects, such as the https://lists.owasp.org/pipermail/global-projects-committee/2011-August/002311.html i.e. Jason Li, Arshan Dabirsiaghi and Juan Carlos Calderon are all employees of Aspect Security and neither has development continued on owasp-java-waf since this e-mail by Juan (who had nothing to do with these politics at the time of this event as he was not an Aspect Security employee at the time).

3. OWASP own admission is that WASC has further reach via our websecurity@ mailing list i.e. http://lists.owasp.org/pipermail/owasp-board/2007-March/005552.html and this is further supported by their continued spam of WASC mailing lists i.e. https://www.google.com.au/search?q=site:lists.webappsec.org+owasp

Ultimately, OWASP intents to dissolve WASC and take ownership of our high quality projects from the WASC Board i.e. "Talking about WASC, we should merge :) (as in WASC joins OWASP , and OWASP keeps the brand)" as quoted from http://lists.owasp.org/pipermail/owasp-board/2007-July/005773.html.

Furthermore, I will no longer be able to participate in WAFEC as I have been terminated (without a corresponding bylaw) from OWASP even thought it is widely disputed that I won both the unfair trial and flawed appeal when the OWASP Board deliberately chose not to consider natural justice, procedural fairness or impartiality and the OWASP Board has deliberately withheld the release of information i.e. http://lists.owasp.org/pipermail/owasp-leaders/2012-February/006827.html

Going forward, the relationship I would support would be promoting WAFEC on https://lists.owasp.org/listinfo/owasp-leaders as https://www.owasp.org/index.php/User:Oshezaf and I am also willing to consider an offer from OWASP to promote the final release of WAFECv2 on their owasp-all@ mailing list? 


--
Regards,
Christian Heinrich

http://cmlh.id.au/contact 

_______________________________________________
wasc-wafec mailing list
wasc-wafec at lists.webappsec.org
http://lists.webappsec.org/mailman/listinfo/wasc-wafec_lists.webappsec.org

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.webappsec.org/pipermail/wasc-wafec_lists.webappsec.org/attachments/20121101/62c4a272/attachment-0003.html>


More information about the wasc-wafec mailing list