[WASC-WAFEC] "Aspect" the Worst

Ofer Shezaf ofer at shezaf.com
Sun Nov 18 08:20:01 EST 2012


I am a firm believer in the saying attributed (wrongly) to Voltaire that
even if I disapprove of what you say but will defend to death your right to
say it. That said, within the context of this mailing list, it has to be
relevant to the discussion. While commenting about OWASP is relevant as we
are voting on making WAFEC a joined WASC/OWASP project, as your title change
indicates, this has stopped being about OWASP and has no place on this list.

Please refrain from such e-mails in the future. If you will not I will have
to make this list moderated. It would not be done to not allow you to
contribute and you will be most welcomed to continue doing that, however I
would need to make sure such e-mails are not repeated.

~ Ofer

-----Original Message-----
From: Christian Heinrich [mailto:christian.heinrich at cmlh.id.au] 
Sent: Sunday, November 18, 2012 1:27 PM
To: Jeff Williams
Cc: Ofer Shezaf; wasc-wafec at lists.webappsec.org
Subject: Re: "Aspect" the Worst


On Thu, Nov 1, 2012 at 9:19 PM, Jeff Williams
<jeff.williams at aspectsecurity.com> wrote:
> Thanks for the laugh.  If OWASP can help promote WAFEC, then of course 
> you're welcome.

What I am actually laughing at is Aspect Security attempting to distance
themselves from the OWASP Brand but still attempting to exploit it at the
same time e.g.
http://twitter.com/aspectsecurity/status/266633771326005250 (note that OWASP
is not referenced at all) and I see you removed the quote of how Aspect
profiteered from OWASP from

But lets not just take my word for it, rather that of former Aspect Security
employees such as

I myself did enjoy participating in how the OWASP Board manipulated the
selection Project Leader fo the "Aspect Security" Verification Standard
(ASVS) in pre-selecting "surprise" Aspect Security without due process i.e.

Then we have Pravir complaining about how Aspect Security are attempting to
steal OpenSAMM i.e.
oh of course you told him but care to justify why Pravir would host OpenSAMM
independently of owasp.org at http://www.opensamm.org/

... and my personal favoriate has to be

Looks like I am not the only one who shares this view considering Andrew,
Pravir and Yiannis have all expressed interest influencing the OWASP board
position which would kind of indicate that there are serious governance

Christian Heinrich


More information about the wasc-wafec mailing list