[WASC-WAFEC] "Aspect" the Worst

Ofer Shezaf ofer at shezaf.com
Sun Nov 18 08:20:01 EST 2012


Christian,

I am a firm believer in the saying attributed (wrongly) to Voltaire that
even if I disapprove of what you say but will defend to death your right to
say it. That said, within the context of this mailing list, it has to be
relevant to the discussion. While commenting about OWASP is relevant as we
are voting on making WAFEC a joined WASC/OWASP project, as your title change
indicates, this has stopped being about OWASP and has no place on this list.

Please refrain from such e-mails in the future. If you will not I will have
to make this list moderated. It would not be done to not allow you to
contribute and you will be most welcomed to continue doing that, however I
would need to make sure such e-mails are not repeated.

~ Ofer

-----Original Message-----
From: Christian Heinrich [mailto:christian.heinrich at cmlh.id.au] 
Sent: Sunday, November 18, 2012 1:27 PM
To: Jeff Williams
Cc: Ofer Shezaf; wasc-wafec at lists.webappsec.org
Subject: Re: "Aspect" the Worst

Jeff,

On Thu, Nov 1, 2012 at 9:19 PM, Jeff Williams
<jeff.williams at aspectsecurity.com> wrote:
> Thanks for the laugh.  If OWASP can help promote WAFEC, then of course 
> you're welcome.

What I am actually laughing at is Aspect Security attempting to distance
themselves from the OWASP Brand but still attempting to exploit it at the
same time e.g.
http://twitter.com/aspectsecurity/status/266633771326005250 (note that OWASP
is not referenced at all) and I see you removed the quote of how Aspect
profiteered from OWASP from
https://www.owasp.org/index.php/User:Jeff_Williams

But lets not just take my word for it, rather that of former Aspect Security
employees such as
http://www.greebo.net/2011/03/18/owasp-podcast-82-authorship-of-owasp-top-10
-2007/

I myself did enjoy participating in how the OWASP Board manipulated the
selection Project Leader fo the "Aspect Security" Verification Standard
(ASVS) in pre-selecting "surprise" Aspect Security without due process i.e.
https://lists.owasp.org/pipermail/owasp-board/2010-July/008710.html

Then we have Pravir complaining about how Aspect Security are attempting to
steal OpenSAMM i.e.
https://lists.owasp.org/pipermail/owasp-leaders/2009-July/001785.html,
oh of course you told him but care to justify why Pravir would host OpenSAMM
independently of owasp.org at http://www.opensamm.org/

... and my personal favoriate has to be
http://lists.owasp.org/pipermail/owasp-board/2011-January/009563.html

Looks like I am not the only one who shares this view considering Andrew,
Pravir and Yiannis have all expressed interest influencing the OWASP board
position which would kind of indicate that there are serious governance
issues.



--
Regards,
Christian Heinrich

http://cmlh.id.au/contact





More information about the wasc-wafec mailing list