WASC Web Application Firewall Evaluation Criteria Project Mailing List
View all threadsJeff,
On Thu, Nov 1, 2012 at 9:19 PM, Jeff Williams
jeff.williams@aspectsecurity.com wrote:
Thanks for the laugh. If OWASP can help promote WAFEC, then of course
you're welcome.
What I am actually laughing at is Aspect Security attempting to
distance themselves from the OWASP Brand but still attempting to
exploit it at the same time e.g.
http://twitter.com/aspectsecurity/status/266633771326005250 (note that
OWASP is not referenced at all) and I see you removed the quote of how
Aspect profiteered from OWASP from
https://www.owasp.org/index.php/User:Jeff_Williams
But lets not just take my word for it, rather that of former Aspect
Security employees such as
http://www.greebo.net/2011/03/18/owasp-podcast-82-authorship-of-owasp-top-10-2007/
I myself did enjoy participating in how the OWASP Board manipulated
the selection Project Leader fo the "Aspect Security" Verification
Standard (ASVS) in pre-selecting "surprise" Aspect Security without
due process i.e.
https://lists.owasp.org/pipermail/owasp-board/2010-July/008710.html
Then we have Pravir complaining about how Aspect Security are
attempting to steal OpenSAMM i.e.
https://lists.owasp.org/pipermail/owasp-leaders/2009-July/001785.html,
oh of course you told him but care to justify why Pravir would host
OpenSAMM independently of owasp.org at http://www.opensamm.org/
... and my personal favoriate has to be
http://lists.owasp.org/pipermail/owasp-board/2011-January/009563.html
Looks like I am not the only one who shares this view considering
Andrew, Pravir and Yiannis have all expressed interest influencing the
OWASP board position which would kind of indicate that there are
serious governance issues.
--
Regards,
Christian Heinrich
Ok Christian, we get it. You have problems with OWASP.
Can we please shelve this whole WASC/OWASP item until AFTER we actually have WAFEC v2 completed?
Let's get to work.
--
Ryan Barnett
On Nov 18, 2012, at 6:26 AM, Christian Heinrich christian.heinrich@cmlh.id.au wrote:
Jeff,
On Thu, Nov 1, 2012 at 9:19 PM, Jeff Williams
jeff.williams@aspectsecurity.com wrote:
Thanks for the laugh. If OWASP can help promote WAFEC, then of course
you're welcome.
What I am actually laughing at is Aspect Security attempting to
distance themselves from the OWASP Brand but still attempting to
exploit it at the same time e.g.
http://twitter.com/aspectsecurity/status/266633771326005250 (note that
OWASP is not referenced at all) and I see you removed the quote of how
Aspect profiteered from OWASP from
https://www.owasp.org/index.php/User:Jeff_Williams
But lets not just take my word for it, rather that of former Aspect
Security employees such as
http://www.greebo.net/2011/03/18/owasp-podcast-82-authorship-of-owasp-top-10-2007/
I myself did enjoy participating in how the OWASP Board manipulated
the selection Project Leader fo the "Aspect Security" Verification
Standard (ASVS) in pre-selecting "surprise" Aspect Security without
due process i.e.
https://lists.owasp.org/pipermail/owasp-board/2010-July/008710.html
Then we have Pravir complaining about how Aspect Security are
attempting to steal OpenSAMM i.e.
https://lists.owasp.org/pipermail/owasp-leaders/2009-July/001785.html,
oh of course you told him but care to justify why Pravir would host
OpenSAMM independently of owasp.org at http://www.opensamm.org/
... and my personal favoriate has to be
http://lists.owasp.org/pipermail/owasp-board/2011-January/009563.html
Looks like I am not the only one who shares this view considering
Andrew, Pravir and Yiannis have all expressed interest influencing the
OWASP board position which would kind of indicate that there are
serious governance issues.
--
Regards,
Christian Heinrich
wasc-wafec mailing list
wasc-wafec@lists.webappsec.org
http://lists.webappsec.org/mailman/listinfo/wasc-wafec_lists.webappsec.org
Christian,
I am a firm believer in the saying attributed (wrongly) to Voltaire that
even if I disapprove of what you say but will defend to death your right to
say it. That said, within the context of this mailing list, it has to be
relevant to the discussion. While commenting about OWASP is relevant as we
are voting on making WAFEC a joined WASC/OWASP project, as your title change
indicates, this has stopped being about OWASP and has no place on this list.
Please refrain from such e-mails in the future. If you will not I will have
to make this list moderated. It would not be done to not allow you to
contribute and you will be most welcomed to continue doing that, however I
would need to make sure such e-mails are not repeated.
~ Ofer
-----Original Message-----
From: Christian Heinrich [mailto:christian.heinrich@cmlh.id.au]
Sent: Sunday, November 18, 2012 1:27 PM
To: Jeff Williams
Cc: Ofer Shezaf; wasc-wafec@lists.webappsec.org
Subject: Re: "Aspect" the Worst
Jeff,
On Thu, Nov 1, 2012 at 9:19 PM, Jeff Williams
jeff.williams@aspectsecurity.com wrote:
Thanks for the laugh. If OWASP can help promote WAFEC, then of course
you're welcome.
What I am actually laughing at is Aspect Security attempting to distance
themselves from the OWASP Brand but still attempting to exploit it at the
same time e.g.
http://twitter.com/aspectsecurity/status/266633771326005250 (note that OWASP
is not referenced at all) and I see you removed the quote of how Aspect
profiteered from OWASP from
https://www.owasp.org/index.php/User:Jeff_Williams
But lets not just take my word for it, rather that of former Aspect Security
employees such as
http://www.greebo.net/2011/03/18/owasp-podcast-82-authorship-of-owasp-top-10
-2007/
I myself did enjoy participating in how the OWASP Board manipulated the
selection Project Leader fo the "Aspect Security" Verification Standard
(ASVS) in pre-selecting "surprise" Aspect Security without due process i.e.
https://lists.owasp.org/pipermail/owasp-board/2010-July/008710.html
Then we have Pravir complaining about how Aspect Security are attempting to
steal OpenSAMM i.e.
https://lists.owasp.org/pipermail/owasp-leaders/2009-July/001785.html,
oh of course you told him but care to justify why Pravir would host OpenSAMM
independently of owasp.org at http://www.opensamm.org/
... and my personal favoriate has to be
http://lists.owasp.org/pipermail/owasp-board/2011-January/009563.html
Looks like I am not the only one who shares this view considering Andrew,
Pravir and Yiannis have all expressed interest influencing the OWASP board
position which would kind of indicate that there are serious governance
issues.
--
Regards,
Christian Heinrich