Empathy List Archives

CH

Christian Heinrich

Sun, Nov 18, 2012 11:26 AM

Jeff,

On Thu, Nov 1, 2012 at 9:19 PM, Jeff Williams
jeff.williams@aspectsecurity.com wrote:

Thanks for the laugh. If OWASP can help promote WAFEC, then of course
you're welcome.

What I am actually laughing at is Aspect Security attempting to
distance themselves from the OWASP Brand but still attempting to
exploit it at the same time e.g.
http://twitter.com/aspectsecurity/status/266633771326005250 (note that
OWASP is not referenced at all) and I see you removed the quote of how
Aspect profiteered from OWASP from
https://www.owasp.org/index.php/User:Jeff_Williams

But lets not just take my word for it, rather that of former Aspect
Security employees such as
http://www.greebo.net/2011/03/18/owasp-podcast-82-authorship-of-owasp-top-10-2007/

I myself did enjoy participating in how the OWASP Board manipulated
the selection Project Leader fo the "Aspect Security" Verification
Standard (ASVS) in pre-selecting "surprise" Aspect Security without
due process i.e.
https://lists.owasp.org/pipermail/owasp-board/2010-July/008710.html

Then we have Pravir complaining about how Aspect Security are
attempting to steal OpenSAMM i.e.
https://lists.owasp.org/pipermail/owasp-leaders/2009-July/001785.html,
oh of course you told him but care to justify why Pravir would host
OpenSAMM independently of owasp.org at http://www.opensamm.org/

... and my personal favoriate has to be
http://lists.owasp.org/pipermail/owasp-board/2011-January/009563.html

Looks like I am not the only one who shares this view considering
Andrew, Pravir and Yiannis have all expressed interest influencing the
OWASP board position which would kind of indicate that there are
serious governance issues.

--
Regards,
Christian Heinrich

http://cmlh.id.au/contact

Jeff, On Thu, Nov 1, 2012 at 9:19 PM, Jeff Williams <jeff.williams@aspectsecurity.com> wrote: > Thanks for the laugh. If OWASP can help promote WAFEC, then of course > you're welcome. What I am actually laughing at is Aspect Security attempting to distance themselves from the OWASP Brand but still attempting to exploit it at the same time e.g. http://twitter.com/aspectsecurity/status/266633771326005250 (note that OWASP is not referenced at all) and I see you removed the quote of how Aspect profiteered from OWASP from https://www.owasp.org/index.php/User:Jeff_Williams But lets not just take my word for it, rather that of former Aspect Security employees such as http://www.greebo.net/2011/03/18/owasp-podcast-82-authorship-of-owasp-top-10-2007/ I myself did enjoy participating in how the OWASP Board manipulated the selection Project Leader fo the "Aspect Security" Verification Standard (ASVS) in pre-selecting "surprise" Aspect Security without due process i.e. https://lists.owasp.org/pipermail/owasp-board/2010-July/008710.html Then we have Pravir complaining about how Aspect Security are attempting to steal OpenSAMM i.e. https://lists.owasp.org/pipermail/owasp-leaders/2009-July/001785.html, oh of course you told him but care to justify why Pravir would host OpenSAMM independently of owasp.org at http://www.opensamm.org/ ... and my personal favoriate has to be http://lists.owasp.org/pipermail/owasp-board/2011-January/009563.html Looks like I am not the only one who shares this view considering Andrew, Pravir and Yiannis have all expressed interest influencing the OWASP board position which would kind of indicate that there are serious governance issues. -- Regards, Christian Heinrich http://cmlh.id.au/contact

R

Rcbarnett

Sun, Nov 18, 2012 1:13 PM

Ok Christian, we get it. You have problems with OWASP.

Can we please shelve this whole WASC/OWASP item until AFTER we actually have WAFEC v2 completed?

Let's get to work.

--
Ryan Barnett

On Nov 18, 2012, at 6:26 AM, Christian Heinrich christian.heinrich@cmlh.id.au wrote:

Jeff,

On Thu, Nov 1, 2012 at 9:19 PM, Jeff Williams
jeff.williams@aspectsecurity.com wrote:

Thanks for the laugh. If OWASP can help promote WAFEC, then of course
you're welcome.

What I am actually laughing at is Aspect Security attempting to
distance themselves from the OWASP Brand but still attempting to
exploit it at the same time e.g.
http://twitter.com/aspectsecurity/status/266633771326005250 (note that
OWASP is not referenced at all) and I see you removed the quote of how
Aspect profiteered from OWASP from
https://www.owasp.org/index.php/User:Jeff_Williams

But lets not just take my word for it, rather that of former Aspect
Security employees such as
http://www.greebo.net/2011/03/18/owasp-podcast-82-authorship-of-owasp-top-10-2007/

I myself did enjoy participating in how the OWASP Board manipulated
the selection Project Leader fo the "Aspect Security" Verification
Standard (ASVS) in pre-selecting "surprise" Aspect Security without
due process i.e.
https://lists.owasp.org/pipermail/owasp-board/2010-July/008710.html

Then we have Pravir complaining about how Aspect Security are
attempting to steal OpenSAMM i.e.
https://lists.owasp.org/pipermail/owasp-leaders/2009-July/001785.html,
oh of course you told him but care to justify why Pravir would host
OpenSAMM independently of owasp.org at http://www.opensamm.org/

... and my personal favoriate has to be
http://lists.owasp.org/pipermail/owasp-board/2011-January/009563.html

Looks like I am not the only one who shares this view considering
Andrew, Pravir and Yiannis have all expressed interest influencing the
OWASP board position which would kind of indicate that there are
serious governance issues.

--
Regards,
Christian Heinrich

http://cmlh.id.au/contact

wasc-wafec mailing list
wasc-wafec@lists.webappsec.org
http://lists.webappsec.org/mailman/listinfo/wasc-wafec_lists.webappsec.org

Ok Christian, we get it. You have problems with OWASP. Can we please shelve this whole WASC/OWASP item until AFTER we actually have WAFEC v2 completed? Let's get to work. -- Ryan Barnett On Nov 18, 2012, at 6:26 AM, Christian Heinrich <christian.heinrich@cmlh.id.au> wrote: > Jeff, > > On Thu, Nov 1, 2012 at 9:19 PM, Jeff Williams > <jeff.williams@aspectsecurity.com> wrote: >> Thanks for the laugh. If OWASP can help promote WAFEC, then of course >> you're welcome. > > What I am actually laughing at is Aspect Security attempting to > distance themselves from the OWASP Brand but still attempting to > exploit it at the same time e.g. > http://twitter.com/aspectsecurity/status/266633771326005250 (note that > OWASP is not referenced at all) and I see you removed the quote of how > Aspect profiteered from OWASP from > https://www.owasp.org/index.php/User:Jeff_Williams > > But lets not just take my word for it, rather that of former Aspect > Security employees such as > http://www.greebo.net/2011/03/18/owasp-podcast-82-authorship-of-owasp-top-10-2007/ > > I myself did enjoy participating in how the OWASP Board manipulated > the selection Project Leader fo the "Aspect Security" Verification > Standard (ASVS) in pre-selecting "surprise" Aspect Security without > due process i.e. > https://lists.owasp.org/pipermail/owasp-board/2010-July/008710.html > > Then we have Pravir complaining about how Aspect Security are > attempting to steal OpenSAMM i.e. > https://lists.owasp.org/pipermail/owasp-leaders/2009-July/001785.html, > oh of course you told him but care to justify why Pravir would host > OpenSAMM independently of owasp.org at http://www.opensamm.org/ > > ... and my personal favoriate has to be > http://lists.owasp.org/pipermail/owasp-board/2011-January/009563.html > > Looks like I am not the only one who shares this view considering > Andrew, Pravir and Yiannis have all expressed interest influencing the > OWASP board position which would kind of indicate that there are > serious governance issues. > > > > -- > Regards, > Christian Heinrich > > http://cmlh.id.au/contact > > _______________________________________________ > wasc-wafec mailing list > wasc-wafec@lists.webappsec.org > http://lists.webappsec.org/mailman/listinfo/wasc-wafec_lists.webappsec.org

OS

Ofer Shezaf

Sun, Nov 18, 2012 1:20 PM

Christian,

I am a firm believer in the saying attributed (wrongly) to Voltaire that
even if I disapprove of what you say but will defend to death your right to
say it. That said, within the context of this mailing list, it has to be
relevant to the discussion. While commenting about OWASP is relevant as we
are voting on making WAFEC a joined WASC/OWASP project, as your title change
indicates, this has stopped being about OWASP and has no place on this list.

Please refrain from such e-mails in the future. If you will not I will have
to make this list moderated. It would not be done to not allow you to
contribute and you will be most welcomed to continue doing that, however I
would need to make sure such e-mails are not repeated.

~ Ofer

-----Original Message-----
From: Christian Heinrich [mailto:christian.heinrich@cmlh.id.au]
Sent: Sunday, November 18, 2012 1:27 PM
To: Jeff Williams
Cc: Ofer Shezaf; wasc-wafec@lists.webappsec.org
Subject: Re: "Aspect" the Worst

Jeff,

On Thu, Nov 1, 2012 at 9:19 PM, Jeff Williams
jeff.williams@aspectsecurity.com wrote:

Thanks for the laugh. If OWASP can help promote WAFEC, then of course
you're welcome.

What I am actually laughing at is Aspect Security attempting to distance
themselves from the OWASP Brand but still attempting to exploit it at the
same time e.g.
http://twitter.com/aspectsecurity/status/266633771326005250 (note that OWASP
is not referenced at all) and I see you removed the quote of how Aspect
profiteered from OWASP from
https://www.owasp.org/index.php/User:Jeff_Williams

But lets not just take my word for it, rather that of former Aspect Security
employees such as
http://www.greebo.net/2011/03/18/owasp-podcast-82-authorship-of-owasp-top-10
-2007/

I myself did enjoy participating in how the OWASP Board manipulated the
selection Project Leader fo the "Aspect Security" Verification Standard
(ASVS) in pre-selecting "surprise" Aspect Security without due process i.e.
https://lists.owasp.org/pipermail/owasp-board/2010-July/008710.html

Then we have Pravir complaining about how Aspect Security are attempting to
steal OpenSAMM i.e.
https://lists.owasp.org/pipermail/owasp-leaders/2009-July/001785.html,
oh of course you told him but care to justify why Pravir would host OpenSAMM
independently of owasp.org at http://www.opensamm.org/

... and my personal favoriate has to be
http://lists.owasp.org/pipermail/owasp-board/2011-January/009563.html

Looks like I am not the only one who shares this view considering Andrew,
Pravir and Yiannis have all expressed interest influencing the OWASP board
position which would kind of indicate that there are serious governance
issues.

--
Regards,
Christian Heinrich

http://cmlh.id.au/contact

Christian, I am a firm believer in the saying attributed (wrongly) to Voltaire that even if I disapprove of what you say but will defend to death your right to say it. That said, within the context of this mailing list, it has to be relevant to the discussion. While commenting about OWASP is relevant as we are voting on making WAFEC a joined WASC/OWASP project, as your title change indicates, this has stopped being about OWASP and has no place on this list. Please refrain from such e-mails in the future. If you will not I will have to make this list moderated. It would not be done to not allow you to contribute and you will be most welcomed to continue doing that, however I would need to make sure such e-mails are not repeated. ~ Ofer -----Original Message----- From: Christian Heinrich [mailto:christian.heinrich@cmlh.id.au] Sent: Sunday, November 18, 2012 1:27 PM To: Jeff Williams Cc: Ofer Shezaf; wasc-wafec@lists.webappsec.org Subject: Re: "Aspect" the Worst Jeff, On Thu, Nov 1, 2012 at 9:19 PM, Jeff Williams <jeff.williams@aspectsecurity.com> wrote: > Thanks for the laugh. If OWASP can help promote WAFEC, then of course > you're welcome. What I am actually laughing at is Aspect Security attempting to distance themselves from the OWASP Brand but still attempting to exploit it at the same time e.g. http://twitter.com/aspectsecurity/status/266633771326005250 (note that OWASP is not referenced at all) and I see you removed the quote of how Aspect profiteered from OWASP from https://www.owasp.org/index.php/User:Jeff_Williams But lets not just take my word for it, rather that of former Aspect Security employees such as http://www.greebo.net/2011/03/18/owasp-podcast-82-authorship-of-owasp-top-10 -2007/ I myself did enjoy participating in how the OWASP Board manipulated the selection Project Leader fo the "Aspect Security" Verification Standard (ASVS) in pre-selecting "surprise" Aspect Security without due process i.e. https://lists.owasp.org/pipermail/owasp-board/2010-July/008710.html Then we have Pravir complaining about how Aspect Security are attempting to steal OpenSAMM i.e. https://lists.owasp.org/pipermail/owasp-leaders/2009-July/001785.html, oh of course you told him but care to justify why Pravir would host OpenSAMM independently of owasp.org at http://www.opensamm.org/ ... and my personal favoriate has to be http://lists.owasp.org/pipermail/owasp-board/2011-January/009563.html Looks like I am not the only one who shares this view considering Andrew, Pravir and Yiannis have all expressed interest influencing the OWASP board position which would kind of indicate that there are serious governance issues. -- Regards, Christian Heinrich http://cmlh.id.au/contact

wasc-wafec@lists.webappsec.org

Re: [WASC-WAFEC] "Aspect" the Worst