The projects should leave. I don't think they are a critical component of OWASP compared to the educational material provided through their documentation and conferences.
Two of the major projects in the list of cosigners on this are the OWASP Top 10 project and ASVS, which are the two big educational projects at OWASP.
I don't especially love either of those projects, but they're arguably the two most important things OWASP works on outside of the conferences. The Top 10 project can't really leave OWASP (ASVS could).
ZAP is the only other project there that I think is all that important to the identity of OWASP itself, but it should just go find its own sponsorship anyways. People like ZAP, but the industry standard is Burp Suite; Burp is Microsoft Office to ZAP's... LibreOffice? Like all the software freedom stuff aside, if you're a professional, you use Word.
Even OWASP Top 10 often seems to be most interesting in the vein of "That thing that was a problem 10 years ago? Yep still a problem." That's a bit unfair. Stuff does move around a bit over time and some new categories come in. But it often mostly seems to document how relatively little things change.
Josh Sokol would appear to agree. A response on his LinkedIn post:
> Honestly, if they can get $5-10M from "somewhere else", I say go for it. Then maybe the Foundation resources can be hyper focused on catering to Chapters and Events.
tptacek|3 years ago
I don't especially love either of those projects, but they're arguably the two most important things OWASP works on outside of the conferences. The Top 10 project can't really leave OWASP (ASVS could).
ZAP is the only other project there that I think is all that important to the identity of OWASP itself, but it should just go find its own sponsorship anyways. People like ZAP, but the industry standard is Burp Suite; Burp is Microsoft Office to ZAP's... LibreOffice? Like all the software freedom stuff aside, if you're a professional, you use Word.
ghaff|3 years ago
hn_throwaway_99|3 years ago
> Honestly, if they can get $5-10M from "somewhere else", I say go for it. Then maybe the Foundation resources can be hyper focused on catering to Chapters and Events.