Secure Coding mailing list archives
Call to review OWASP ESAPI crypto code
From: kevin.w.wall at gmail.com (Kevin W. Wall)
Date: Thu, 08 Apr 2010 00:34:32 -0400
The Open Web Application Security Project (OWASP) is a 501(c)(3) not-for-profit worldwide charitable organization focused on improving the security of application software and all of OWASP's materials are available under a free and open source software licenses. The next release candidate of OWASP's Enterprise Security API (ESAPI) for Java (ESAPI-2.0-rc6) has recently been released. This is the second complete release candidate that contains the completely revamped symmetric encryption and the first release candidate with completed user documentation om this regard. Before we make an official 2.0 release, we would like the completely redesigned symmetric encryption in ESAPI to be reviewed by professional cryptographers or security professionals with expertise in cryptography. It shouldn't take too much time as the code-base is really fairly small-- slightly over 3900 LOC (including comments and blank lines) or approximately 1725 non-commentary source lines. Anyhow, if you are willing to help without charge to OWASP, you can find more details at: http://www.owasp.org/index.php/Request_to_review_ESAPI_2.0_crypto Thanks in advance to those of you who can help. -kevin -- Kevin W. Wall "The most likely way for the world to be destroyed, most experts agree, is by accident. That's where we come in; we're computer professionals. We cause accidents." -- Nathaniel Borenstein, co-creator of MIME
Current thread:
- Call to review OWASP ESAPI crypto code Kevin W. Wall (Apr 07)