[no subject]

However like my experiences of OWASP I have come to realize that usually
these things are created by a few committed people and timing hasn't been
great with some of the TC whom I know want to contribute but have had major
changes in personal lives (me included). I think when we started I (and
others) also naively hoped we would see more fresh input especially as there
needs to be development of test harnesses and skunk works tools as proof of
concept. Other changes such as patent issues also seem to have become
prevalent and so I would like to suggest a radical rethink of the schedule
for WAS.

Current Issues

1. The meta-content and profile part of WAS are almost complete (needs
finishing touches)

2. Extending VulnXML to be a truly useful and extensible black box testing
languages maybe more complicated than we anticipated (and really requires
reference libraries etc) requiring quite a bit of thought and work.

3. The extended functionality that we briefly discussed and the way it would
need to be implemented may have implications on United States Patent No.
6,584,569 and it would be prudent to seek legal advice before continuing. As
the CTO of Sanctum (the assigned party) is also on this TC I am sure legal
representation on behalf of WAS can engage with their lawyers to ensure
everything is above board and understood.

3. The protection part of WAS was not started. I have been speaking with
Ivan Ristic who wrote mod_security and Gabe Lawrence who wrote CodeSeeker
who are going to champion this given little input from anyone else.

Given this and the fact that I think if this is worth doing, its worth doing
properly I think realistically we need to buy at least six months more time
to do all of the things we need to do. That would change the delivery to the
end of June. 

As per the protocol for running a TC I will set up a vote early next week
giving time for any needed debate that needs to take place. 

Cheers

Mark