OWASP projects

[zubcevic]

@nbaars @aolle should we take steps in moving from Lab project to Production or Flagship project or should we leave it as it is.

What about launching a new release and using a year based release number?

https://owasp.org/projects/

[aolle]

Hello @zubcevic,

Yeah, in my opinion, the project is relatively consistent and has a enough security value to be categorized as flagship project; lets see what @nbaars thinks about that.

I agree with launching a new release, more than a year has passed since last release and important changes has been made lately (new content, some fixes, new features, single jar format, etc).

Regards.

[nbaars]

@zubcevic, @aolle : for the versioning part, let's settle on using https://calver.org/#scheme and use the simple scheme: YYYY.0M.0D
If we need a release on the same day, we can use YYYY.0M.0D.MICRO (but looking at our release schedule this should probably never happen :-)

When tagging we still use vYYYY.0M.0D

[nbaars]

Thinking about it, let's simplify this to: YYYY.MICRO this is much easier as we can define versions in Github as well, so we fix this in 2022.<<latest+1>>. Otherwise the meaning of the which release the issue belongs to becomes too time sensitive.

[aolle]

Perfect!

[nbaars]

New release https://github.com/WebGoat/WebGoat/releases/tag/v2023.3 is a fact 🥳

[zubcevic]

Are you also going to OWASP AppSec Dublin?