CRS names Felipe Zipitría as third Co-Lead

The OWASP ModSecurity Core Rule Set project is very happy to announce Felipe Zipitría as a new and third Co-Leader. Felipe joins Walter Hop and Christian Folini in his new role.

Felipe Zipitría holds a master of computer science from the University of the Republic in Montevideo, Uruguay. He worked as a system administrator for the faculty of engineering for several years and also lectures on security at the University.

Felipe in Switzerland during the CRS developer summit in 2021.

Felipe in Switzerland during the CRS developer summit in 2021.

His jobs include a position as security architect and consultant at Tilsor in Uruguay and then remote work as an infrastructure security team lead at Perceptyx, Inc. He currently works as a senior security engineer at US based Life360.

Felipe has been a long time developer for OWASP CRS and served the project on various topics. He combines strong technical expertise with management experience that serves the project very well. Unlike his other co-leads he also brings a lot of container know-how to the table. He has been one of the developers building the CRS sandbox and he is currently preparing the upcoming CRS status page.

Felipe lives in Montevideo, Uruguay, with his wife and two sons.

What’s up with CRS?

The OWASP ModSecurity Core Rule Set project is working towards a new major release. The new release will feature the CRS plugin mechanism. First production experience with the release give the impression of a game changer and a growing list of plugins to go with the release looks very promising.

The CRS sandbox the project released in late 2021 has been received with open arms and the project explores many additional ways to use it. One of these is a CRS bug bounty program that is being developed.

The sandbox will be complemented by a status page that assesses various CRS integrations, namely commercial ones, and gives you information about their level of protection and an overview of the CRS features they support.

The Log4J vulnerability and its coverage by the CRS team highlighted the role that a decent WAF can play in a multilayered defense. Several companies have understood that CRS plays a vital role in their services and they started to sponsor the project. CRS is using this sponsorship to finance projects like the dev-on-duty program or the developer summit in 2021. CRS is looking for additional sponsors and welcomes new contacts in this regard.

Christian Folini / [@ChrFolini]