220 likes | 336 Views
Dinis Cruz OWASP dinis.cruz@owasp.net. OWASP 2.0 Enabling organizations to develop, maintain, and acquire applications they can trust. Mission. Enabling organizations to develop, maintain, and purchase applications that they can trust. OWASP Foundation.
E N D
Dinis Cruz OWASP dinis.cruz@owasp.net OWASP 2.0Enabling organizations to develop, maintain, and acquire applications they can trust
Mission • Enabling organizations to develop, maintain, and purchase applications that they can trust
OWASP Foundation • The OWASP Foundation is a 501c3 not-for-profit charitable organization that ensures the ongoing availability and support for our work. Participation in OWASP is free and open to all.
History • 2000: Mark Curphey and Microsoft Word • 2001: OWASP Guide 1.0 • Sep 2002: Many volunteers finish 1.1.1 • Oct 2002: owasp-leaders created • Leaders from each project • This meritocracy still leads us today • 2003: OWASP Foundation created • -> 2006: tons of new projects (see tomorrow)
It’s about community • Built on great foundations built by our contributors • Greater peer to peer participation • Emphasis on local community building • More support for your projects
It’s about building a solid foundation • Transparency • Annual Report, financial details • Annual report (with financial details) starting 2006 • Move to more formal structure in 2007 timeframe (à la Apache, NetBSD, Debian, etc) • Improve membership experience • Membership packages • Individual • Corporate • Sponsor • Starter chapter pack
Autumn of Code 2006 • The Open Web Application Security Project (OWASP) has recently launched a new project entitled "OWASP Autumn of Code 2006” that is aimed at financially sponsoring contributions to OWASP Projects. • On the 18th of September our call for entries ended and on the 25th of September we released our list of selected projects to be sponsored. OWASP has made the decision to sponsor 9 projects (5 at $3,500 USD and 4 at $5,000 USD) instead of our originally planned number of 8.
Autumn of Code 2006 - Projects • WebScarab NG – Rogan Dawes • Live CD – Joshua Perrymon • CAL9000 – Chris Loomis • SiteGenerator and ORG – Mike de Libero • Pantera – Simon Roses • Web Goat – Sherif Koussa • Testing Guide – Matteo Meucci • OWASP .NET Tools – Boris Maletic • OWASP Website and Branding – Aaron M. Holmes
Current projects (see website) • Release Quality • Beta Status • Alpha Status • Technology, Research, and Guides
Funding model • Need to increase OWASP individual and corporate members • Current funding model • Conferences • Corporate and Individual Memberships (to be GNI adjusted) • Advertising • Sponsorships
OWASP Membership • An active voice in the development of OWASP Materials that are becoming widely accepted as an application security standard for all organizations. • A OWASP Commercial License to use the materials within your organization without the restrictions associated with the various open source licenses used by the OWASP projects. • Timely electronic notification of updates to the OWASP Materials. • Visibility for your organization's tangible commitment to application security through its inclusion in the members list on the OWASP website and promotional materials. • The right to use the OWASP name and membership mark to show that you are an OWASP Member. Note that the mark must not be used in any way that might indicate that OWASP supports a commercial product or service. • Collaboration with other highly skilled people from organizations around the world, both virtually and in person during periodic OWASP AppSec conferences and chapter meetings. • Discounted registration fees for OWASP AppSec conferences to all individual members and all employees of member organizations.
Local chapters • Easily the most useful OWASP activity • Lots of chapters all around the world
Local chapter support • Use our Internet resources • Announce meetings well in advance • Have a schedule well in advance • Be consistent • Community: blogs, forum - in your local language • Present new stuff • ... or borrow other chapter’s slides
Guidelines for chapters • Encourage membership in OWASP • Try to be easily found and a popular time • Always try to meet, if only for drinkies • Local sponsorship by vendors is fine • Try not to be 0wned by the vendors (of any type) • Protect yourself - insurance, talk choices, etc
Leadership Focus • Developing OWASP Foundation and infrastructure • Helping you deliver timely, useful projects • Keeping today’s flagship products fresh and relevant • Winter, Spring, and Summer of Code 2007
OWASP Brand • Our brand is important to us • Need something to help get rid of freeloaders • Many firms abusing OWASP Top 10 / Guide brand • Need a 'brand management' project
Project Incubators • Initiate any project you like • Each project will have its own space • Community: Link to team member blogs and forum • Resources: Samples, downloads, private workspace
Project Focus • Participate! • What do you want us to focus on?