1 / 29

OWASP 2.0 membrs

Read about the OWASP Manifesto and how they enable organizations to develop, maintain, and purchase trusted applications. Discover their major initiatives, history, funding model, local chapters, membership, projects, standards, certification, training, and more.

derrickv
Download Presentation

OWASP 2.0 membrs

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. OWASP 2.0membrs Andrew van der Stock OWASP Executive Director vanderaj@owasp.org

  2. Where are we going?

  3. Manifesto • Enabling organizations to develop, maintain, and purchase applications that they can trust

  4. It’s about community • Built on great foundations built by our contributors • Greater peer to peer participation • Emphasis on local community building • More support for your projects

  5. It’s about building a solid foundation • Transparency • Improve membership experience • Membership packages • Individual • Corporate • Sponsor • Starter chapter pack • Key projects • Projects

  6. It’s about delivery • We have delivered some really cool stuff recently • We have a very full year ahead • Volunteer burn out happens • We’re here to help you

  7. Major initiatives Top 10 Guide Training CLASP Conferences Ajax J2EE WebGoat .NET Building our brand Yours! Local chapters Testing Guide Project incubator WebScarab Wiki Validation Forums Certification Blogs

  8. OWASP Foundation

  9. History • 2000: Mark Curphey and Microsoft Word • 2001: OWASP Guide 1.0 • Sep 2002: Many volunteers finish 1.1.1 • Oct 2002: owasp-leaders created • Leaders from each project • This meritocracy still leads us today

  10. History • 2003: OWASP Foundation created • Chair: Jeff Williams • Conferences Chair: Dave Wichers • OWASP Leaders (about 30 odd people) • OWASP Members • OWASP Users

  11. OWASP Foundation • Key activity: self-sustaining this financial year • Currently earning a bit of cash • Not enough to pay for a full time employee • How to spend the money? • and still do the stuff we want?

  12. Transparency • Need your input on our executive leadership model • Publish finances at least once per year • Sponsorship schedule (inc. in kind) • Propose move to member-only elections in 2007 timeframe (à la NetBSD, Debian, etc) • Support? (Show of hands!)

  13. Funding model • Need to increase OWASP individual members • Current funding model is broken • We will fix the model, but we need your input • Funds for local development • Some money for room booking fees, pizza, etc • Money to build global organization

  14. Local Chapters

  15. Let’s meet! • We want you to meet your peers • Find your local chapter via our website

  16. Chapters!

  17. Local chapters • Easily the most useful OWASP activity • Lots of chapters all around the world • We want more! • Chapter Starter Pack

  18. Local chapter support • Use our Internet resources • Announce meetings well in advance • Have a schedule well in advance • Be consistent • Community: blogs, forum - in your local language • Present new stuff • ... or borrow other chapter’s slides

  19. Guidelines for chapters • Encourage membership in OWASP • Try to be easily found and a popular time • Always try to meet, if only for drinkies • Local sponsorship by vendors is fine • Try not to be 0wned by the vendors (of any type) • Protect yourself - insurance, talk choices, etc

  20. Membership drive • We need you to join • ... once we have worked out the funding model • $100 USD • Members get to vote and lead • Renewing members will get our membership pack • What do you want to see?

  21. Projects

  22. Leadership focus • Developing OWASP Foundation and infrastructure • Helping you deliver timely, useful projects • Keeping today’s flagship products fresh and relevant

  23. Updating old favorites • OWASP Guide 3.0 PDF, book, and Wiki • Top 10 2007 Wiki Edition - need volunteers • Testing Guide 1.0 PDF and Wiki - need volunteers

  24. Standards • Top 10 is an awareness product, not a standard • Need a standard • Relevant, useful and practical • Long lived and stable • Not particularly verbose or long • Must take input from key users (PCI, DHS,etc)

  25. Certification • Our brand is important to us • Need something to help get rid of freeloaders • Do we really want to run a certification lab? • Need a certification project

  26. Training • Many firms using OWASP Top 10 / Guide without permission • We need a training project • Top 10 1/2 day (Business types) • Architects 1 Day • Developer 3 Day • Certify trainers? Train the trainer? • How to ensure we don’t get ripped off or brand sullied? Or destroy friendly businesses?

  27. Project Focus • Participate! • What do you want us to focus on?

  28. Project incubators • Initiate any project you like • Each project will have its own space • Community: Link to team member blogs and forum • Resources: Samples, downloads, private workspace

  29. Questions Royalty free images from Stock*Exchange (http://www.sxc.hu) Used with permission

More Related