|
|
| (36 intermediate revisions by 2 users not shown) |
| Line 1: |
Line 1: |
| − | Hello,
| + | [[File:B-2016-profile-photo.jpg|thumb]] |
| | + | __NOTOC__ |
| | | | |
| − | My name is Jim Manico and I've been an active member of OWASP since 2008.
| + | Jim Manico is the founder of [https://www.manicode.com Manicode Security] where he trains software developers on secure coding and security engineering. He is also the founder of Brakeman Security, Inc. and is a investor/advisor for Signal Sciences. Jim is a frequent speaker on secure software practices and is a member of the JavaOne rockstar speaker community. Jim is also a [[:Special:Contributions/jmanico|volunteer]] and former board member of the OWASP foundation. He is the author of "Iron-Clad Java: Building Secure Web Applications" from McGraw-Hill and Oracle Press. For more information, see http://www.linkedin.com/in/jmanico. |
| | | | |
| − | * I am the founder, producer and host of the [[OWASP_Podcast | OWASP Podcast Series]]. As of May 2011 I have published 84 shows and have spent over 500 hours making the OWASP Podcast a reality. I am grateful to my many guests who have made the show a success.
| + | You can reach Jim at [mailto:jim.manico@owasp.org jim.manico@owasp.org]. You also reach Jim on twitter at [http://www.twitter.com/manicode @manicode]. |
| − | * I am also a contributor and project manager of the [https://www.owasp.org/index.php/Category:OWASP_Enterprise_Security_API ESAPI Project]. I have one of the largest number of individual check-in's for the ESAPI-Java project and work to ease communication between the many volunteers of this project.
| |
| − | * I am also the chair of the [https://www.owasp.org/index.php/OWASP_Connections_Committee OWASP Connections Committee] where I manage the [http://owasp.blogspot.com OWASP Blog], [http://twitter.com/owasp twitter feed] and [https://www.owasp.org/index.php/Press press communications] for OWASP. I feel that these activities are directly inline with the OWASP core mission of spreading awareness.
| |
| − | * I am also spearheading several ESAPI-like projects that provide modular single-use controls for ease of use. I have only begun these efforts, but have started to manage the [https://www.owasp.org/index.php/OWASP_Java_Encoder_Project OWASP Encoder ], the OWASP validator and the [https://www.owasp.org/index.php/OWASP_Java_HTML_Sanitizer_Project OWASP HTML Sanitizer] project with a variety of very talented developers.
| |
| − | * I also have been a significant contributor and manager of the [https://www.owasp.org/index.php/Category:Cheatsheets OWASP Cheatsheet Series]. I've worked on the XSS, DOM XSS, SQL Injection, Cryptographic Storage, Forgot Password and other topics in this series.
| |
| − | | |
| − | I feel very hesitant to list what I have given to OWASP, because OWASP has given so much more to me. I am a teacher/student of secure coding practices and have found OWASP materials to be the best in industry.
| |
| − | | |
| − | OWASP is a non profit organization. One of the most important responsibilities of a non-profit board is to secure adequate resources for the organization to fulfill its mission. If given the honor and responsibility of becoming a board member,I would use my position to work with grant writers and other resources to secure additional funding for OWASP projects.
| |
| − | | |
| − | I also feel that quality is critical to OWASP's future. As OWASP changes and more developers enter the fold, the quality of our open source defensive projects must increase. This kind quality cannot be solved via automation alone. I wish to use increased funds within OWASP to hire additional full-time technical staff to help ensure that the work we do meets the quality and functionality expectations that developers require to write low-risk application software.
| |
| − | | |
| − | #Maintain OWASP values and culture of innovation and vendor neutrality
| |
| − | ##Allow low barrier for entry for new projects
| |
| − | ##Ensure that all board activities and use of funding is conducted in an open way
| |
| − | ##Organization-wide adherence to vendor neutrality
| |
| − | #Create change/maturation driver through funding
| |
| − | ##Establish engagement paradigm for commercial / federal grants
| |
| − | ##Utilize funding to hire additional full time technical and organizational resources for OWASP
| |
| − | #Facilitate planned “Apache Model” for project measurement, management, and labeling
| |
| − | ##Inventory current project and software assets
| |
| − | ##High barrier of entry for *production quality* OWASP projects
| |
| − | ##Hire additional FTE support staff to manage project infrastructure
| |
| − | #Modernize/Simplify the OWASP Website
| |
| − | ##Hire additional FTE support staff to manage and run the OWASP website
| |
| − | ##Craft adoption guide
| |
| − | ###For common organization archetypes
| |
| − | ###For common individual professional roles
| |
