This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit https://owasp.org
Difference between revisions of "Summit 2011 Creating OWASP 4dotOh"
(Created page with 'Hi everyone, In my mind, OWASP 1.0 was pre-wiki with lots of great work and a less great infrastructure. OWASP 2.0 was establishing the 501c3, putting in the wiki, and getting…') |
|||
Line 1: | Line 1: | ||
+ | ====Call to action by Jeff Williams==== | ||
Hi everyone, | Hi everyone, | ||
− | In my mind, OWASP 1.0 was pre-wiki with lots of great work and a less great infrastructure. OWASP 2.0 was establishing the 501c3, putting in the wiki, and getting lots of great projects started. OWASP 3.0 started with the Summit in Portugal when we created the new committees and has focused on creating thriving projects instead of standalone tools. Thank you for all of your efforts growing a fun, civil, productive community. | + | In my mind, OWASP 1.0 was pre-wiki with lots of great work and a less great infrastructure. OWASP 2.0 was establishing the 501c3, putting in the wiki, and getting lots of great projects started. OWASP 3.0 started with the [[OWASP EU Summit 2008|Summit in Portugal]] when we created the new committees and has focused on creating thriving projects instead of standalone tools. Thank you for all of your efforts growing a fun, civil, productive community. |
I reach out to you now to ask you to take some time and think about what OWASP should become. The time has come to measure our success not by the number of members, projects, and conferences, but by whether we are succeeding at making the world’s software more secure. It’s time to get our message and strategy to the next level. | I reach out to you now to ask you to take some time and think about what OWASP should become. The time has come to measure our success not by the number of members, projects, and conferences, but by whether we are succeeding at making the world’s software more secure. It’s time to get our message and strategy to the next level. | ||
− | HELP DESIGN OWASP 4.0 IN PORTUGAL AT THE SUMMIT! | + | '''HELP DESIGN OWASP 4.0 IN PORTUGAL AT THE SUMMIT!''' |
− | If you consider yourself an OWASP Leader, won’t you take a few minutes of quiet time and propose a few ideas for how OWASP can retool, reorganize, refocus, and revamp itself to really achieve our mission? We will rip, mix, and burn these ideas into a new strategy for OWASP at the Portugal Summit. I encourage you to check out the resort and all the plans happening right now at http://www.owasp.org/index.php/Summit_2011. | + | If you consider yourself an OWASP Leader, won’t you take a few minutes of quiet time and propose a few ideas for how OWASP can retool, reorganize, refocus, and revamp itself to really achieve our mission? We will rip, mix, and burn these ideas into a new strategy for OWASP at the Portugal Summit. I encourage you to check out the resort and all the plans happening right now at [http://www.owasp.org/index.php/Summit_2011 http://www.owasp.org/index.php/Summit_2011]. |
Here are some ideas to get you started. | Here are some ideas to get you started. | ||
− | + | * We bootstrap several application security ecosystems around key technologies like mobile, cloud, REST | |
− | + | * We reach out to governments around the world to help them push for application security | |
− | + | * We raise money to fund real security enhancements to tools, browsers, protocols (e.g. OpenSSL) | |
− | + | * We make the OWASP materials more usable by providing a “user” site and keep the wiki for development | |
− | + | * We invest in marketing AppSec – How do we scale David Rice and the “greening” of AppSec | |
− | + | * We continue our education initiative – academies, college chapters, videos, curriculum | |
− | + | * We continue our browser initiative and do whatever it takes to get the browsers and frameworks talking | |
− | + | * We invest in getting in front of new technologies like HTML5 | |
− | + | * We launch a no-holds barred XSS eradication campaign | |
− | + | * We create a set of objective AppSec *market* metrics that quantify the state of our art | |
− | + | * We continue to push on creating standards | |
− | + | * ??? | |
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | We need your ideas NOW. Get yourself on the | + | We need your ideas NOW. Get yourself on the [http://www.owasp.org/index.php/Summit_2011_Attendee Attendee list]! |
− | |||
− | http://www.owasp.org/index.php/ | ||
In one week of thinking, arguing, coding, hacking, and writing we are going to accomplish more than the rest of the world’s appsec efforts combined. We’ll see you in Portugal ready to rock. Thanks! | In one week of thinking, arguing, coding, hacking, and writing we are going to accomplish more than the rest of the world’s appsec efforts combined. We’ll see you in Portugal ready to rock. Thanks! | ||
--Jeff | --Jeff | ||
+ | |||
+ | OWASP Foundation Board Chair |
Revision as of 21:06, 4 January 2011
Call to action by Jeff Williams
Hi everyone,
In my mind, OWASP 1.0 was pre-wiki with lots of great work and a less great infrastructure. OWASP 2.0 was establishing the 501c3, putting in the wiki, and getting lots of great projects started. OWASP 3.0 started with the Summit in Portugal when we created the new committees and has focused on creating thriving projects instead of standalone tools. Thank you for all of your efforts growing a fun, civil, productive community.
I reach out to you now to ask you to take some time and think about what OWASP should become. The time has come to measure our success not by the number of members, projects, and conferences, but by whether we are succeeding at making the world’s software more secure. It’s time to get our message and strategy to the next level.
HELP DESIGN OWASP 4.0 IN PORTUGAL AT THE SUMMIT!
If you consider yourself an OWASP Leader, won’t you take a few minutes of quiet time and propose a few ideas for how OWASP can retool, reorganize, refocus, and revamp itself to really achieve our mission? We will rip, mix, and burn these ideas into a new strategy for OWASP at the Portugal Summit. I encourage you to check out the resort and all the plans happening right now at http://www.owasp.org/index.php/Summit_2011.
Here are some ideas to get you started.
- We bootstrap several application security ecosystems around key technologies like mobile, cloud, REST
- We reach out to governments around the world to help them push for application security
- We raise money to fund real security enhancements to tools, browsers, protocols (e.g. OpenSSL)
- We make the OWASP materials more usable by providing a “user” site and keep the wiki for development
- We invest in marketing AppSec – How do we scale David Rice and the “greening” of AppSec
- We continue our education initiative – academies, college chapters, videos, curriculum
- We continue our browser initiative and do whatever it takes to get the browsers and frameworks talking
- We invest in getting in front of new technologies like HTML5
- We launch a no-holds barred XSS eradication campaign
- We create a set of objective AppSec *market* metrics that quantify the state of our art
- We continue to push on creating standards
- ???
We need your ideas NOW. Get yourself on the Attendee list!
In one week of thinking, arguing, coding, hacking, and writing we are going to accomplish more than the rest of the world’s appsec efforts combined. We’ll see you in Portugal ready to rock. Thanks!
--Jeff
OWASP Foundation Board Chair