Summit 2011 Working Sessions/Session078

Jeremiah Grossman in his 'Open letter to OWASP' blog post: http://jeremiahgrossman.blogspot.com/2011/01/open-letter-to-owasp.html
"...3) Less preaching to the choir, engage more with the outsiders:
Everyone in the community recognizes the echo chamber issue. We know the vast majority of who we need to reach, those who do not voluntarily come to us, the application security industry. So of course they have no way of knowing why the work we do is important, how it affects the safety and privacy in their lives, and the viability of online business. Without addressing this issue, the summit runs the risk of perpetuation the problem. I’ve been as guilty as anyone. Therefore instead of continuing to expect people to come to us over the last several years I’ve been transitioning to going to where they are, and with much success! OWASP should do the same to spread the word and take itself to the next level.

For example, OWASP representatives could attend, sponsor, and present at every possible non-security conference such as JavaOne, F8, Google I/O, any O'Reilly event, Star East/Web and so on where thousands of developers gather. In my experience at these events, when in their own element, developers are eager to learn about the state-of-the-art in application security, especially when presented in a way where they can derive value immediately when they get back to work. These attendees also represent a segment of developers who really care about their software. OWASP should proactively reach out to conference organizers with menu of official up-to-date topics and facilitate the CFP process on behalf of qualified representatives. Or, better still, offer to establish and manage an entire security track! Done right with a call to action, this alone would drive much needed membership..."