This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit

Summit 2011 Working Sessions/Session061

Revision as of 20:45, 25 January 2011 by Sandra Paiva (talk | contribs)

Jump to: navigation, search

Global Summit 2011 Home Page
Global Summit 2011 Tracks

WS. owasp.jpg Did OWASP Failed to achieve its full potential? (and lessons learned)
Please see/use the 'discussion' page for more details about this Working Session
Working Sessions Operational Rules - Please see here the general frame of rules.
Short Work Session Description Although OWASP is a big success story in its almost 10 years of existence, could more had been achieved? Did OWASP fulfil its potential or should lessons be learned about what worked, what didn't work and what should be done differently in the future?

Gunter Ollmann raises a number of important questions on his answer to Jeremiah's blog post :

"...As someone who until fairly recently was deeply involved day-in, day-out with webapp security (and actively involved in OWASP projects) - but who now focused on other realms of security research - I'm disappointed that OWASP has failed to achieve its full potential.

OWASP needs to cross the chasm and address webapp security in the language that businesses can understand and action against. These businesses don't need to be preached to about technical inadequacies, what they need is specific guidance for their business vertical using the vocabulary they themselves use. And, more specifically, they need directly applicable worked-through examples of how their business will benefit from the proposed changes.

OWASP's traditional unguided "build it and they will come" approach has been largely unsuccessful and has had unexpected consequences (such as the PCI-DSS example).

Just like we can't expect a physicist to undertake a heart transplant just because someone handed him a medical journal detailing the process, we shouldn't be expecting embedded system engineers to pick up the OWASP application testing guide and suddenly producing secure code.

Translation of ideas or translation of ideals?..."

Related Projects (if any)

Email Contacts & Roles Chair
Dinis Cruz @

Operational Manager
Mailing list
Subscription Page

Venue/Date&Time/Model Venue/Room
OWASP Global Summit Portugal 2011
Date & Time

Discussion Model
participants and attendees

Projector, whiteboards, markers, Internet connectivity, power

Proposed by Working Group Approved by OWASP Board

A white paper capturing possible missed opportunities during the 2000’s and suggesting strategies for doing better in the 2010’s.

After the Board Meeting - fill in here.

After the Board Meeting - fill in here.

After the Board Meeting - fill in here.

After the Board Meeting - fill in here.

After the Board Meeting - fill in here.


After the Board Meeting - fill in here.


After the Board Meeting - fill in here.


After the Board Meeting - fill in here.

Working Session Participants

(Add you name by clicking "edit" on the tab on the upper left side of this page)

Name Company Notes & reason for participating, issues to be discussed/addressed