This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit

Talk:OWASP Initiatives Global Strategic Focus/website project

Revision as of 23:30, 19 July 2016 by Tiffany.Long (talk | contribs) (Thoughts on Search Functionality)

Jump to: navigation, search

Thoughts on look and feel

The Needs Assessment report has a good analysis of the current web site and provides a lot of valuable ideas for improvements. The mock-ups mostly look attractive. However, I disagree with some of the underlying assumptions:

  • Wikipedia-style is derided. However, this style is wholly appropriate for the OWASP style IMHO. The OWASP web site could do worse than emulate Wikipedia more faithfully. Run towards Wikipedia, not away from it!
  • The (ISC)^2 web site is put forward as a style to aspire to. I beg to differ: the current OWASP web site looks a lot more attractive to me than (ISC)^2's. The former is much easier on the eye. (ISC)^2 may draw attention through the use of striking colors and more graphic material. However, no additional useful information is conveyed. The net result is a feeling of weariness: my brain has to work hard to take in all these stimuli and I get very little in return. Remember that web sites are not competing for attention like billboards: unlike billboards, you visit web sites one by one. A good web site conveys its message while minimising collateral damage through information fatigue.
  • Agree with both of the above. ISC2 is not a "competitor" and whilst the report has much to offer, focusing on ISC2, ISACA, ISA for comparisons seems a bit lazy. These other organisations are not like OWASP in terms of objectives, audience or membership. I remember being asked during an interview for this "shouldn't OWASP be the primary source of information" and I said no, OWASP's role is to promote application security - not promote itself. AppSec info appearing on other websites is a win - not a negative.
  • The importance of the (ISC)^2 website is not that (ISC)^2 is a direct competitor or the colors they used but that they inhabit the same "space" as OWASP and that their decisions about organization make their website easier for new people to use.
  • The suggestion is not necessarily to do away with the wiki but to clean it up and change a few key landing pages to be easier to follow.

Thoughts on Platform Selection

Thoughts on Information Architecture

Thoughts on Back Office and Infrastructure Architecture

This should certainly be a priority. It is difficult to volunteer for projects and efforts since work needed is not centralized. Additionally, communication seems to always go out of band to email which reduces overall teamwork and transparency. While the groups are very successful, we are losing volunteer work due to an inability to locate it.

Thoughts on Gamification

Thoughts on Features and Release Roadmap

Thoughts on Search Functionality

Another topic...