This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit

User:Pravir Chandra

Revision as of 23:24, 18 November 2009 by Pravir Chandra (talk | contribs)

(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to: navigation, search


Please do contact me directly with any questions: chandra <at> owasp <dot> org

My overall vision for OWASP

Enable contributors

The purpose of the Board is to ENABLE contributors

  • Allow project leaders to focus on their projects and have the OWASP organization promote them
  • Allow chapter leaders to focus on their communities and have the OWASP organization take care of back-end management

Professional face

OWASP needs a professional face to get more adoption in the software development industry

  • There has to be a more user-friendly and efficient front-page for OWASP
    • Needs to address people in different roles (CISOs thru geeks)
    • Needs to show high-value to users consistently
  • OWASP needs to promote projects in a unified voice
    • Select and promote projects that are enterprise caliber
    • Promote OWASP in non-OWASP circles such as software development conferences and industry-specific events (financial services, retail, etc.)
  • Dev leaders need to be able to trust the quality of what they get from OWASP
    • This is key to brand protection and needed by any organization of our size/diversity
  • OWASP eventually needs to run like other open-source foundations (e.g. Apache)
    • Officers and assigned roles/responsibilities

Industry feedback

OWASP needs more driving influence from our "customers", i.e. the development and appsec community

  • Form an Industry Advisory Board
    • Ask them directly what they want from OWASP, what their pain points are, & how we can help
    • Ask non-members what it would take for them to join OWASP
    • Offer Corporate Members a recurring seat on the advisory board for joining (increases membership)
  • Organize "steering committees" for key projects that want them
    • Useful for Corporate Members to provide feedback directly to projects that they rely upon
    • Provides a forum for critical feedback and ideas for future directions

My OWASP history


  • CLASP Project Lead
    • Worked with my company (Secure Software) to donate the commercial CLASP methodology to OWASP
    • Served as project lead since early 2006
  • OpenSAMM Project Lead
    • Worked with my company (Fortify Software) to contribute money to fund development with the purpose of donating it to OWASP
    • Served as project lead since late 2008
  • Global Projects Committee Member
    • Worked with committee to develop updates to SoC planning, assessment criteria, project cataloging, etc.


I've presented (or will present) at the following OWASP conferences

  • AppSec Europe 2006 - Leuven, Belgium
    • Donated CLASP to OWASP
    • First time a commercial organization donated an existing commercial product
  • AppSec Europe 2007 - Milan, Italy
  • OWASP & WASC AppSec US 2007 - San Jose, CA
    • Vendor Exhibition Chair
    • First time OWASP allowed vendors to exhibit at a conference
  • OWASP AppSec US 2008 - New York City, NY
    • Unveiled the SAMM Beta
  • OWASP Summit 2008 - Portugal
  • OWASP AppSec Australia 2009 - Gold Coast, Australia
  • OWASP AppSec Europe 2009 - Krakow, Poland
  • OWASP Minneapolis Event 2009 - Minneapolis/St. Paul, MN
  • OWASP AppSec Academia Symposium - Irvine, CA
  • OWASP AppSec Brazil 2009 - Brasilia, Brazil
  • OWASP AppSec US 2009 - Washington, DC

I stay active and present at as many local Chapter meetings as possible.

  • In 2009, I've spoke at local chapters in 9 cities across the US & Canada

Professional Experience


Pravir Chandra is Director of Strategic Services at Fortify where he works with clients to build and optimize software security assurance programs. Pravir is widely recognized in the industry for his expertise in software security and code analysis, and also for his ability to apply technical knowledge strategically from a business perspective. Prior to Fortify, he was affiliated with Cigital as a Principal Consultant where he led large software security programs at Fortune 500 companies. Pravir was also Co-Founder and Chief Security Architect at Secure Software, Inc. before the company was acquired by Fortify Software. His book, Network Security with OpenSSL is a popular reference on protecting software applications through cryptography and secure communications. His varied special project experience includes creating and leading the Open Software Assurance Maturity Model (OpenSAMM) project with the Open Web Application Security Project (OWASP) Foundation. Also, Pravir currently serves as a Member of the OWASP Global Projects Committee.