Revision as of 15:04, 22 May 2015

Jim's Suggestions for 2015 Strategic Plans

Build a scalable OWASP training program that spreads security training around the world

• Focus on building free and open source training materials for all to use
• Take existing wiki, powerpoint from talks, powerpoints from trainers who have open sourced content, key OWASP training-centric projects (webgoat, security Shepard, etc) and merge, clean up and professionalize the content into an OWASP branded series of trainings.
• Produce professional OWASP branded training videos and CBT
• Focus conference training program on using open source as opposed to proprietary/commercial content
• As a commercial ILT trainer I have a big conflict of interest over this topic

Strengthen OWASP chapters and increase Chapter’s abilities to spread message of OWASP through locally organized and run events.

• Even something as simple as a chapter meeting is an "event" so anything to help make even chapter meetings better serves this goal
• Better plan to help chapters use funds
• Alert all chapters of existing chapter funds, on a monthly basis, on their public lists. Link to "How to use it to spread the message"
• FUND SMALLER CHAPTERS IN A VERY SIGNIFICANT WAY

Mature the OWASP Projects Platform: Provide the OWASP projects community a mature project platform to encourage senior developers to participate in the various and many OWASP projects.

• Consider hiring senior developer/developers to mature code centric OWASP programs like ESAPI, OWASP Java Encoder, etc.
• Consider funding security initiatives reviewing various open source projects and software frameworks in common use
• Connect leads of popular open source frameworks to OWASP community members willing to provide free appsec services, products, etc.
• Build a new website that is developer centric, pointing to key developers/secure coding projects and materials and other resources