This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit https://owasp.org
Difference between revisions of "What do you want OWASP to be"
From OWASP
(→Answers) |
|||
| Line 27: | Line 27: | ||
(Please add your local chapter and put your comments under your local chapter heading) | (Please add your local chapter and put your comments under your local chapter heading) | ||
| − | CHAPTERS | + | ===CHAPTERS=== |
NY/NJ Metro | NY/NJ Metro | ||
10/31 - Under membership and local chapter leaders review pending comment | 10/31 - Under membership and local chapter leaders review pending comment | ||
| + | |||
| + | Belgium | ||
| + | Nov-1 - Pending comments from Belgium mailing members and board members | ||
| + | |||
| + | ===PROJECTS=== | ||
| + | |||
| + | '''Education (Seba)''' | ||
| + | * I do not think OWASP is the right place to perform certifications. It makes us ‘lawmaker’ and judge at the same time. What OWASP could/should do is propose a certification scheme / criteria input for other parties. This is even a project: http://www.owasp.org/index.php/SpoC_007_-_The_OWASP_Web_Security_Certification_Framework ? | ||
| + | * Organization wise, I like the [http://www.apache.org/foundation/how-it-works.html http://www.apache.org/foundation/how-it-works.html]. The organization should not be the goal: it is there to support achieving the goals. My vote for Apache like organization: +1 | ||
| + | * OWASP has been driven by volunteers, who invest personal time: that is worth far more than a membership fee. Let’s keep this separated. | ||
| + | * Over-regulation kills creativity and scares volunteers away. We should keep it very easy for people to start new projects or new chapters. When the projects/chapters grow, the contributing people and project leader(s) can regulate themselves if it is necessary to guarantee continuity. By providing some practical how-to’s and working examples instead of rules, OWASP provides the framework for successful projects/chapters. | ||
| + | * Some projects and chapters will ‘die’: how do we detect this and make this visible? It should be clear for OWASP users/visitors what the project / chapter status is.Define a few measurable criteria that taken together provide a good insight in the project/chapter status. | ||
Revision as of 07:25, 1 November 2007
This page contains is a place holder for OWASP leader's responses to the following question:
Question
OWASP project leaders, chapter leaders and members, as it grows what do you want OWASP to become?
- A certifying and CBK type pseudo-company like (ISC)2?
- An open source project organized along the lines of Debian, Apache, or a similar group that owns a set of projects?
- Does OWASP want to certify apps, testers, both or none? (I've seen all POV advocated)
- Who will be required to pay what kind of dues, if any?
- How formal of an organization will OWASP become?
- Is the status quo preferable to the proposed change?
- Other?
For the newer members of this list, here are some pages which you might find interesting:
- About_OWASP
- How_OWASP_Works
- OWASP_brand_usage_rules
- Chapter_Rules
- Chapter_Leader_Handbook
- Category:Chapter_Resources
- Tutorial
- OWASP_Education_Presentation
Answers
(Please add your local chapter and put your comments under your local chapter heading)
CHAPTERS
NY/NJ Metro 10/31 - Under membership and local chapter leaders review pending comment
Belgium Nov-1 - Pending comments from Belgium mailing members and board members
PROJECTS
Education (Seba)
- I do not think OWASP is the right place to perform certifications. It makes us ‘lawmaker’ and judge at the same time. What OWASP could/should do is propose a certification scheme / criteria input for other parties. This is even a project: http://www.owasp.org/index.php/SpoC_007_-_The_OWASP_Web_Security_Certification_Framework ?
- Organization wise, I like the http://www.apache.org/foundation/how-it-works.html. The organization should not be the goal: it is there to support achieving the goals. My vote for Apache like organization: +1
- OWASP has been driven by volunteers, who invest personal time: that is worth far more than a membership fee. Let’s keep this separated.
- Over-regulation kills creativity and scares volunteers away. We should keep it very easy for people to start new projects or new chapters. When the projects/chapters grow, the contributing people and project leader(s) can regulate themselves if it is necessary to guarantee continuity. By providing some practical how-to’s and working examples instead of rules, OWASP provides the framework for successful projects/chapters.
- Some projects and chapters will ‘die’: how do we detect this and make this visible? It should be clear for OWASP users/visitors what the project / chapter status is.Define a few measurable criteria that taken together provide a good insight in the project/chapter status.
