This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit https://owasp.org

Difference between revisions of "What do you want OWASP to be"

From OWASP
Jump to: navigation, search
(Answers)
(CHAPTERS)
Line 34: Line 34:
 
Belgium
 
Belgium
 
Nov-1 - Pending comments from Belgium mailing members and board members
 
Nov-1 - Pending comments from Belgium mailing members and board members
 +
 +
Helsinki, Finland
 +
Nov-1 - Waiting for comments from mailing list members
  
 
===PROJECTS===
 
===PROJECTS===

Revision as of 11:45, 1 November 2007

This page contains is a place holder for OWASP leader's responses to the following question:

Question

OWASP project leaders, chapter leaders and members, as it grows what do you want OWASP to become?

  • A certifying and CBK type pseudo-company like (ISC)2?
  • An open source project organized along the lines of Debian, Apache, or a similar group that owns a set of projects?
  • Does OWASP want to certify apps, testers, both or none? (I've seen all POV advocated)
  • Who will be required to pay what kind of dues, if any?
  • How formal of an organization will OWASP become?
  • Is the status quo preferable to the proposed change?
  • Other?

For the newer members of this list, here are some pages which you might find interesting:

Answers

(Please add your local chapter and put your comments under your local chapter heading)

CHAPTERS

NY/NJ Metro 10/31 - Under membership and local chapter leaders review pending comment

Belgium Nov-1 - Pending comments from Belgium mailing members and board members

Helsinki, Finland Nov-1 - Waiting for comments from mailing list members

PROJECTS

Education (Seba)

  • I do not think OWASP is the right place to perform certifications. It makes us ‘lawmaker’ and judge at the same time. What OWASP could/should do is propose a certification scheme / criteria input for other parties. This is even a project: http://www.owasp.org/index.php/SpoC_007_-_The_OWASP_Web_Security_Certification_Framework ?
  • Organization wise, I like the http://www.apache.org/foundation/how-it-works.html. The organization should not be the goal: it is there to support achieving the goals. My vote for Apache like organization: +1
  • OWASP has been driven by volunteers, who invest personal time: that is worth far more than a membership fee. Let’s keep this separated.
  • Over-regulation kills creativity and scares volunteers away. We should keep it very easy for people to start new projects or new chapters. When the projects/chapters grow, the contributing people and project leader(s) can regulate themselves if it is necessary to guarantee continuity. By providing some practical how-to’s and working examples instead of rules, OWASP provides the framework for successful projects/chapters.
  • Some projects and chapters will ‘die’: how do we detect this and make this visible? It should be clear for OWASP users/visitors what the project / chapter status is.Define a few measurable criteria that taken together provide a good insight in the project/chapter status.