This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit https://owasp.org
Difference between revisions of "What do you want OWASP to be"
(→Answers) |
(→CHAPTERS) |
||
Line 34: | Line 34: | ||
Belgium | Belgium | ||
Nov-1 - Pending comments from Belgium mailing members and board members | Nov-1 - Pending comments from Belgium mailing members and board members | ||
+ | |||
+ | Helsinki, Finland | ||
+ | Nov-1 - Waiting for comments from mailing list members | ||
===PROJECTS=== | ===PROJECTS=== |
Revision as of 11:45, 1 November 2007
This page contains is a place holder for OWASP leader's responses to the following question:
Question
OWASP project leaders, chapter leaders and members, as it grows what do you want OWASP to become?
- A certifying and CBK type pseudo-company like (ISC)2?
- An open source project organized along the lines of Debian, Apache, or a similar group that owns a set of projects?
- Does OWASP want to certify apps, testers, both or none? (I've seen all POV advocated)
- Who will be required to pay what kind of dues, if any?
- How formal of an organization will OWASP become?
- Is the status quo preferable to the proposed change?
- Other?
For the newer members of this list, here are some pages which you might find interesting:
- About_OWASP
- How_OWASP_Works
- OWASP_brand_usage_rules
- Chapter_Rules
- Chapter_Leader_Handbook
- Category:Chapter_Resources
- Tutorial
- OWASP_Education_Presentation
Answers
(Please add your local chapter and put your comments under your local chapter heading)
CHAPTERS
NY/NJ Metro 10/31 - Under membership and local chapter leaders review pending comment
Belgium Nov-1 - Pending comments from Belgium mailing members and board members
Helsinki, Finland Nov-1 - Waiting for comments from mailing list members
PROJECTS
Education (Seba)
- I do not think OWASP is the right place to perform certifications. It makes us ‘lawmaker’ and judge at the same time. What OWASP could/should do is propose a certification scheme / criteria input for other parties. This is even a project: http://www.owasp.org/index.php/SpoC_007_-_The_OWASP_Web_Security_Certification_Framework ?
- Organization wise, I like the http://www.apache.org/foundation/how-it-works.html. The organization should not be the goal: it is there to support achieving the goals. My vote for Apache like organization: +1
- OWASP has been driven by volunteers, who invest personal time: that is worth far more than a membership fee. Let’s keep this separated.
- Over-regulation kills creativity and scares volunteers away. We should keep it very easy for people to start new projects or new chapters. When the projects/chapters grow, the contributing people and project leader(s) can regulate themselves if it is necessary to guarantee continuity. By providing some practical how-to’s and working examples instead of rules, OWASP provides the framework for successful projects/chapters.
- Some projects and chapters will ‘die’: how do we detect this and make this visible? It should be clear for OWASP users/visitors what the project / chapter status is.Define a few measurable criteria that taken together provide a good insight in the project/chapter status.