[Global_industry_committee] [Owasp-board] Industry Survey

Eoin eoin.keary at owasp.org
Thu Aug 18 18:16:33 EDT 2011


The longest email if have written in a while...... 
Jeff we talked about this over a year ago and you still maintain the same point, I respect that.
The survey in mind shall address the views of industry such that owasp can listen. The survey is not about what owasp want but what the respondents want. 
It's a good start and Rex has taken and ran with this. Only concern for me is GT riding the owasp wave, as this survey is for owasp to use in order to find focus and direction, core aspect of industry focus is to act on indicate concerns.
I believe the first draft of the survey needs to be reviewed to help ensure it is asking the right questions as the answers are easy, asking the right questions are hard. I don't believe GT should have control over the questions being asked for example. 
Can we agree to pit a little time aside to review the first draft of the survey such that the majority is happy with the level, direction, intended audience, amount of questions, coverage etc.

Eoin
 

On 18 Aug 2011, at 22:15, "Jeff Williams" <jeff.williams at owasp.org> wrote:

> Tom,
> 
>  
> 
> I like the idea of doing a survey and I think collaborating with a firm like GT is a good idea.  We’ve discussed the idea for years and I’ve raised the same questions every time.  I question whether we have the capability to produce a good survey instrument.  Survey design is considerably more difficult than writing down a few questions.  It’s a scientific experiment and it need careful design.
> 
>  
> 
> For this, I’d like to understand…
> 
>  
> 
> ·        What are the specific goals of the survey?
> 
> ·        What exactly is it that OWASP is trying to find out?
> 
>  
> 
> If OWASP is to be responsible for coming up with the questions, we need to follow some kind of process to derive survey questions that will specifically answer some interesting questions about our space.   It’s hard to create questions that both achieve our goals and is not biased in any way.
> 
>  
> 
> Personally I think a survey could help answer specific questions around:
> 
>  
> 
> ·        Standards that OWASP could produce
> 
> ·        How appsec budgets are divided across training, secure coding, verification, mgmt.
> 
> ·        Org structure around appsec roles
> 
> ·        Metrics used to report appsec to management
> 
> ·        Percentage of application portfolio regularly assessed in appsec verification program
> 
> ·        Percentage of Internal apps vs. external apps covered
> 
> ·        Use of standard application security controls
> 
> ·        Which OWASP projects are most useful
> 
>  
> 
> But there’s a lot of work to change these topics into specific experiments embodied in one or more survey questions.
> 
>  
> 
> --Jeff
> 
>  
> 
>  
> 
> From: owasp-board-bounces at lists.owasp.org [mailto:owasp-board-bounces at lists.owasp.org] On Behalf Of Tom Brennan
> Sent: Thursday, August 18, 2011 12:06 PM
> To: OWASP Foundation Board List
> Cc: Rex Booth; Michael Coates; Global_industry_committee; Rex Booth; committees-chairs at lists.owasp.org
> Subject: [Owasp-board] Industry Survey
> 
>  
> 
> Board,
> 
>  
> 
> After several months of discussions across global committees the attached has been submitted by Grant Thorton to conduct a collaborative industry study.   The agreement is attached for review and approval including citing reference for end result.
> 
>  
> 
> Please read and vote on your decision to support this effort in producing a collaboration document.  I suspect that we will likely see more of these types of agreements between business and OWASP to set a understanding as part of the growing ecosystem that wants to understand
> 
>  
> 
> After discussions with multiple parties since AppSecEU I support this and vote to approve this "project" effort.
> 
>  
> 
> Please review and vote YES/NO/ABSTAIN prior to the September Board meeting at AppSecUSA
> 
>  
> 
>  
> 
>  
> 
> _______________________________________________
> Global_industry_committee mailing list
> Global_industry_committee at lists.owasp.org
> https://lists.owasp.org/mailman/listinfo/global_industry_committee
-------------- next part --------------
An HTML attachment was scrubbed...
URL: https://lists.owasp.org/pipermail/global_industry_committee/attachments/20110818/c3f0034b/attachment-0001.html 


More information about the Global_industry_committee mailing list