[Owasp-board] Owasp mission

Jeff Williams jeff.williams at owasp.org
Tue Dec 19 20:28:52 UTC 2006


I'm open to coming up with a new mission.  Can we agree that this should be
a statement of our quest at the highest level?

 

I sort of agree that the "fight" is artificial.  But just like the "war" on
drugs, and the battle to cure cancer, fight against homelessness, and even
the war on terror, the analogy helps to get people motivated.

 

But I don't agree that the concept of insecure software is too abstract for
people to understand. I think everyone gets that.

 

In my opinion, the mission statement below is:

 - too long

 - too boring

 - too cautious

 - too technical

 - yawn.

 

I like to share this story about vision statements. A vision is a view of
the future the way you want it to be.  Bill Gates had a vision for
Microsoft, "a computer on every desktop". And over a decade or so, that
vision became reality.  My vision is a world with software you can trust.
We're a long way from achieving it, and I'm not entirely sure it's possible,
but I want OWASP's mission to be achieving that vision.

 

Now we need a really catchy way to say it.  This is a marketing problem, not
a technical one.  The right mission is the one that captures the imagination
of the people who might fund OWASP, join or run a chapter, or contribute to
OWASP's projects.

 

--Jeff

 

  _____  

From: owasp-board-bounces at lists.owasp.org
[mailto:owasp-board-bounces at lists.owasp.org] On Behalf Of Dinis Cruz
Sent: Monday, December 18, 2006 10:00 AM
To: owasp-board at lists.owasp.org
Subject: [Owasp-board] Owasp mission

 

A while ago we had as OWASP mission (in the home page I think) 

Enable organizations to develop, maintain, and purchase applications that
they can trust through the development of free, open, and unbiased
application security documentation, tools, chapters, and conferences.

Now we are back to 

The Open Web Application Security Project (OWASP) is dedicated to finding
and fighting the causes of insecure software. 

Which I don't realy like since it is framing what we do as a fight (which is
not) and uses the very abstract concept of 'insecure software'.

I know that 'trust' is also an subjective concept, but it is more related to
the real world which revolves around: trust, consequences and risk
mitigation. 

Can we agree on a Mission and Tag line for Owasp here? (note the page
http://www.owasp.org/index.php/About_The_Open_Web_Application_Security_Proje
ct has a variation of the first one)

Dinis Cruz
Chief OWASP Evangelist, Are you a member yet?
http://www.owasp.org 

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/owasp-board/attachments/20061219/d348e02d/attachment-0002.html>


More information about the Owasp-board mailing list