[Owasp-board] Owasp mission

Jeff Williams jeff.williams at owasp.org
Wed Dec 20 15:13:58 UTC 2006

I think that's a bit strong actually, especially for a not for profit


Try this. http://www.google.com/search?q=foundation+%22dedicated+to%22


People need a snappy little catch-phrase to help them quickly know what
OWASP does and keep their eye on the ball of what we're trying to achieve.



From: Andrew van der Stock [mailto:vanderaj at owasp.org] 
Sent: Wednesday, December 20, 2006 9:10 AM
To: jeff.williams at owasp.org
Cc: owasp-board at lists.owasp.org
Subject: Re: [Owasp-board] Owasp mission


Mission statements are exactly like bullshit bingo. My favorite mission
statement generator is here:




It produces mission statements at least as good as most and more meaningful.
A typical example:


We exist to proactively leverage other's interdependent resources


Unless it's short and snappy and to the point re: OWASP, I'd prefer not to
have one at all. 





On 19/12/2006, at 4:10 PM, Jeff Williams wrote:

I'm open to coming up with a new mission.  Can we agree that this should be
a statement of our quest at the highest level?


I sort of agree that the "fight" is artificial.  But just like the "war" on
drugs, and the battle to cure cancer, fight against homelessness, and even
the war on terror, the analogy helps to get people motivated.


But I don't agree that the concept of insecure software is too abstract for
people to understand. I think everyone gets that.


In my opinion, the mission statement below is:

 - too long

 - too boring

 - too cautious

 - too technical

 - yawn.


I like this story about vision statements. A vision is a view of the future
the way you want it to be.  Bill Gates had a vision for Microsoft, "a
computer on every desktop". And over a decade or so, that vision became
reality.  My vision is a world with software you can trust.  We're a long
way from achieving it, and I'm not entirely sure it's possible, but I want
OWASP's mission to be achieving that vision.


Now we need a really catchy way to say it.  This is a marketing problem, not
a technical one.  The right mission is the one that captures the imagination
of the people who might fund OWASP, join or run a chapter, or contribute to
OWASP's projects.





From: owasp-board-bounces at lists.owasp.org
[mailto:owasp-board-bounces at lists.owasp.org] On Behalf Of Dinis Cruz
Sent: Monday, December 18, 2006 10:00 AM
To: owasp-board at lists.owasp.org
Subject: [Owasp-board] Owasp mission


A while ago we had as OWASP mission (in the home page I think) 

Enable organizations to develop, maintain, and purchase applications that
they can trust through the development of free, open, and unbiased
application security documentation, tools, chapters, and conferences.

Now we are back to 

The Open Web Application Security Project (OWASP) is dedicated to finding
and fighting the causes of insecure software. 

Which I don't realy like since it is framing what we do as a fight (which is
not) and uses the very abstract concept of 'insecure software'.

I know that 'trust' is also an subjective concept, but it is more related to
the real world which revolves around: trust, consequences and risk

Can we agree on a Mission and Tag line for Owasp here? (note the page
ct has a variation of the first one)

Dinis Cruz
Chief OWASP Evangelist, Are you a member yet?


Owasp-board mailing list

Owasp-board at lists.owasp.org



-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/owasp-board/attachments/20061220/6fc5c42d/attachment-0002.html>

More information about the Owasp-board mailing list