[Owasp-board] FW: [Owasp-leaders] Chapter leader meeting at AppSec EU08

Jeff Williams jeff.williams at owasp.org
Mon Feb 11 22:20:36 UTC 2008


The trick is "done right".  Creating good surveys is quite difficult.  You
need to get professionals who know how to ask unbiased questions and design
the survey instrument so that you actually get what you wanted.  I don't
think it's a bad project - it would be great to have some hard data on
application security practices and numbers.

I'd like to find out exactly what Eoin's experience with the survey is...
 - who designed the instrument?
 - how much did the effort cost?
 - how much time did it take and how many people were involved?
 - how were participants recruited?
 - how much time was spent with each participant?
 - how much time was spend working with the data?
 - how were the results promoted?

--Jeff


-----Original Message-----
From: owasp-board-bounces at lists.owasp.org
[mailto:owasp-board-bounces at lists.owasp.org] On Behalf Of Dave Wichers
Sent: Monday, February 11, 2008 1:22 PM
To: 'OWASP Foundation Board List'
Subject: Re: [Owasp-board] FW: [Owasp-leaders] Chapter leader meeting at
AppSec EU08

I think this would be an interesting project if done right. Which board
member can offer to help? Tom??

-Dave

-----Original Message-----
From: owasp-board-bounces at lists.owasp.org
[mailto:owasp-board-bounces at lists.owasp.org] On Behalf Of Sebastien
Deleersnyder
Sent: Wednesday, February 06, 2008 3:10 PM
To: 'OWASP Foundation Board List'
Subject: [Owasp-board] FW: [Owasp-leaders] Chapter leader meeting at AppSec
EU08

Gents,

I suggest to give Eoin a GO for starting this up under supervision of one
board member?
There is some similarity with
http://www.owasp.org/index.php/SpoC_007_-_OWASP_Corporate_Application_Securi
ty_Rating_Guide 

If well managed and performed professionally this can provide us with
interesting material

Regards

Seba

-----Original Message-----
From: owasp-leaders-bounces at lists.owasp.org
[mailto:owasp-leaders-bounces at lists.owasp.org] On Behalf Of Eoin
Sent: woensdag 6 februari 2008 12:32
To: Matteo Meucci
Cc: OWASP Leaders
Subject: Re: [Owasp-leaders] Chapter leader meeting at AppSec EU08

Relating to issue 5,
I have been suggesting an OWASP Global survey since December which I
could run with. I have done them before for "big 4" companies so know
how to do it.

Check out the EY GISS for an example of a global survey but our survey
would be more web-app centric.

If The Board wish to proceed with a global survey please let me know.
The main issue is the questions to be asked which should be agreed
among the leaders of OWASP.

http://www.ey.com/global/content.nsf/International/Assurance_&_Advisory_-_Te
chnology_and_Security_Risk_-_Global_Information_Security_Survey_2007

ta ta,
Ek


On 06/02/2008, Matteo Meucci <matteo.meucci at gmail.com> wrote:
> Hi,
> we are organizing the Chapter leader meeting for the next AppSec EU08
> in Bruxell.
> Here is a draft of the agenda, please share your thought about it.
>
> We can begin with a short presentation, a snapshot of the OWASP
> Chapters activities: where we are now and where we want to go. Then we
> can discuss the following:
>
> 1) OWASP Days (Week) in your countries: a case of success? How many
> OWASP week should we organize in a year?
> 2) Affiliation: How many chapters are affiliate with ISACA, ISSA, ISC2
> and local InfoSecurity organizations? Is that important for the
> Chapter?
> 3) Articles: it is important to set up a team in your chapter
> dedicated writing article and news on local Security Magazine and
> e-zine?
> 4) Local security events: It is important that the local chapter
> should participate to the Security event in your country? For example
> InfoSecurity.
> 5) Survey: should we set up a local survey to interview the CSO of
> local about the adoption of OWASP Guidelines in they company? I think
> should be very interesting for OWASP to know how many companies adopt
> OWASP and also to know the Return of Security Investment (ROSI)
> related the implementation of security process in the Software
> Development LifeCycle (Secure Design, Threat Modeling, Code Review,
> Web Application Penetration Testing).
>
> What do you think about that?
> Who will be able to participate to the event?
>
> Thanks,
> Mat
>
>
> --
> Matteo Meucci
> OWASP-Italy Chair, CISSP, CISA
> http://www.owasp.org/index.php/Italy
> OWASP Testing Guide lead
> http://www.owasp.org/index.php/Testing_Guide
> _______________________________________________
> OWASP-Leaders mailing list
> OWASP-Leaders at lists.owasp.org
> https://lists.owasp.org/mailman/listinfo/owasp-leaders
>


-- 
Eoin Keary OWASP - Ireland
http://www.owasp.org/local/ireland.html
http://www.owasp.org/index.php/OWASP_Testing_Project
http://www.owasp.org/index.php/OWASP_Code_Review_Project
_______________________________________________
OWASP-Leaders mailing list
OWASP-Leaders at lists.owasp.org
https://lists.owasp.org/mailman/listinfo/owasp-leaders


-- 
No virus found in this incoming message.
Checked by AVG Free Edition. 
Version: 7.5.516 / Virus Database: 269.19.20/1262 - Release Date: 6/02/2008
9:13


_______________________________________________
Owasp-board mailing list
Owasp-board at lists.owasp.org
https://lists.owasp.org/mailman/listinfo/owasp-board


_______________________________________________
Owasp-board mailing list
Owasp-board at lists.owasp.org
https://lists.owasp.org/mailman/listinfo/owasp-board





More information about the Owasp-board mailing list