[Owasp-board] Strawman OWASP vision and mission

Jeff Williams jeff.williams at owasp.org
Wed Jul 8 04:04:45 UTC 2009


As discussed on the phone today, here is a strawman writeup of our VISION
and MISSION.  Comments are encouraged!

 

=======================================

 

OWASP vision is how we expect the world to be in 3, 5, or 10 years.  The
mission is how we will get there.

 

VISION: OWASP's vision is a world where it is possible for people to
understand the risks they are taking when they use software. In this world,
market forces drive the need for application security, not liability,
regulation, or compliance. In this world, software producers will want to
explain the security of their applications, how they were developed, and how
security was verified as a market differentiator.  Organizations will
produce this assurance as a normal part of software development, balancing
their efforts across preparing, developing, verifying, and managing
application security.  To achieve this, developers, architects, and business
owners will also have to work side-by-side with security people to ensure
that proper security controls are in place. 

 

MISSION: Change the software market to one where application security is
visible

 

.         Bootstrap and encourage the introduction of application security
into the software market

.         Raise awareness of application security to the point where every
developer, manager, architect, and end-user knows the basics

.         Make the fundamental tools of application security free and open
for everyone

.         Create an unparalleled constantly evolving application security
knowledgebase

.         Help organizations understand the assurance people need, how to
build it, and how to communicate it

.         Perform groundbreaking research in ways to achieve application
security cheaper, better, and faster

.         Establish standards for everything in application security
(people, processes, technologies, services)

.         Invent new ways to capture, visualize, and explain application
security to software consumers

.         Build a community of application security researchers to advance
the state of the art

.         Evaluate new technologies to understand what security they provide
and what is left to developers

.         Help framework developers include security controls and make them
easy to use

.         Provide support and incubation for technologies that deserve to be
experimented with

 

 

--Jeff

 

 

 

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/owasp-board/attachments/20090708/10cd6bf2/attachment-0002.html>


More information about the Owasp-board mailing list