[Owasp-board] OWASP Global Application Security Survey (OGASS)

Eoin eoin.keary at owasp.org
Mon Aug 30 13:03:55 UTC 2010


Hi,

I had a call with David Campbell (Denver, FROC) and we have agreed to
develop a survey which shall rolled-out annually.
Objective of survey is to assess the industry as a whole.
It is also to measure OWASP's relevance to industry leaders, identify
strengths & weakness, Relevance of OWASP projects and OWASP as a resource.
(This is a scaled down version of the industry conference idea I presented
last December which did get much support.)

The idea is:

Deploy the OWASP survey to identified individuals in industry, collectively
we must have plenty of connections. The connections committee should help in
this also.

Invitees shall be from industry verticals such as Software dev, FS,
Manufacturing, Govt, transport, energy etc. The Industry committee shall be
required to assist in identification of individuals also.
*Challenge*: Get enough responses such that we have a decent statistical
sample space. (We could reward respondees with free conference tickets??)

The invite to partake shall be individualised in the form of an invite
letter (more impact than email) and posted to the individual. The request
for response shall not be perceived as spam if we do this. It would also be
recommended for OWASP leads to follow up with their contacts verbally once
they receive the invite.

The survey can be undertaken on a hard copy document and posted to OWASP or
taken online.

The topical areas have been defined with Dave and I (attached).
*Challenge:* To use multi choice questions for which tabulation of responses
is easier.

We Hope to launch the first Survey by end of 2010 with results being
published in 2011


*Next Steps:*

1.Develop the survey questions which reflect what questions we would like
answered.
2. Identify connections for which to send the survey invites.
3. Develop template invite letter.
4. Get funding from OWASP to post letters and set up Survey engine.
5. Open survey window (normally 4-6 weeks)
6. Tabulate response and publish results. "OWASP address industry concerns
press release" etc

(Many of the steps above are based ob experience of the EY survey which has
been running in industry for 11 years and gets more that 3,800 responses
globally).


David, have I missed anything? David shall lead the project.

thoughts/suggestions?

Please respond.

Eoin







-- 
Eoin Keary
OWASP Global Board Member
OWASP Code Review Guide Lead Author

Sent from my i-Transmogrifier
http://asg.ie/
https://twitter.com/EoinKeary
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/owasp-board/attachments/20100830/72e32bd0/attachment-0002.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: OWASP Questionairre.docx
Type: application/vnd.openxmlformats-officedocument.wordprocessingml.document
Size: 12458 bytes
Desc: not available
URL: <http://lists.owasp.org/pipermail/owasp-board/attachments/20100830/72e32bd0/attachment.docx>


More information about the Owasp-board mailing list