[Owasp-board] OWASP Global Application Security Survey (OGASS)

Seba seba at owasp.org
Mon Aug 30 14:51:28 UTC 2010


Hi Eoin,

I think this is great: I fully support it!

I'd be happy to help out with any steps  and/or reviews: just shout

--Seba

On Mon, Aug 30, 2010 at 3:03 PM, Eoin <eoin.keary at owasp.org> wrote:
> Hi,
>
> I had a call with David Campbell (Denver, FROC) and we have agreed to
> develop a survey which shall rolled-out annually.
> Objective of survey is to assess the industry as a whole.
> It is also to measure OWASP's relevance to industry leaders, identify
> strengths & weakness, Relevance of OWASP projects and OWASP as a resource.
> (This is a scaled down version of the industry conference idea I presented
> last December which did get much support.)
>
> The idea is:
>
> Deploy the OWASP survey to identified individuals in industry, collectively
> we must have plenty of connections. The connections committee should help in
> this also.
>
> Invitees shall be from industry verticals such as Software dev, FS,
> Manufacturing, Govt, transport, energy etc. The Industry committee shall be
> required to assist in identification of individuals also.
> Challenge: Get enough responses such that we have a decent statistical
> sample space. (We could reward respondees with free conference tickets??)
>
> The invite to partake shall be individualised in the form of an invite
> letter (more impact than email) and posted to the individual. The request
> for response shall not be perceived as spam if we do this. It would also be
> recommended for OWASP leads to follow up with their contacts verbally once
> they receive the invite.
>
> The survey can be undertaken on a hard copy document and posted to OWASP or
> taken online.
>
> The topical areas have been defined with Dave and I (attached).
> Challenge: To use multi choice questions for which tabulation of responses
> is easier.
>
> We Hope to launch the first Survey by end of 2010 with results being
> published in 2011
>
>
> Next Steps:
>
> 1.Develop the survey questions which reflect what questions we would like
> answered.
> 2. Identify connections for which to send the survey invites.
> 3. Develop template invite letter.
> 4. Get funding from OWASP to post letters and set up Survey engine.
> 5. Open survey window (normally 4-6 weeks)
> 6. Tabulate response and publish results. "OWASP address industry concerns
> press release" etc
>
> (Many of the steps above are based ob experience of the EY survey which has
> been running in industry for 11 years and gets more that 3,800 responses
> globally).
>
>
> David, have I missed anything? David shall lead the project.
>
> thoughts/suggestions?
>
> Please respond.
>
> Eoin
>
>
>
>
>
>
> --
> Eoin Keary
> OWASP Global Board Member
> OWASP Code Review Guide Lead Author
>
> Sent from my i-Transmogrifier
> http://asg.ie/
> https://twitter.com/EoinKeary
>
> _______________________________________________
> Owasp-board mailing list
> Owasp-board at lists.owasp.org
> https://lists.owasp.org/mailman/listinfo/owasp-board
>
>



More information about the Owasp-board mailing list