[Owasp-board] OWASP Global Application Security Survey (OGASS)

Eoin eoin.keary at owasp.org
Mon Aug 30 15:39:37 UTC 2010


FYI



On 30 August 2010 16:33, David Campbell <dcampbell at owasp.org> wrote:

> Eoin,
>
> That sums it up.  I'm OOTO the rest of this week but will get a wiki page
> sorted to track progress to date.
>
> DC
>
> p.s. I can't cc the board, afaik
>
>
>
>
> On 8/30/2010 7:03 AM, Eoin wrote:
>
> Hi,
>
> I had a call with David Campbell (Denver, FROC) and we have agreed to
> develop a survey which shall rolled-out annually.
> Objective of survey is to assess the industry as a whole.
> It is also to measure OWASP's relevance to industry leaders, identify
> strengths & weakness, Relevance of OWASP projects and OWASP as a resource.
> (This is a scaled down version of the industry conference idea I presented
> last December which did get much support.)
>
> The idea is:
>
> Deploy the OWASP survey to identified individuals in industry, collectively
> we must have plenty of connections. The connections committee should help in
> this also.
>
> Invitees shall be from industry verticals such as Software dev, FS,
> Manufacturing, Govt, transport, energy etc. The Industry committee shall be
> required to assist in identification of individuals also.
> *Challenge*: Get enough responses such that we have a decent statistical
> sample space. (We could reward respondees with free conference tickets??)
>
> The invite to partake shall be individualised in the form of an invite
> letter (more impact than email) and posted to the individual. The request
> for response shall not be perceived as spam if we do this. It would also be
> recommended for OWASP leads to follow up with their contacts verbally once
> they receive the invite.
>
> The survey can be undertaken on a hard copy document and posted to OWASP or
> taken online.
>
> The topical areas have been defined with Dave and I (attached).
> *Challenge:* To use multi choice questions for which tabulation of
> responses is easier.
>
> We Hope to launch the first Survey by end of 2010 with results being
> published in 2011
>
>
> *Next Steps:*
>
> 1.Develop the survey questions which reflect what questions we would like
> answered.
> 2. Identify connections for which to send the survey invites.
> 3. Develop template invite letter.
> 4. Get funding from OWASP to post letters and set up Survey engine.
> 5. Open survey window (normally 4-6 weeks)
> 6. Tabulate response and publish results. "OWASP address industry concerns
> press release" etc
>
> (Many of the steps above are based ob experience of the EY survey which has
> been running in industry for 11 years and gets more that 3,800 responses
> globally).
>
>
> David, have I missed anything? David shall lead the project.
>
> thoughts/suggestions?
>
> Please respond.
>
> Eoin
>
>
>
>
>
>
>
> --
> Eoin Keary
> OWASP Global Board Member
> OWASP Code Review Guide Lead Author
>
> Sent from my i-Transmogrifier
> http://asg.ie/
> https://twitter.com/EoinKeary
>
>


-- 
Eoin Keary
OWASP Global Board Member
OWASP Code Review Guide Lead Author

Sent from my i-Transmogrifier
http://asg.ie/
https://twitter.com/EoinKeary
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/owasp-board/attachments/20100830/b3242c28/attachment-0002.html>


More information about the Owasp-board mailing list