[Owasp-board] FW: [Owasp-leaders] Creating OWASP 4.0!

Kate Hartmann kate.hartmann at owasp.org
Thu Dec 9 16:13:12 UTC 2010


Board, I'm not quite sure where to direct Dean and his inquiry.

 

Kate Hartmann

Operations Director

301-275-9403

 <http://www.owasp.org/> www.owasp.org 

Skype:  Kate.hartmann1

 

From: Dean Bushmiller [mailto:dean.bushmiller at training411.com] 
Sent: Thursday, December 09, 2010 9:25 AM
To: 'Kate Hartmann'
Subject: RE: [Owasp-leaders] Creating OWASP 4.0!

 

Kate,

I have heard the reasons 

I think I understand the reasons

Everybody is all wrapped around the open source requirements are in conflict
with keeping testing questions open argument.

If we change from the traditional way of thinking about certification
"testing" then we can build open source testing that works.

It will not be easy to start but the income and the proliferation of the
OWASP message will be well worth it.

 

I am in the training / certification industry and I see a real hole in the
vendor neutral certification space that OWASP could fill.

 

I also see how bad the organizations can lose to the for-profit vultures if
they do not protect themselves.

 

. with freedom, responsibility and security for all,

 

Dean Bushmiller

CISSP+15

443-865-3265

Preventing the deer-in-headlights-look

 

From: Kate Hartmann [mailto:kate.hartmann at owasp.org] 
Sent: Thursday, December 09, 2010 7:23 AM
To: 'Dean Bushmiller'
Subject: RE: [Owasp-leaders] Creating OWASP 4.0!

 

Dean, you are always welcome to send an email directly to the board or to
your local chapter leader.

 

I can tell you that the OWASP certification topic surfaces about every 6
months and it has always been voted down by the community for various
reasons.  

 

Kate Hartmann

Operations Director

301-275-9403

www.owasp.org <http://www.owasp.org/>  

Skype:  Kate.hartmann1

 

From: Dean Bushmiller [mailto:dean.bushmiller at training411.com] 
Sent: Thursday, December 09, 2010 7:22 AM
To: 'Kate Hartmann'
Subject: RE: [Owasp-leaders] Creating OWASP 4.0!

 

How do we add a topic for discussion?

I would like to offer ideas on OWASP certification.

I know many have said it will never work, but I think we need to shift how
we view the problem.

 

. with freedom, responsibility and security for all,

 

Dean Bushmiller

CISSP+15

443-865-3265

Preventing the deer-in-headlights-look

 

From: owasp-all-bounces at lists.owasp.org
[mailto:owasp-all-bounces at lists.owasp.org] On Behalf Of Kate Hartmann
Sent: Wednesday, December 08, 2010 6:55 AM
To: owasp-all at lists.owasp.org
Subject: FW: [Owasp-leaders] Creating OWASP 4.0!

 

OWASP Community, 

 

Please take note of Jeff William's post below.  His message was originally
sent to the OWASP-Leader's list, but is applicable to everyone.

 

Thank you.

 

Kate Hartmann

Operations Director

301-275-9403

www.owasp.org <http://www.owasp.org/>  

Skype:  Kate.hartmann1

 

From: owasp-leaders-bounces at lists.owasp.org
[mailto:owasp-leaders-bounces at lists.owasp.org] On Behalf Of Jeff Williams
Sent: Tuesday, December 07, 2010 11:37 PM
To: owasp-leaders at lists.owasp.org
Subject: [Owasp-leaders] Creating OWASP 4.0!

 

Hi everyone,

 

In my mind, OWASP 1.0 was pre-wiki with lots of great work and a less great
infrastructure.  OWASP 2.0 was establishing the 501c3, putting in the wiki,
and getting lots of great projects started. OWASP 3.0 started with the
Summit in Portugal when we created the new committees and has focused on
creating thriving projects instead of standalone tools.  Thank you for all
of your efforts growing a fun, civil, productive community.

 

I reach out to you now to ask you to take some time and think about what
OWASP should become.  The time has come to measure our success not by the
number of members, projects, and conferences, but by whether we are
succeeding at making the world's software more secure. It's time to get our
message and strategy to the next level.

 

HELP DESIGN OWASP 4.0 IN PORTUGAL AT THE SUMMIT!

 

If you consider yourself an OWASP Leader, won't you take a few minutes of
quiet time and propose a few ideas for how OWASP can retool, reorganize,
refocus, and revamp itself to really achieve our mission?  We will rip, mix,
and burn these ideas into a new strategy for OWASP at the Portugal Summit.
I encourage you to check out the resort and all the plans happening right
now at http://www.owasp.org/index.php/Summit_2011. 

 

Here are some ideas to get you started.

 

.         We bootstrap several application security ecosystems around key
technologies like mobile, cloud, REST

.         We reach out to governments around the world to help them push for
application security

.         We raise money to fund real security enhancements to tools,
browsers, protocols (e.g. OpenSSL)

.         We make the OWASP materials more usable by providing a "user" site
and keep the wiki for development

.         We invest in marketing AppSec - How do we scale David Rice and the
"greening" of AppSec

.         We continue our education initiative - academies, college
chapters, videos, curriculum

.         We continue our browser initiative and do whatever it takes to get
the browsers and frameworks talking

.         We invest in getting in front of new technologies like HTML5

.         We launch a no-holds barred XSS eradication campaign

.         We create a set of objective AppSec *market* metrics that quantify
the state of our art

.         We continue to push on creating standards

.         ???

 

We need your ideas NOW.  Get yourself on the list!

 

http://www.owasp.org/index.php/Summit_2011#tab=Summit_Attendees 

 

In one week of thinking, arguing, coding, hacking, and writing we are going
to accomplish more than the rest of the world's appsec efforts combined.
We'll see you in Portugal ready to rock.  Thanks!

 

--Jeff

 

 

No virus found in this incoming message.
Checked by AVG - www.avg.com
Version: 9.0.872 / Virus Database: 271.1.1/3304 - Release Date: 12/08/10
01:34:00

No virus found in this incoming message.
Checked by AVG - www.avg.com
Version: 9.0.872 / Virus Database: 271.1.1/3304 - Release Date: 12/08/10
01:34:00

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/owasp-board/attachments/20101209/f3162cdf/attachment-0002.html>


More information about the Owasp-board mailing list