[Owasp-board] AppSec DC presentation - pick your topic now
jeff.williams at owasp.org
Mon Nov 8 01:14:01 UTC 2010
Thanks Dave. Anyone else have ideas, topics, metrics, etc. that we should
announce? I'm starting to get these organized into a few key messages.. We
have two days to get this hammered out and assigned to board members.
Send me your topic ideas right away! Let me know which area you want to
Who is going to attend? Do I have this right?
Attending: Dave, Jeff, Tom, Seba, Matt
Not attending: Dinis, Eoin
. OWASP is getting outside the choir and reaching developers!
o Recent articles in developer press
o Samy's tour results!
o College chapters program
. OWASP knowledgebase is continuing to evolve
o New Risk-Based OWASP T10
o New testing guide and code review guide this year aligned to OWASP
o New secure coding guideline
. OWASP ecosystems are blossoming
o New ecosystems around technologies (PythonSecurity.org)
o New mobile group just getting started
o OWASP facilitating browser security with Mozilla
o Dozens of contributors now working on ESAPI in various languages
. OWASP membership is growing
o Lots of new corporate members (Mozilla, Microsoft, Oracle, IBM, HP,
Amazon, Adobe, and Symantec)
o People are joining as a way to demonstrate their commitment to appsec to
staff and customers
o <Insert subtle advertisement here>
. OWASP is continuing to innovate
o New ESAPI project to build a "Coherent Web Policy Framework"
From: Dave Wichers [mailto:dave.wichers at owasp.org]
Sent: Saturday, November 06, 2010 3:54 PM
To: 'Jeff Williams'; 'OWASP Foundation Board List'
Subject: RE: [Owasp-board] AppSec DC presentation - pick your topic now
I think talking about actual stats from the ESAPI and the new Python
Security Ecosystems would be interesting. # of contributors, # of languages,
I think the new college chapters program should be mentioned. Have any been
We've hired a person to help with OWASP Training - so we should announce
that and talk about the plan for a training road show.
Seems like we are at least starting to building relationships with the
browser vendors like Mozilla. Mozilla, Microsoft, Oracle, IBM, HP, Amazon,
Adobe, and Symantec are all now sponsors. That seems to say something right
there. Do we have any real success stories related to actually changing
security in widely used technologies which help the entire world? If we
don't I really wish we did. Seems like we should dust off/promote the
Intrinsic Security Working Group.
Seems like there is A LOT more OWASP activity going on now even without the
seasons of code as an impetus. Can we measure/talk about that in some way?
From: owasp-board-bounces at lists.owasp.org
[mailto:owasp-board-bounces at lists.owasp.org] On Behalf Of Jeff Williams
Sent: Friday, October 29, 2010 6:07 PM
To: 'OWASP Foundation Board List'
Subject: [Owasp-board] AppSec DC presentation - pick your topic now
We have 30 minutes at the beginning of the conference to talk from the Board
perspective. I do not want to do a monologue this year. So I would like
some proposals of topics or messages that *we* will present during this
Anything boring will start the conference off with a fizzle. I want to
highlight OWASP successes around the world. Some possible ideas.
. Samy's tour results!
. OWASP in China highlights
. A few statistics about our best stuff
. A few key new members (Oracle, JPMC, .)
. Our key focus areas for 2011
Everyone on the board will present for a STRICT 5 minutes - no monologuing.
Send me your top few ideas for topics you would like to cover and I'll work
out the agenda. Any boring topics will be nuked.
Remember the point of this time is to get people excited and proud to be a
member of the OWASP Ecosystem.
Jeff Williams, CEO
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Owasp-board