[Owasp-board] OWASP Global Application Security Survey (OGASS)

Jeff Williams jeff.williams at owasp.org
Fri Sep 3 05:41:46 UTC 2010

Do you have someone involved who knows how to design a good survey
instrument?  There's a whole industry of survey design folks out there.

I'm no expert, but I do know that the selection and wording of the questions
has to be done extremely carefully and tested before it is used if you want
to eliminate bias and obtain usable results.


-----Original Message-----
From: owasp-board-bounces at lists.owasp.org
[mailto:owasp-board-bounces at lists.owasp.org] On Behalf Of Seba
Sent: Monday, August 30, 2010 10:51 AM
To: Eoin
Cc: OWASP Foundation Board List
Subject: Re: [Owasp-board] OWASP Global Application Security Survey (OGASS)

Hi Eoin,

I think this is great: I fully support it!

I'd be happy to help out with any steps  and/or reviews: just shout


On Mon, Aug 30, 2010 at 3:03 PM, Eoin <eoin.keary at owasp.org> wrote:
> Hi,
> I had a call with David Campbell (Denver, FROC) and we have agreed to
> develop a survey which shall rolled-out annually.
> Objective of survey is to assess the industry as a whole.
> It is also to measure OWASP's relevance to industry leaders, identify
> strengths & weakness, Relevance of OWASP projects and OWASP as a resource.
> (This is a scaled down version of the industry conference idea I presented
> last December which did get much support.)
> The idea is:
> Deploy the OWASP survey to identified individuals in industry,
> we must have plenty of connections. The connections committee should help
> this also.
> Invitees shall be from industry verticals such as Software dev, FS,
> Manufacturing, Govt, transport, energy etc. The Industry committee shall
> required to assist in identification of individuals also.
> Challenge: Get enough responses such that we have a decent statistical
> sample space. (We could reward respondees with free conference tickets??)
> The invite to partake shall be individualised in the form of an invite
> letter (more impact than email) and posted to the individual. The request
> for response shall not be perceived as spam if we do this. It would also
> recommended for OWASP leads to follow up with their contacts verbally once
> they receive the invite.
> The survey can be undertaken on a hard copy document and posted to OWASP
> taken online.
> The topical areas have been defined with Dave and I (attached).
> Challenge: To use multi choice questions for which tabulation of responses
> is easier.
> We Hope to launch the first Survey by end of 2010 with results being
> published in 2011
> Next Steps:
> 1.Develop the survey questions which reflect what questions we would like
> answered.
> 2. Identify connections for which to send the survey invites.
> 3. Develop template invite letter.
> 4. Get funding from OWASP to post letters and set up Survey engine.
> 5. Open survey window (normally 4-6 weeks)
> 6. Tabulate response and publish results. "OWASP address industry concerns
> press release" etc
> (Many of the steps above are based ob experience of the EY survey which
> been running in industry for 11 years and gets more that 3,800 responses
> globally).
> David, have I missed anything? David shall lead the project.
> thoughts/suggestions?
> Please respond.
> Eoin
> --
> Eoin Keary
> OWASP Global Board Member
> OWASP Code Review Guide Lead Author
> Sent from my i-Transmogrifier
> http://asg.ie/
> https://twitter.com/EoinKeary
> _______________________________________________
> Owasp-board mailing list
> Owasp-board at lists.owasp.org
> https://lists.owasp.org/mailman/listinfo/owasp-board
Owasp-board mailing list
Owasp-board at lists.owasp.org

More information about the Owasp-board mailing list