[Owasp-board] OWASP Global Application Security Survey (OGASS)

Matt Tesauro matt.tesauro at owasp.org
Sat Sep 4 21:18:08 UTC 2010


Eoin,

This is perfect.  We can't expect to have any accuracy in meeting 
industry needs if we don't at least ask.  OWASP may be vendor neutral 
but that doesn't mean we ignore or are hostile to industry.

I fully support this idea.  Let me know when and where I can help.

--
-- Matt Tesauro
OWASP Board Member
OWASP Live CD Project Lead
http://www.owasp.org/index.php/Category:OWASP_Live_CD_Project
http://AppSecLive.org - Community and Download site

On 8/30/10 8:03 AM, Eoin wrote:
> Hi,
> I had a call with David Campbell (Denver, FROC) and we have agreed to
> develop a survey which shall rolled-out annually.
> Objective of survey is to assess the industry as a whole.
> It is also to measure OWASP's relevance to industry leaders, identify
> strengths & weakness, Relevance of OWASP projects and OWASP as a resource.
> (This is a scaled down version of the industry conference idea I
> presented last December which did get much support.)
> The idea is:
> Deploy the OWASP survey to identified individuals in industry,
> collectively we must have plenty of connections. The connections
> committee should help in this also.
> Invitees shall be from industry verticals such as Software dev, FS,
> Manufacturing, Govt, transport, energy etc. The Industry committee shall
> be required to assist in identification of individuals also.
> *Challenge*: Get enough responses such that we have a decent statistical
> sample space. (We could reward respondees with free conference tickets??)
> The invite to partake shall be individualised in the form of an invite
> letter (more impact than email) and posted to the individual. The
> request for response shall not be perceived as spam if we do this. It
> would also be recommended for OWASP leads to follow up with their
> contacts verbally once they receive the invite.
> The survey can be undertaken on a hard copy document and posted to OWASP
> or taken online.
> The topical areas have been defined with Dave and I (attached).
> *Challenge:* To use multi choice questions for which tabulation of
> responses is easier.
> We Hope to launch the first Survey by end of 2010 with results being
> published in 2011
> *Next Steps:*
> 1.Develop the survey questions which reflect what questions we would
> like answered.
> 2. Identify connections for which to send the survey invites.
> 3. Develop template invite letter.
> 4. Get funding from OWASP to post letters and set up Survey engine.
> 5. Open survey window (normally 4-6 weeks)
> 6. Tabulate response and publish results. "OWASP address industry
> concerns press release" etc
> (Many of the steps above are based ob experience of the EY survey which
> has been running in industry for 11 years and gets more that 3,800
> responses globally).
> David, have I missed anything? David shall lead the project.
> thoughts/suggestions?
> Please respond.
> Eoin
>
>
> --
> Eoin Keary
> OWASP Global Board Member
> OWASP Code Review Guide Lead Author
>
> Sent from my i-Transmogrifier
> http://asg.ie/
> https://twitter.com/EoinKeary
>
>
>
> _______________________________________________
> Owasp-board mailing list
> Owasp-board at lists.owasp.org
> https://lists.owasp.org/mailman/listinfo/owasp-board





More information about the Owasp-board mailing list