[Owasp-board] OWASP Global Application Security Survey (OGASS)

Eoin eoin.keary at owasp.org
Sun Sep 5 20:17:12 UTC 2010


Jeff,

Re: "Do you have someone involved who knows how to design a good survey
instrument?  There's a whole industry of survey design folks out there."

Yes as mentioned before questions are key in order to reflect what
information we are looking for, they can not be misinterpreted and also
easily tabulated to provide accurate statistic data.

"I'm no expert, but I do know that the selection and wording of the
questions
has to be done extremely carefully and tested before it is used if you want
to eliminate bias and obtain usable results."

*Again yes i agree, as mentioned, "devil is in the detail".*


On 3 September 2010 06:41, Jeff Williams <jeff.williams at owasp.org> wrote:

> Do you have someone involved who knows how to design a good survey
> instrument?  There's a whole industry of survey design folks out there.
>
> I'm no expert, but I do know that the selection and wording of the
> questions
> has to be done extremely carefully and tested before it is used if you want
> to eliminate bias and obtain usable results.
>
> --Jeff
>
>
> -----Original Message-----
> From: owasp-board-bounces at lists.owasp.org
> [mailto:owasp-board-bounces at lists.owasp.org] On Behalf Of Seba
> Sent: Monday, August 30, 2010 10:51 AM
> To: Eoin
> Cc: OWASP Foundation Board List
> Subject: Re: [Owasp-board] OWASP Global Application Security Survey (OGASS)
>
> Hi Eoin,
>
> I think this is great: I fully support it!
>
> I'd be happy to help out with any steps  and/or reviews: just shout
>
> --Seba
>
> On Mon, Aug 30, 2010 at 3:03 PM, Eoin <eoin.keary at owasp.org> wrote:
> > Hi,
> >
> > I had a call with David Campbell (Denver, FROC) and we have agreed to
> > develop a survey which shall rolled-out annually.
> > Objective of survey is to assess the industry as a whole.
> > It is also to measure OWASP's relevance to industry leaders, identify
> > strengths & weakness, Relevance of OWASP projects and OWASP as a
> resource.
> > (This is a scaled down version of the industry conference idea I
> presented
> > last December which did get much support.)
> >
> > The idea is:
> >
> > Deploy the OWASP survey to identified individuals in industry,
> collectively
> > we must have plenty of connections. The connections committee should help
> in
> > this also.
> >
> > Invitees shall be from industry verticals such as Software dev, FS,
> > Manufacturing, Govt, transport, energy etc. The Industry committee shall
> be
> > required to assist in identification of individuals also.
> > Challenge: Get enough responses such that we have a decent statistical
> > sample space. (We could reward respondees with free conference tickets??)
> >
> > The invite to partake shall be individualised in the form of an invite
> > letter (more impact than email) and posted to the individual. The request
> > for response shall not be perceived as spam if we do this. It would also
> be
> > recommended for OWASP leads to follow up with their contacts verbally
> once
> > they receive the invite.
> >
> > The survey can be undertaken on a hard copy document and posted to OWASP
> or
> > taken online.
> >
> > The topical areas have been defined with Dave and I (attached).
> > Challenge: To use multi choice questions for which tabulation of
> responses
> > is easier.
> >
> > We Hope to launch the first Survey by end of 2010 with results being
> > published in 2011
> >
> >
> > Next Steps:
> >
> > 1.Develop the survey questions which reflect what questions we would like
> > answered.
> > 2. Identify connections for which to send the survey invites.
> > 3. Develop template invite letter.
> > 4. Get funding from OWASP to post letters and set up Survey engine.
> > 5. Open survey window (normally 4-6 weeks)
> > 6. Tabulate response and publish results. "OWASP address industry
> concerns
> > press release" etc
> >
> > (Many of the steps above are based ob experience of the EY survey which
> has
> > been running in industry for 11 years and gets more that 3,800 responses
> > globally).
> >
> >
> > David, have I missed anything? David shall lead the project.
> >
> > thoughts/suggestions?
> >
> > Please respond.
> >
> > Eoin
> >
> >
> >
> >
> >
> >
> > --
> > Eoin Keary
> > OWASP Global Board Member
> > OWASP Code Review Guide Lead Author
> >
> > Sent from my i-Transmogrifier
> > http://asg.ie/
> > https://twitter.com/EoinKeary
> >
> > _______________________________________________
> > Owasp-board mailing list
> > Owasp-board at lists.owasp.org
> > https://lists.owasp.org/mailman/listinfo/owasp-board
> >
> >
> _______________________________________________
> Owasp-board mailing list
> Owasp-board at lists.owasp.org
> https://lists.owasp.org/mailman/listinfo/owasp-board
>
>


-- 
Eoin Keary
OWASP Global Board Member
OWASP Code Review Guide Lead Author

Sent from my i-Transmogrifier
http://asg.ie/
https://twitter.com/EoinKeary
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/owasp-board/attachments/20100905/018f95a6/attachment-0002.html>


More information about the Owasp-board mailing list