[Owasp-board] Draft - OWASP Strategic Goals

Thomas Brennan tomb at owasp.org
Fri Nov 4 12:44:23 UTC 2011


Build, Expand, Grow (of course)

I prefer a milestone/metric in addition to big statements but these three are a good start for the exercise/discussion.

For quick wins with measurable operational impact to the organization I want to know from each employee/contractors that report to the board the top 3 areas of improvement.

Larry
1
2
3

Kelly
1
2
3

Sara
1
2
3

Kate
1
2
3


These are not typically items a "volunteer committee" can solve, they are under the covers operational issues as seen from the eyes of folks that deal with obstacles each day in getting the job done  (and we have many from accounting to system administration) not seen that need attention funding and dedicated efforts. Personally I dedicate 10hrs per week to OWASP to take hands on action on defined problems kudos to my current employer that values volunteer community efforts.

The 
 

On Nov 4, 2011, at 5:34 AM, Eoin <eoin.keary at owasp.org> wrote:

> I have nothing to add.
> It think it's a good start.
> Need to align. Committee goals to it ASAP.
> 
> 
> 
> 
> 
> On 3 Nov 2011, at 21:08, Michael Coates <michael.coates at owasp.org> wrote:
> 
>> Are there any final thoughts on the strategic goals? Are we ready to vote and finalize?  This document has been available for review for the past 2 weeks. I've seen some feedback from Seba and Dave.  I'd really like this finalized so we can have a breakdown of committee goals with alignment to strategic goals is available for Monday's meeting.
>> 
>> 
>> Here is the current wording:
>> 
>> Initial Strategic Goals For Discussion
>>   • Build the OWASP Platform - Create the processes, resources, and tools to enable volunteers to quickly join and contribute to OWASP in the areas of projects, chapters, and conferences
>> 
>>   • Expand Communication Channels - Establish effective communication channels into developer groups, universities, and industry groups
>> 
>>   • Grow the OWASP Community - Build & grow the OWASP community throughout the world by focusing on the quality of chapters, conferences, and social technologies
>> 
>> 
>> 
>> Here are the comments from the google document
>> 
>> https://docs.google.com/a/owasp.org/document/d/1__w0egasqPvgEjLjPU2Rp_8jf0BkcDZwXqLjPMpqEOU/edit
>> 
>> Dave: I think we also need a strategic goal around funding/fund raising.
>> Dave: I think we need a Strategic goal of making it easy for consumers of our content to find our high quality content/projects, and make it clear which ones are still alpha+ stage, so their expectations are set accordingly. We have too much stuff thats not high quality that is diluting our message/image.
>> 
>> 
>> Seba: we should further refine our stakeholders and tune the message towards them. What is OWASP for a web/mobile application developer? for a framework architect? for a pentester? for a QA tester? for a CISO? for a student? for a professor? for an end-user? ...
>> (response) Michael: It looks like these groups are subcategories of the larger groups we already have defined. I think we should leave this level of detail to the supporting committee goals.
>> 
>> Seba: conferences and training
>> (response) Michael: Do you think "training" needs to be specifically added? I think conferences include this already and is more of an outreach channel than the specific training sessions.
>> 
>> Seba: out of context here: probably part of the communication channels?
>> (response) Michael: I'd like something in the goals that focuses on the way our community interacts. That could be the wiki, mailing list, forum??, or more. We need to focus on how the community interacts and grows on the web.
>> 
>> Seba: and probably re-align an re-organize the committees to reach the strategic goals. 
>> I see connections & industry & part of the education committees merged into an "outreach" committee, responsible for developping the multi-channel marketing of our content (delivered by the plaform/comunity) towards our stakeholders/public.
>> besides the chapters, conferences: why don't we create a training committee?
>> 
>> 
>> Michael Coates
>> OWASP
>> 
>> 
>> 
>> On Oct 13, 2011, at 9:31 PM, Michael Coates wrote:
>> 
>>> The strategic goals should set the direction for OWASP with the overall purpose of furthering the OWASP mission.  The presence of strategic goals is important for the following reasons:
>>> 
>>> * By aligning our efforts we will accomplish several tasks with high quality instead of many tasks with mediocre quality
>>> * Strategic goals allow us to rally the committees towards a common direction
>>> * These goals will help OWASP be more effective in achieving the mission - they will in no way detract from or impact the ability for anyone to contribute awesome security projects (in fact, the strategic goals should do quite the opposite)
>>> * Demonstrates measurable growth for everyone's efforts
>>> 
>>> I believe we should aim for 3 strategic goals.  They should speak to the direction which we will align our committee goals.  These goals should specify the "WHAT" whereas the committee goals will define the "HOW". In other words, the strategic goals are what we want to accomplish through the collaborative efforts of the committees (and of course anyone else that wants to volunteer time in this space of OWASP).
>>> 
>>> Mission:
>>> Our mission is to make application security visible, so that people and organizations can make informed decisions about true application security risks.
>>> 
>>> Initial Strategic Goals For Discussion
>>> 
>>> * Build the OWASP Platform - Create the processes, resources, and tools to enable easy project creation, project growth, and the creation of  professional, high quality deliverables
>>> 
>>> * Expand Communication Channels - Establish effective communication channels into developer groups, universities, and industry groups
>>> 
>>> * Grow the OWASP Community - Build & grow the OWASP community throughout the world by focusing on the quality of chapters, conferences, and social technologies
>>> 
>>> 
>>> 
>>> Thoughts? Let's discuss.
>>> 
>>> 
>>> Michael Coates
>>> OWASP
>>> 
>>> 
>>> 
>> 
>> _______________________________________________
>> Owasp-board mailing list
>> Owasp-board at lists.owasp.org
>> https://lists.owasp.org/mailman/listinfo/owasp-board
> _______________________________________________
> Owasp-board mailing list
> Owasp-board at lists.owasp.org
> https://lists.owasp.org/mailman/listinfo/owasp-board



More information about the Owasp-board mailing list