[Owasp-board] Fwd: Request to address the OWASP Board

Sarah Baso sarah.baso at owasp.org
Fri Feb 21 02:50:41 UTC 2014

Board Members -
See email from Jeremiah below regarding his request to speak with the
board. Please let him know if you are not able to accommodate his requested
time on March 3.


---------- Forwarded message ----------
From: Jeremiah Grossman <jeremiah at whitehatsec.com>
Date: Fri, Feb 14, 2014 at 12:10 PM
Subject: Re: Request to address the OWASP Board
To: Sarah Baso <sarah.baso at owasp.org>
Cc: OWASP Foundation Board List <owasp-board at lists.owasp.org>

 Hi Sara (et al),

 Thank you, I much appreciate the opportunity. The ideal time for me
is March 3 at 9am PT.

The subject I'd like to discuss is, "Growing the Application Security
Industry," a topic that's important to a great many people in the industry
and I suspect OWASP as an organization as well. 20min should be enough to
carry on a useful discussion.

 As requested for context, while the application security industry has
grown and grown up a lot over the years, it is still very small by any
comparison from where it needs to be. Consider, Gary McGraw (CTO, Cigital)
says roughly 2% of all programmers should be software security pros through
his BSIMM research. If so, then at a worldwide programmer population of 17
million, we'll be needing 340,000 software security pros. I don't have to
tell you all, we're no where that. And don't even get me started on the
completley inadequate level of monetary investment in the space relative to
other less important area of InfoSec.

 What I'm advocating everyone to consider, including the OWASP board, is to
begin looking at every community project, every software and documentation
initiative, and every donated dollar spent to help closing this gap.
Investing resources to increase OWASP membership, increase the number of
people using it's materials, and by extension the number of organizations
that have application security programs in general. And then look with a
skeptical eye for anything that doesn't move the needle in that direction.

 I have some ideas sure, but they are just that, ideas. What I think we
need most, is a new way of thinking about the AppSec industry.

 Does this help?


  Jeremiah Grossman
Founder & iCEO
WhiteHat Security

 On Feb 13, 2014, at 6:01 PM, Sarah Baso <sarah.baso at owasp.org> wrote:

 Hi Jeremiah -

 I wanted to follow up on your request to address the board at an upcoming
meeting.  The Board has meetings scheduled on February 24th from 8am-10am
PST and a week later on March 3 from 7am-10am PST.


 We can add you to the agenda for either of these meetings; however a
couple of the board members have requested that something in writing
(proposal/comments) beforehand would be helpful to chew on to make the time
as useful as possible on the call.

 Let us know your availability and if you have anything specific for them
to read in preparation.

Sarah Baso

 Executive Director
OWASP Foundation

 sarah.baso at owasp.org

Executive Director
OWASP Foundation

sarah.baso at owasp.org
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/owasp-board/attachments/20140220/d6245954/attachment-0001.html>

More information about the Owasp-board mailing list