[Owasp-board] Fwd: Request to address the OWASP Board

Tobias tobias.gondrom at owasp.org
Sat Feb 22 18:02:49 UTC 2014


Hi Sarah,

thanks.
Yes, I think we should have sufficient time on the agenda.
Could you please add the 20min slot for Jeremiah on Mar-3 agenda under
"new business"?

Thanks, Tobias


Ps.: @Jeremiah: small comment: as mentioned before, if you have specific
ideas or actionable items that you like the board to vote on, please
send these questions before the meeting so people have time to think
about them and involve the community for opinions. As you did not
mention specific vote questions, I assume your talk is planned as food
for thought and potential medium term ideas, but does not contain
requests for immediate actions. (Of course, in the end nothing would
prevent the board from voting during the meeting if it decides so.)



On 21/02/14 02:50, Sarah Baso wrote:
> Board Members -
> See email from Jeremiah below regarding his request to speak with the
> board. Please let him know if you are not able to accommodate his
> requested time on March 3.
>
> Thanks,
> Sarah
>
> ---------- Forwarded message ----------
> From: *Jeremiah Grossman* <jeremiah at whitehatsec.com
> <mailto:jeremiah at whitehatsec.com>>
> Date: Fri, Feb 14, 2014 at 12:10 PM
> Subject: Re: Request to address the OWASP Board
> To: Sarah Baso <sarah.baso at owasp.org <mailto:sarah.baso at owasp.org>>
> Cc: OWASP Foundation Board List <owasp-board at lists.owasp.org
> <mailto:owasp-board at lists.owasp.org>>
>
>
> Hi Sara (et al),
>
> Thank you, I much appreciate the opportunity. The ideal time for me
> is March 3 at 9am PT.
>
> The subject I'd like to discuss is, "Growing the Application Security
> Industry," a topic that's important to a great many people in the
> industry and I suspect OWASP as an organization as well. 20min should
> be enough to carry on a useful discussion.
>
> As requested for context, while the application security industry has
> grown and grown up a lot over the years, it is still very small by any
> comparison from where it needs to be. Consider, Gary McGraw (CTO,
> Cigital) says roughly 2% of all programmers should be software
> security pros through his BSIMM research. If so, then at a worldwide
> programmer population of 17 million, we'll be needing 340,000 software
> security pros. I don't have to tell you all, we're no where that. And
> don't even get me started on the completley inadequate level of
> monetary investment in the space relative to other less important area
> of InfoSec.
>
> What I'm advocating everyone to consider, including the OWASP board,
> is to begin looking at every community project, every software and
> documentation initiative, and every donated dollar spent to help
> closing this gap. Investing resources to increase OWASP membership,
> increase the number of people using it's materials, and by extension
> the number of organizations that have application security programs in
> general. And then look with a skeptical eye for anything that doesn't
> move the needle in that direction.
>
> I have some ideas sure, but they are just that, ideas. What I think we
> need most, is a new way of thinking about the AppSec industry.
>
> Does this help?
>
> Regards,
>
> Jeremiah Grossman
> Founder & iCEO
> WhiteHat Security
>
>
> On Feb 13, 2014, at 6:01 PM, Sarah Baso <sarah.baso at owasp.org
> <mailto:sarah.baso at owasp.org>> wrote:
>
>> Hi Jeremiah -
>>
>> I wanted to follow up on your request to address the board at an
>> upcoming meeting.  The Board has meetings scheduled on February 24th
>> from 8am-10am PST and a week later on March 3 from 7am-10am PST.  
>>
>> https://www.owasp.org/index.php/Board#tab=Agenda_for_2014_Meetings
>>
>> We can add you to the agenda for either of these meetings; however a
>> couple of the board members have requested that something in writing
>> (proposal/comments) beforehand would be helpful to chew on to make
>> the time as useful as possible on the call.
>>
>> Let us know your availability and if you have anything specific for
>> them to read in preparation.
>>
>> Best,
>> Sarah Baso
>>
>> -- 
>> Executive Director
>> OWASP Foundation
>>
>> sarah.baso at owasp.org <mailto:sarah.baso at owasp.org>
>> +1.312.869.2779 <tel:%2B1.312.869.2779>
>>
>>
>>
>>
>
>
>
>
> -- 
> Executive Director
> OWASP Foundation
>
> sarah.baso at owasp.org <mailto:sarah.baso at owasp.org>
> +1.312.869.2779
>
>
>
>
>
>
> _______________________________________________
> Owasp-board mailing list
> Owasp-board at lists.owasp.org
> https://lists.owasp.org/mailman/listinfo/owasp-board

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/owasp-board/attachments/20140222/0ac2ba04/attachment.html>


More information about the Owasp-board mailing list