[Owasp-board] Questions regarding Developer outreach program
jim.manico at owasp.org
Mon Nov 23 23:33:16 UTC 2015
I agree with your concern, Johanna. Going to developer conferences feels good but it largely ineffective and does not really scale. Most of OWASP's efforts are on conferences in general, and I think we can do more in service of our mission. (By the same token I'm really proud of our staff and the work they do to put on amazing conferences).
I'd much rather spend these funds funding and working with popular software frameworks to provide additional automatic security controls where we can. This is how you change the AppSec world for the better, but its a huge leap from what we do today and most folks I've talked to in leadership are opposed to that kind of funding.
Global Board Member
Join me in Rome for AppSecEU 2016!
> On Nov 23, 2015, at 8:06 PM, johanna curiel curiel <johanna.curiel at owasp.org> wrote:
> Hi Board
> I do have some questions regarding this program
> So far I have not seen concrete plans but a quite vaguely defined plan with a budget for 50K for 'engagement costs' for leaders (who also not clear) to conferences
> I do not see clear actions into this initiative.
> $50K for work to help OWASP actively engage with developer communities.==>
> Which concrete actions and steps will be done in order to engage the developer communities?
> Where is the proposal explaining this?
> How will be the selection procedure of Project leaders to go to this 'conferences'? Will only be the 'board members or elected ember san dhow will this be done?
> Example, I don't see how someone that has no developer experience using certain programming language or that framework can engage a Developer community, so the action plan is quite important in order to justify this 'engagement' with chances to get results
> Owasp-board mailing list
> Owasp-board at lists.owasp.org
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Owasp-board