<html>
  <head>
    <meta content="text/html; charset=ISO-8859-1"
      http-equiv="Content-Type">
  </head>
  <body bgcolor="#FFFFFF" text="#000000">
    <div class="moz-cite-prefix">Hi Sarah, <br>
      <br>
      thanks. <br>
      Yes, I think we should have sufficient time on the agenda. <br>
      Could you please add the 20min slot for Jeremiah on Mar-3 agenda
      under "new business"? <br>
      <br>
      Thanks, Tobias<br>
      <br>
      <br>
      Ps.: @Jeremiah: small comment: as mentioned before, if you have
      specific ideas or actionable items that you like the board to vote
      on, please send these questions before the meeting so people have
      time to think about them and involve the community for opinions.
      As you did not mention specific vote questions, I assume your talk
      is planned as food for thought and potential medium term ideas,
      but does not contain requests for immediate actions. (Of course,
      in the end nothing would prevent the board from voting during the
      meeting if it decides so.) <br>
      <br>
      <br>
      <br>
      On 21/02/14 02:50, Sarah Baso wrote:<br>
    </div>
    <blockquote
cite="mid:CAA_HhV+DazMkjoWTUH1RxDf1EVH82xPMeA+FZb45fq3kqMtK3A@mail.gmail.com"
      type="cite">
      <div dir="ltr">Board Members -
        <div>See email from Jeremiah below regarding his request to
          speak with the board. Please let him know if you are not able
          to accommodate his requested time on March 3.</div>
        <div><br>
        </div>
        <div>
          Thanks,</div>
        <div>Sarah<br>
          <br>
          <div class="gmail_quote">---------- Forwarded message
            ----------<br>
            From: <b class="gmail_sendername">Jeremiah Grossman</b> <span
              dir="ltr"><<a moz-do-not-send="true"
                href="mailto:jeremiah@whitehatsec.com">jeremiah@whitehatsec.com</a>></span><br>
            Date: Fri, Feb 14, 2014 at 12:10 PM<br>
            Subject: Re: Request to address the OWASP Board<br>
            To: Sarah Baso <<a moz-do-not-send="true"
              href="mailto:sarah.baso@owasp.org">sarah.baso@owasp.org</a>><br>
            Cc: OWASP Foundation Board List <<a
              moz-do-not-send="true"
              href="mailto:owasp-board@lists.owasp.org">owasp-board@lists.owasp.org</a>><br>
            <br>
            <br>
            <div style="word-wrap:break-word">
              Hi Sara (et al),
              <div><br>
              </div>
              <div><span style="white-space:pre-wrap"></span>Thank you,
                I much appreciate the opportunity. The ideal time for me
                is March 3 at 9am PT.<br>
                <br>
                <div><span style="white-space:pre-wrap"></span>The
                  subject I’d like to discuss is, "Growing the
                  Application Security Industry,” a topic that’s
                  important to a great many people in the industry and I
                  suspect OWASP as an organization as well. 20min should
                  be enough to carry on a useful discussion.</div>
                <div><br>
                </div>
                <div>As requested for context, while the application
                  security industry has grown and grown up a lot over
                  the years, it is still very small by any comparison
                  from where it needs to be. Consider, Gary McGraw (CTO,
                  Cigital) says roughly 2% of all programmers should be
                  software security pros through his BSIMM research. If
                  so, then at a worldwide programmer population of 17
                  million, we’ll be needing 340,000 software security
                  pros. I don’t have to tell you all, we’re no where
                  that. And don’t even get me started on the completley
                  inadequate level of monetary investment in the space
                  relative to other less important area of InfoSec.</div>
                <div><br>
                </div>
                <div>What I’m advocating everyone to consider, including
                  the OWASP board, is to begin looking at every
                  community project, every software and documentation
                  initiative, and every donated dollar spent to help
                  closing this gap. Investing resources to increase
                  OWASP membership, increase the number of people using
                  it’s materials, and by extension the number of
                  organizations that have application security programs
                  in general. And then look with a skeptical eye for
                  anything that doesn’t move the needle in that
                  direction.</div>
                <div><br>
                </div>
                <div>I have some ideas sure, but they are just that,
                  ideas. What I think we need most, is a new way of
                  thinking about the AppSec industry.</div>
                <div><br>
                </div>
                <div>Does this help?</div>
                <div><br>
                </div>
                <div>Regards,</div>
                <div><br>
                </div>
                <div>
                  <div>
                    <div>Jeremiah Grossman</div>
                    <div>Founder & iCEO</div>
                    <div>WhiteHat Security</div>
                  </div>
                  <div>
                    <div class="h5">
                      <div><br>
                      </div>
                      <br>
                      <div>
                        <div>On Feb 13, 2014, at 6:01 PM, Sarah Baso
                          <<a moz-do-not-send="true"
                            href="mailto:sarah.baso@owasp.org"
                            target="_blank">sarah.baso@owasp.org</a>>
                          wrote:</div>
                        <br>
                        <blockquote type="cite">
                          <div dir="ltr">Hi Jeremiah -
                            <div><br>
                            </div>
                            <div>I wanted to follow up on your request
                              to address the board at an upcoming
                              meeting.  The Board has meetings scheduled
                              on February 24th from 8am-10am PST and a
                              week later on March 3 from 7am-10am PST.  </div>
                            <div><br>
                            </div>
                            <div><a moz-do-not-send="true"
href="https://www.owasp.org/index.php/Board#tab=Agenda_for_2014_Meetings"
                                target="_blank">https://www.owasp.org/index.php/Board#tab=Agenda_for_2014_Meetings</a><br>
                            </div>
                            <div><br>
                            </div>
                            <div>We can add you to the agenda for either
                              of these meetings; however a couple of the
                              board members have requested that
                              something in writing (proposal/comments)
                              beforehand would be helpful to chew on to
                              make the time as useful as possible on the
                              call.</div>
                            <div><br>
                            </div>
                            <div>Let us know your availability and if
                              you have anything specific for them to
                              read in preparation.</div>
                            <div><br>
                            </div>
                            <div>Best,<br>
                              Sarah Baso</div>
                            <div>
                              <div><br>
                              </div>
                              -- <br>
                              <div dir="ltr">
                                <div>Executive Director</div>
                                <div>OWASP Foundation</div>
                                <div><br>
                                </div>
                                <div><a moz-do-not-send="true"
                                    href="mailto:sarah.baso@owasp.org"
                                    target="_blank">sarah.baso@owasp.org</a><br>
                                  <a moz-do-not-send="true"
                                    href="tel:%2B1.312.869.2779"
                                    value="+13128692779" target="_blank">+1.312.869.2779</a><br>
                                  <br>
                                  <br>
                                  <br>
                                  <br>
                                </div>
                              </div>
                            </div>
                          </div>
                        </blockquote>
                      </div>
                      <br>
                    </div>
                  </div>
                </div>
              </div>
            </div>
          </div>
          <br>
          <br clear="all">
          <div><br>
          </div>
          -- <br>
          <div dir="ltr">
            <div>Executive Director</div>
            <div>OWASP Foundation</div>
            <div><br>
            </div>
            <div><a moz-do-not-send="true"
                href="mailto:sarah.baso@owasp.org" target="_blank">sarah.baso@owasp.org</a><br>
              +1.312.869.2779<br>
              <br>
              <br>
              <br>
              <br>
            </div>
          </div>
        </div>
      </div>
      <br>
      <fieldset class="mimeAttachmentHeader"></fieldset>
      <br>
      <pre wrap="">_______________________________________________
Owasp-board mailing list
<a class="moz-txt-link-abbreviated" href="mailto:Owasp-board@lists.owasp.org">Owasp-board@lists.owasp.org</a>
<a class="moz-txt-link-freetext" href="https://lists.owasp.org/mailman/listinfo/owasp-board">https://lists.owasp.org/mailman/listinfo/owasp-board</a>
</pre>
    </blockquote>
    <br>
  </body>
</html>