[Owasp-leaders] OWASP Home Page Project

AF antonio.fontes at gmail.com
Wed Sep 23 08:17:45 EDT 2009

* This discussion is mostly about marketing and PR than anything else
and we need people who are skilled with such instruments (and can
think as such) (there are billions of such guys) and know what we are
talking about (this dramatically reduces the population to ... a few
people). Maybe should we get advice from those people.

My 2 cents about the home page:

* Someone could define our understanding of the application security
world, the needs that may rise from the people involved in it in any
ways. These needs need to be regrouped as 'profiles'. Some people call
this "segmenting (understanding) the market." As an example, we might
- top management
- management
- architects and business analysts
- software designers
- developers
- testers and quality assessors
- incident responders
- teachers
- third-party security services companies
- people who want to contribute to the OWASP
- etc.

* Segmentation may also occur by industry, if the needs really differ:
 - banking
 - industry
 - ISVs
 - security services and products companies
 - etc.

* Someone could chose whether we first answer needs by role, or by
industry, or by whatsoever.

* Someone could define which places we are seating on: which are the
profiles that we currently satisfy or aim at satisfying? What are
these profiles? Where is the list? Some people call this "targeting
the market".

* Someone could define how we show to these profiles we selected that
we have a solution tailored to their needs. This involves browsing
each slot of the above list and inserting the products or services
(typically, our projects) that respond to these needs. Some call this
"positioning the organization into the market."

* Actually, what I see on the home page of the owasp website is the
result of a click on "About Us" on every other organization's page. In
no way does any successful website tells its visitors "who we are" on
the home page. Never. That's however, what we do.

* As a result from this initiative, we could now be able to build a
home page that tells the audience that we are listening. Some call
this a home page that says "Please tell us who you are and we will
tell you what we did for you and how we can help you."

* I think we also need a "First time here? Discover the OWASP!" link.

As I said, just 2 cents :)
Hope it helps.

On Wed, Sep 23, 2009 at 11:05 AM, Eoin <eoin.keary at owasp.org> wrote:
> last November in Portugal we talked about tailoring the site to audience on
> the OWASP home page.
> A technical link and also a user link, both taking a user to a menu of
> appropriate information.
> 2009/9/23 Tom Brennan - OWASP <tomb at owasp.org>
>> yea http://www.aspectsecurity.com looks really good thumbs up to the guy
>> who did it.... want to volunteer some time to owasp ;)
>> OWASP needs a pretty website too + the wiki behind it so that we can
>> continue our collaboration effort. James McGovern and others have been
>> noodling this.. and I hope that the OWASP Mini-Summit happening at the OWASP
>> USA 2009 event on November 11th
>> http://www.owasp.org/index.php/OWASP_AppSec_DC_2009 will allow for this very
>> topic to be flushed out from the collaboration from the membership and if
>> someone wants a project this is one of the big ones to lend cycles to.
>> On Tue, Sep 22, 2009 at 7:54 PM, Mike Boberski <mike.boberski at cox.net>
>> wrote:
>>> I'm surprised no one jumped in on this thread; each is an item in my mind
>>> worth exploring; application security is incredibly hard to sell people on,
>>> such weak/non-existent mandates in this space. The Agile-like idea for
>>> example seems to pop up frequently, I think there is something to it. There
>>> is little arguing how the universe latched onto such a superficially silly
>>> thing with religious-like zeal; I have one customer right now for example
>>> where a development team is hiding behind the Agile Scrum process to the
>>> point of defying their management's (and their management's management's,
>>> and their management's management's management's) direct instruction to
>>> start addressing security concerns.
>>> Some initial thoughts on each of the items:
>>> I think the site could benefit for some high-level buckets near the top,
>>> similar to the recent Aspect Security web site update. Perhaps
>>> protect/detect/lifecycle as on the projects page.
>>> Member companies should go to the top, to the side, for the reasons cited
>>> below. I turned many people during ASVS' development into ASVS reviewers
>>> once they scrolled to the bottom.
>>> There is merit to the manifesto thing as mentioned above, the visible
>>> thing is a starting point but isn't all that it could be; here's a starting
>>> point for discussion: (1)A Web application may not disclose or modify user
>>> data without a data owner's permission or, through inaction, allow
>>> unauthorized disclosure or modification of user data. (2)A Web application
>>> must obey any inputs given to it by users or external systems, except where
>>> such orders would conflict with the First Law. (3)A Web application must
>>> protect its own existence as long as such protection does not conflict with
>>> the First or Second Law.
>>> I'm not sure the media thing is actionable, other than adding a link to
>>> an OWASP POC to respond to media inquiries.
>>> Mike
>>> On Mon, Sep 21, 2009 at 3:16 PM, McGovern, James F (HTSC, IT)
>>> <James.McGovern at thehartford.com> wrote:
>>>> Figured I would share some marketing oriented thoughts regarding OWASP
>>>> with a focus on our web presence. If you feel I am full of it, then reply
>>>> back :-)
>>>> The OWASP website is not relatable. Who is the intended audience? Should
>>>> we guide folks based on the roles they play?
>>>> There is nothing to speak to the legitimacy of OWASP ..... until you
>>>> scroll down to the bottom and see the corporate endorsements. Those should
>>>> be higher up on the screen. For those who will debate legitimacy, we have to
>>>> acknowledge that the masses within IT get giddy when they see famiilar
>>>> logos. Think folks who love Gartner Magic Quadrants.
>>>> Also on the home page there is nothing about what (specific) problem(s)
>>>> OWASP addresses and fixes. Somewhat sporadic information. We need something
>>>> more than making web application security visible.
>>>> Are there any quotes from people/organizations that were helped by OWASP
>>>> involvement? Testimonials would attract more attention. Have folks seen the
>>>> Agile Manifesto and the signatories page? We should do something similar.
>>>> Media coverage generally depends on a "face" to work their story. There
>>>> are likely several angles you can utilize such as the "nimbleness" of a
>>>> community vs. a corporation in solving a problem. How about a feature
>>>> covering who are some of its participants. Sort of a personal profile.
>>>> ************************************************************
>>>> This communication, including attachments, is for the exclusive use of
>>>> addressee and may contain proprietary, confidential and/or privileged
>>>> information.  If you are not the intended recipient, any use, copying,
>>>> disclosure, dissemination or distribution is strictly prohibited.  If you
>>>> are not the intended recipient, please notify the sender immediately by
>>>> return e-mail, delete this communication and destroy all copies.
>>>> ************************************************************
>>>> _______________________________________________
>>>> OWASP-Leaders mailing list
>>>> OWASP-Leaders at lists.owasp.org
>>>> https://lists.owasp.org/mailman/listinfo/owasp-leaders
>>> _______________________________________________
>>> OWASP-Leaders mailing list
>>> OWASP-Leaders at lists.owasp.org
>>> https://lists.owasp.org/mailman/listinfo/owasp-leaders
>> --
>> Tom Brennan
>> 973.506.9303
>> http://www.linkedin.com/in/tombrennan
>> _______________________________________________
>> OWASP-Leaders mailing list
>> OWASP-Leaders at lists.owasp.org
>> https://lists.owasp.org/mailman/listinfo/owasp-leaders
> --
> Eoin Keary CISSP CISA
> https://www.owasp.org/index.php/OWASP_Ireland_AppSec_2009_Conference
> OWASP Code Review Guide Lead Author
> OWASP Ireland Chapter Lead
> OWASP Global Committee Member (Industry)
> http://asg.ie/
> https://twitter.com/EoinKeary
> _______________________________________________
> OWASP-Leaders mailing list
> OWASP-Leaders at lists.owasp.org
> https://lists.owasp.org/mailman/listinfo/owasp-leaders

this email was sent with an iPhone counterfeit

More information about the OWASP-Leaders mailing list