[Owasp-leaders] Creating OWASP 4.0!

James McGovern JMcGovern at virtusa.com
Thu Dec 9 10:53:21 EST 2010


Rex, we are actually in full agreement. I think my thought process is wired around the notion of think globally, act locally. Yes, we should have a little bit of “governance” in place such that projects do accomplish the “strategic” intent of making appsec visible. Maybe this starts with us outlining what are the capabilities we require and the outcomes desired (yes, this sounds enterprisey). Some things that I would love to see happen in 2011 are:

 

-          Less focus on large enterprises and government. More on helping out the little guys

-          Bring balance to be developer-specific vs developer-friendly. We need for webappsec to be “visible” to all IT demographics that participate in the SDLC. Maybe we can help business analysts capture misuse/abuse cases to fill out an important gap?

-          Work with other organizations. I truly believe that there is merit in helping out audit-centric organizations such as ISACA who continue to promote silly audit checklists on things that don’t matter. Who cares if I have a clean desk policy which is as important as checking to see if my Number two pencils are sharpened. We need to get better with outreach and not be so insular

-          Figure out ways to get more media attention for our great work. This includes magazines, newspapers and industry analyst firms.

 

James McGovern
Insurance SBU 

Virtusa Corporation

100 Northfield Drive, Suite 305 | Windsor, CT | 06095

Phone:  860 688 9900 Ext:  1037 | Facsimile:  860 688 2890  

  <http://www.virtusa.com/>    <http://www.virtusa.com/blog/>    <https://twitter.com/VirtusaCorp>    <http://www.linkedin.com/companies/virtusa>    <http://www.facebook.com/VirtusaCorp> 

 

From: owasp-leaders-bounces at lists.owasp.org [mailto:owasp-leaders-bounces at lists.owasp.org] On Behalf Of Rex Booth
Sent: Wednesday, December 08, 2010 5:37 PM
To: owasp-leaders at lists.owasp.org
Cc: <owasp-leaders at lists.owasp.org>
Subject: Re: [Owasp-leaders] Creating OWASP 4.0!

 

I hate to so contrarian with you today James, but chaos doesn't work on a strategic level.  Your positive experience at your chapter doesn't translate to the organization as a whole.

 

Whether we are a non-profit or not, we need to recognize that we are in a competitive marketplace where we need to struggle for relevancy in order to achieve our mission.  We can't treat this like some sort of free-for-all.

 

We have numerous dedicated individuals, but I think as an organization we try to be everything to everyone.  In the pursuit of allowing owasp to be anything somebody wants it to be (new conference?  Sure!  New project?  Why not?) we've sacrificed our ability to focus and really make an impact (with some notable exceptions).

 

I think better coordination of efforts, some culling of the less useful projects and undertakings, and more strategic leadership from the board level would go a long way.

 

Imagine how much we could accomplish if we eliminated the noise and were able to double our efforts on the truly impactful and high-profile efforts!

 

Rex



On Dec 8, 2010, at 4:02 PM, "James McGovern" <JMcGovern at virtusa.com> wrote:




I too have noticed the chaos and believe it is a good thing! When the Hartford chapter did a joint meeting with ISACA, they had a lot more formality in organizing things. Generally speaking, when I organize Hartford chapter meetings I tend to start with finding two speakers who are of interest, figuring out what they are going to talk about, creating an agenda and then blasting it to the world. The ISACA model required multiple levels of approval and dozens of phone calls. 

	 

	We get things done without requiring audits and checklists :-)

	 

	James McGovern

	Insurance SBU 

	Virtusa Corporation

	100 Northfield Drive, Suite 305 | Windsor, CT | 06095

	Phone:  860 688 9900 Ext:  1037 | Facsimile:  860 688 2890  

	 

	 

	 

	-----Original Message-----

	From: owasp-leaders-bounces at lists.owasp.org [mailto:owasp-leaders-bounces at lists.owasp.org] On Behalf Of Yiannis Pavlosoglou

	Sent: Wednesday, December 08, 2010 12:47 PM

	To: owasp-leaders at lists.owasp.org

	Subject: Re: [Owasp-leaders] Creating OWASP 4.0!

	 

	Examples:

	 

	2. We have real issues on establishing individual efforts and commits

	to a particular task. Other organisations are also open and

	transparent, why all the chaos with us?

	 

	 

	Virtusa was recently ranked and featured in 2010 Deloitte Technology Fast 500, 2010 Global Services 100, IAOP's 2010 Global Outsourcing 100 sub-list and 2010 FinTech 100 among others.

	 

	---------------------------------------------------------------------------------------------

	 

	This message, including any attachments, contains confidential information intended for a specific individual and purpose, and is intended for the addressee only. Any unauthorized disclosure, use, dissemination, copying, or distribution of this message or any of its attachments or the information contained in this e-mail, or the taking of any action based on it, is strictly prohibited. If you are not the intended recipient, please notify the sender immediately by return e-mail and delete this message.

	 

	---------------------------------------------------------------------------------------------

	_______________________________________________

	OWASP-Leaders mailing list

	OWASP-Leaders at lists.owasp.org

	https://lists.owasp.org/mailman/listinfo/owasp-leaders


Virtusa was recently ranked and featured in 2010 Deloitte Technology Fast 500, 2010 Global Services 100, IAOP's 2010 Global Outsourcing 100 sub-list and 2010 FinTech 100 among others.

---------------------------------------------------------------------------------------------

This message, including any attachments, contains confidential information intended for a specific individual and purpose, and is intended for the addressee only. Any unauthorized disclosure, use, dissemination, copying, or distribution of this message or any of its attachments or the information contained in this e-mail, or the taking of any action based on it, is strictly prohibited. If you are not the intended recipient, please notify the sender immediately by return e-mail and delete this message.

---------------------------------------------------------------------------------------------
-------------- next part --------------
An HTML attachment was scrubbed...
URL: https://lists.owasp.org/pipermail/owasp-leaders/attachments/20101209/a148d41b/attachment-0001.html 
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: image/jpeg
Size: 1397 bytes
Desc: image001.jpg
Url : https://lists.owasp.org/pipermail/owasp-leaders/attachments/20101209/a148d41b/attachment-0001.jpe 
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: image/gif
Size: 744 bytes
Desc: image002.gif
Url : https://lists.owasp.org/pipermail/owasp-leaders/attachments/20101209/a148d41b/attachment-0004.gif 
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: image/gif
Size: 1211 bytes
Desc: image003.gif
Url : https://lists.owasp.org/pipermail/owasp-leaders/attachments/20101209/a148d41b/attachment-0005.gif 
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: image/gif
Size: 789 bytes
Desc: image004.gif
Url : https://lists.owasp.org/pipermail/owasp-leaders/attachments/20101209/a148d41b/attachment-0006.gif 
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: image/gif
Size: 763 bytes
Desc: image005.gif
Url : https://lists.owasp.org/pipermail/owasp-leaders/attachments/20101209/a148d41b/attachment-0007.gif 


More information about the OWASP-Leaders mailing list