[Owasp-leaders] Marketing OWASP

dinis cruz dinis.cruz at owasp.org
Tue Oct 19 06:43:07 EDT 2010


I think this a great idea and there have been multiple attempts (at OWASP)
in the past at variations of this theme, so please run with it and let us
know how we can help.

James, if you are going to be in AppSec DC, please make sure you catch up
with Jeff on this presentation about 'Security ScoreCards' since that will
be one of the foundations that you will need to make this work.

Dinis Cruz

Blog: http://diniscruz.blogspot.com
Twitter: http://twitter.com/DinisCruz
Web: http://www.owasp.org/index.php/O2


On 18 October 2010 13:56, James McGovern <JMcGovern at virtusa.com> wrote:

>  Had an idea for how to better market OWASP but first a few mini-stories.
>
>
>
> Ever heard of James Governor and Redmonk? He is a noted industry analyst
> who brought on the concept of open source analysis. His first open source
> research was entitled: Compliance Oriented Architectures. I had a twitter
> dialog with him over the weekend regarding future open source publications
> in the security space.
>
>
>
> Several months I ago, I had a conversation with another noted industry
> analyst who covers the information security space who made me a lot smarter
> regarding analyst pay-for-play and got enlightened as to why I had it 100%
> wrong. The thesis is that it doesn’t benefit an analyst firm to say anything
> nice about a company, but rather something negative but otherwise
> correctable. Since the best way to influence an analyst is to pay them for
> their time, the value proposition of being good isn’t always good.
>
>
>
> I remember attending the OWASP 2008 NYC conference where I got into a
> conversation with Rohyt Belani and how he discussed it was futile to expect
> outsourcing firms to write secure software without paying extra for it. Of
> course, I took it as a personal challenge to prove him wrong. I had a very,
> very small success working with Cognizant in this regard.
>
>
>
> I currently share frequent thoughts on maturity as part of the SAMM list
> based on my observations of my past and current employer.
>
>
>
> So, combining these thoughts, I believe we could do well to
> participate/champion/contribute to the creation of an open source research
> report that measures the ability of outsourcing firms to deliver software.
> If we can inject into the outsourcing conversation something other than rate
> arbitrage and CMMI, we may be able to move the industry. It is OWASP that is
> best positioned to provide analyst guidance in this regard and to
> acknowledge that with the exception of governments, the vast majority of
> software development is shifting towards countries with less overall
> software development experience.
>
>
>
> I would use my internet socialization skills to rally up a few analysts to
> write and publish research in this space in a 100% open manner. Thoughts?
>
>
>
> *James McGovern
> *Insurance SBU
>
> *Virtusa **Corporation***
>
> 100 Northfield Drive, Suite 305 | Windsor, CT | 06095
>
> *Phone:  *860 688 9900 *Ext:  *1037 | *Facsimile:  *860 688 2890
>
> [image: cid:image011.jpg at 01CB08A4.F95CFA30] <http://www.virtusa.com/> [image:
> cid:image012.gif at 01CB08A4.F95CFA30] <http://www.virtusa.com/blog/> [image:
> cid:image004.gif at 01CB08A4.F95CFA30] <https://twitter.com/VirtusaCorp> [image:
> cid:image005.gif at 01CB08A4.F95CFA30]<http://www.linkedin.com/companies/virtusa>
>  [image: cid:image006.gif at 01CB08A4.F95CFA30]<http://www.facebook.com/VirtusaCorp>
>
> Virtusa was recently ranked and featured in 2010 Global Services 100, IAOP's 2010 Global Outsourcing 100 sub-list, 2009 Deloitte Technology Fast 500 and 2009 Dataquest-IDC Best Employers Survey among others.
>
> ---------------------------------------------------------------------------------------------
>
> This message, including any attachments, contains confidential information intended for a specific individual and purpose, and is intended for the addressee only. Any unauthorized disclosure, use, dissemination, copying, or distribution of this message or any of its attachments or the information contained in this e-mail, or the taking of any action based on it, is strictly prohibited. If you are not the intended recipient, please notify the sender immediately by return e-mail and delete this message.
>
> ---------------------------------------------------------------------------------------------
>
>
> _______________________________________________
> OWASP-Leaders mailing list
> OWASP-Leaders at lists.owasp.org
> https://lists.owasp.org/mailman/listinfo/owasp-leaders
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: https://lists.owasp.org/pipermail/owasp-leaders/attachments/20101019/2ef9ad46/attachment-0001.html 
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: image/gif
Size: 1211 bytes
Desc: not available
Url : https://lists.owasp.org/pipermail/owasp-leaders/attachments/20101019/2ef9ad46/attachment-0004.gif 
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: image/gif
Size: 789 bytes
Desc: not available
Url : https://lists.owasp.org/pipermail/owasp-leaders/attachments/20101019/2ef9ad46/attachment-0005.gif 
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: image/jpeg
Size: 1397 bytes
Desc: not available
Url : https://lists.owasp.org/pipermail/owasp-leaders/attachments/20101019/2ef9ad46/attachment-0001.jpe 
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: image/gif
Size: 763 bytes
Desc: not available
Url : https://lists.owasp.org/pipermail/owasp-leaders/attachments/20101019/2ef9ad46/attachment-0006.gif 
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: image/gif
Size: 744 bytes
Desc: not available
Url : https://lists.owasp.org/pipermail/owasp-leaders/attachments/20101019/2ef9ad46/attachment-0007.gif 


More information about the OWASP-Leaders mailing list