jim.manico at owasp.org
Mon Jan 17 21:45:22 EST 2011
I received a few off-list emails in support of some of my last few
emails to the leaders list. However...
I really need to stop my OWASP-attacking emails, especially when
I'm not presenting clear solutions.
So I would like to take a moment to share my future vision of OWASP with
you. This is just one mans subjective opinion. I hope this is good
"grist for the mill" in prep for the summit.
1) OWASP Board focuses primarily on fundraising
2) We hire new full time technical staff members working for OWASP
3) We have a smaller number of projects with a higher level of
commitment to production quality (Focus, Daniel-san)
4) Quarterly updates of key standard-based projects (ASVS and other
OWASP emerging standards)
5) New website with clear paths for Developers, Assessment Specialists,
and Managers (Under way)
6) ESAPI, CSRFGuard, AntiSamy and other key "builder" projects get
full-time technical resources to drive the projects to production
quality (in terms of docs, too)
7) OWASP releases objective tool studies on a bi-yearly basis. I think
we are well situated to provide advice and analysis (as well as real
metrics) on the capabilities of different SAST/DAST products (if we had
full time dedicated resources)
Please note, I hope to achieve "eccentric millionaire" status in a few
years so I can help fund all of this. I have the "eccentric" part down.
I'm working on the other half now. :)
Cheers all. Looking forward to seeing you at the summit in Portugal.
More information about the OWASP-Leaders