[Owasp-leaders] Solutions

James McGovern JMcGovern at virtusa.com
Wed Jan 19 10:51:16 EST 2011

A few questions/thoughts

1. If OWASP increases the amount of full-time employees in order to
support projects, how much more dollars would we have to take in on an
annual basis?
2. Since OWASP is incorporated in the United States, would there be
extra challenges in having employees who aren't US authorized workers?
3. Why would we limit our thinking to just technical staff? I am of the
belief that it would be actually better to have dedicated PR in order to
help spread the word as first course of action

James McGovern
Virtusa Corporation

-----Original Message-----
From: owasp-leaders-bounces at lists.owasp.org
[mailto:owasp-leaders-bounces at lists.owasp.org] On Behalf Of Jim Manico
Sent: Monday, January 17, 2011 9:45 PM
To: owasp-leaders at lists.owasp.org
Subject: [Owasp-leaders] Solutions

I received a few off-list emails in support of some of my last few
emails to the leaders list. However...

I really need to stop my OWASP-attacking emails, especially when
I'm not presenting clear solutions.

So I would like to take a moment to share my future vision of OWASP with
you. This is just one mans subjective opinion. I hope this is good
"grist for the mill" in prep for the summit.

1) OWASP Board focuses primarily on fundraising
2) We hire new full time technical staff members working for OWASP
3) We have a smaller number of projects with a higher level of
commitment to production quality (Focus, Daniel-san)
4) Quarterly updates of key standard-based projects (ASVS and other
OWASP emerging standards)
5) New website with clear paths for Developers, Assessment Specialists,
and Managers (Under way)
6) ESAPI, CSRFGuard, AntiSamy and other key "builder" projects get
full-time technical resources to drive the projects to production
quality (in terms of docs, too)
7) OWASP releases objective tool studies on a bi-yearly basis. I think
we are well situated to provide advice and analysis (as well as real
metrics) on the capabilities of different SAST/DAST products (if we had
full time dedicated resources)

Please note, I hope to achieve "eccentric millionaire" status in a few
years so I can help fund all of this. I have the "eccentric" part down.
I'm working on the other half now. :)

Cheers all. Looking forward to seeing you at the summit in Portugal.

- Jim
OWASP-Leaders mailing list
OWASP-Leaders at lists.owasp.org

Virtusa was recently ranked and featured in 2010 Deloitte Technology Fast 500, 2010 Global Services 100, IAOP's 2010 Global Outsourcing 100 sub-list and 2010 FinTech 100 among others.


This message, including any attachments, contains confidential information intended for a specific individual and purpose, and is intended for the addressee only. Any unauthorized disclosure, use, dissemination, copying, or distribution of this message or any of its attachments or the information contained in this e-mail, or the taking of any action based on it, is strictly prohibited. If you are not the intended recipient, please notify the sender immediately by return e-mail and delete this message.


More information about the OWASP-Leaders mailing list