[Owasp-leaders] Security 101 Mailing List?

Dennis Groves, MSc dennis.groves at owasp.org
Fri Jan 27 10:38:14 UTC 2012

Hi Simon,

I understand; as a chapter leader myself. I believe we are uniquely 
situated as chapter leaders - we are already reaching out as chapter 
leaders. We champion OWASP all the time, growing and maturing our 

However, it doesn't take long to realise that the same level of outreach 
is not being taken by the chapter members in many cases. While your 
chapter may be unique - I find that many chapters are quite passive; 
people come to hear the experts - and they don't get involved much 
beyond 'listening.'

I think we need to understand why this is happening and address it. I 
want people to leave chapter meetings to leave empowered to do something 
for OWASP; to know exactly how they can get involved and be part of all 
the exciting activity. I want those people to go about their lives and 
be empowered to become 'the security guy' in their spheres of influence; 
and perhaps even start chapters of their own!

But chapters are not the only outreach - people are looking for 
'security answers' in a whole lot of places, and many have not yet heard 
of OWASP; because they do not even know their problem has a name to 
google for. I have even worked with clients who have brought me designs 
that include XSS as a feature! They not only haven't heard the good 
word; they have rediscovered XSS for themselves and thought it a 

Chapters are good, and chapters are outreach - but clearly, much work 
remains to be done. And much of what needs to be done is enabling and 
empowering our members to be that outreach to other communities; and 
indeed to be the 'security guy' in the communities from witch they have 


On 27 Jan 2012, at 9:55, psiinon wrote:

> I completely agree that we should be reaching out to other 
> communities.
> But dont think that you cant do that via OWASP chapter meetings as 
> well.
> In Manchester we have a fairly even split between the builders, 
> breakers
> and defenders, and a large proportion of 'newbies'.
> At the last meeting I asked what sessions people would like us to 
> present,
> and it was clear that many people wanted talks on 'the basics'.
> For next weeks meeting we have 2 talks, I'm talking about the OWASP 
> top ten
> and Dominic Chell is talking about evaluating iOS applications.
> All 60 places have been taken and I'm trying to make some more 
> available as
> there are more people who really want to attend.
> Cheers,
> Simon
> On Thu, Jan 26, 2012 at 7:43 PM, Dennis Groves 
> <dennis.groves at owasp.org>wrote:
>> On 26 Jan 2012, at 19:16, Jim Manico wrote:
>> What if a developer could confidently know that the best place in the
>>> world to turn for input validation is OWASP?
>>> I feel we serve the developer community better if "we go to them"
>>> instead of requiring them "to come to us".
>> Indeed Jim, your are touching upon a very important and critical 
>> idea.
>> In fact, Dinis & I were just talking about this on the phone.
>> This is exactly what is required; we need more evangelism as Guy 
>> Kawasaki
>> would say.
>> In fact OWASP needs to encourage and enable OWASP members to work
>> externally with others.
>> If we don't leave the OWASP community, we get blue blooded, our ideas
>> become stale, and indeed, we fail to be the Open inclusive community 
>> we
>> strive to be; and we become insular and exclusive. We fail for all 
>> the same
>> reasons that communities before OWASP failed… Even if we were to 
>> find the
>> magical security answer among ourselves, it would be worthless unless 
>> we
>> shared. :-)
>> Reaching out and helping others (not waiting for them to come to us),
>> co-operating, communicating and being friendly and helpful. That is 
>> totally
>> where it is at.
>> Cheers,
>> Dennis
>> ______________________________**_________________
>> OWASP-Leaders mailing list
>> OWASP-Leaders at lists.owasp.org
>> https://lists.owasp.org/**mailman/listinfo/owasp-leaders<https://lists.owasp.org/mailman/listinfo/owasp-leaders>
> -- 
> Vote for ZAP as the Toolsmith Tool of The
> Year<http://holisticinfosec.blogspot.com/2011/12/choose-2011-toolsmith-tool-of-year.html>

More information about the OWASP-Leaders mailing list