[Owasp-leaders] OWASP 2014 - Strategic Goals

Jeff Williams jeff.williams at owasp.org
Mon Nov 11 03:01:37 UTC 2013


I wasn't suggesting that the organization-focused goals aren't important.
I'm thrilled to see OWASP continue to grow. Just saying a few of the
strategic goal ideas for 2014 should be focused on our domain...

* Foster innovation and experimentation. One possibility is a DARPA style
high-risk, high-reward proposal program... there are others.
* Encourage diversity.  I think the "Women in AppSec" program is great and
should be expanded
* Pursue Measurement.  As Jeremiah has correctly pointed out, nobody really
knows if any of this stuff really works. Let's find out.
* Advertise.  This isn't exactly the right word. I'm thinking of a "Truth"
style campaign to help the world understand the importance of appsec
* Encourage competition. The crypto community does this well through NIST
for algorithms. Why not other defenses?

--Jeff


On Fri, Nov 8, 2013 at 11:21 PM, Jim Manico <jim.manico at owasp.org> wrote:

> > Shouldn't the strategies have something to do with the mission?
>
> Of course. But we also need a well run organization in order to properly
> serve the mission. The staff has done a remarkable job in cleaning up a lot
> of difficult messes that OWASP had become. There is no shame meant in that
> statement. OWASP is just growing up - kind of like moving from a start-up
> to a larger organization. The organizational changes that Colin and Josh
> suggest are really critical in terms of efficiency. We just want to
> maximize the minimal resources that we have to serve the mission.
>
> Another thing, the suggestions below from Colin and Josh are additions,
> not the entire set of strategic goals of the organization.
>
> Here are the past OWASP strategic goals.
> https://docs.google.com/a/owasp.org/document/d/19BJMDMTVWlwqMcvUfDy1Mcjtd_bKGbhu-D-VBE-7kFU/edit
>
> We are going to be building the 2014 strategic goals after AppSecUSA (
> www.appsecusa.com) on November 22rd.
> https://www.owasp.org/index.php/November_22,_2013 You are welcome to dial
> in and lend advice and support!
>
> If you have any suggestions as to how we can make "aggressive game
> changing innovation" in an open, vendor-neutral and community based way,
> then bring it on!
>
> > How are we going to change the trajectory of software development?
>
> Jeff, as one of the OWASP Top Ten leaders, you have a HUGE opportunity to
> effect the culture of software. I see the OWASP Top Ten in almost every dev
> shop I run into. So I ask you, is the OWASP Top Ten 2013 an "aggressive
> pursuit and encouragement of game-changing innovation, not just
> technological but cultural"? I think that one of your biggest opportunities
> to see the change you want.
>
> Aloha,
> Jim
>
>
> > How are we going to change the trajectory of software development?  How
> to make appsec something every developer wants to know...aspirational?
> >
> > The strategies ought to include aggressive pursuit and encouragement of
> game-changing innovation, not just technological but cultural. Otherwise we
> will continue to slowly lose ground in the face of rapid tech expansion.
> >
> > --Jeff
> >
> >
> >> On Nov 8, 2013, at 4:25 PM, Colin Watson <colin.watson at owasp.org>
> wrote:
> >>
> >> I still quite like the "platform" and "quality" aspects.
> >>
> >> 1. The community (incl staff) efforts on updating design and the wiki
> >> has made a huge improvement. Contrary to the 2013 objective, the wiki
> >> stuff is improving from the bottom up, but I'm sure this will surface
> >> onto the home page soon.
> >>
> >> 2. I'd like to see some effort in enabling "self-service" for
> >> volunteers to take some of the load off the staff e.g. "how tos and
> >> FAQs" for project leaders.
> >>
> >> 3.  I also think we need to keep pushing the "open" aspect. Make it
> >> difficult for secret groups, cliques and closed-door activities to
> >> occur.
> >>
> >> Colin
> >>
> >>
> >>
> >>> On 8 November 2013 21:06, Jim Manico <jim.manico at owasp.org> wrote:
> >>> Right on, Josh! Bring it! :)
> >>>
> >>> Aloha,
> >>> --
> >>> Jim Manico
> >>> @Manicode
> >>> (808) 652-3805
> >>>
> >>> On Nov 8, 2013, at 4:02 PM, Josh Sokol <josh.sokol at owasp.org> wrote:
> >>>
> >>> I would like to add two strategic goals to this list:
> >>>
> >>> 1) Create policies and processes to support the chapters.  Encourage
> them to
> >>> innovate.  Create a framework to allow them to be financially
> >>> self-sufficient.
> >>>
> >>> 2) Investigate what it means to be an "OWASP member".  How do we
> justify
> >>> becoming a paid member?  What are the benefits that paid members
> receive
> >>> from their contributions?
> >>>
> >>> ~josh
> >>>
> >>>
> >>> On Fri, Nov 8, 2013 at 2:50 PM, Michael Coates <
> michael.coates at owasp.org>
> >>> wrote:
> >>>>
> >>>> Leaders,
> >>>>
> >>>> For the past 2 years we have set strategic goals at the board level.
> The
> >>>> purpose of these initiatives are to zero in on a few key elements
> where we
> >>>> wish to drive growth. These strategic goals are also used to
> prioritize and
> >>>> guide the operation team's tactcial goals and focus.
> >>>>
> >>>> As we're planning for 2014 I'd like to ask all of you for your
> thoughts
> >>>> and feedback on strategic goals for the OWASP foundation. Please note
> that
> >>>> these items are geared towards the owasp organization, not any
> specific
> >>>> project, conference, chapter etc. OWASP is building the platform for
> all of
> >>>> these wonderful things to occur. How should we specifically try and
> grow
> >>>> that platform in pursuit of our mission in 2014?
> >>>>
> >>>> The list of 2012 and 2013 strategic goals can be found here:
> >>>>
> https://docs.google.com/document/d/19BJMDMTVWlwqMcvUfDy1Mcjtd_bKGbhu-D-VBE-7kFU/edit
> >>>>
> >>>>
> >>>> Please reply to this thread with your thoughts, comments and ideas.
> >>>>
> >>>>
> >>>>
> >>>> Thanks!
> >>>>
> >>>> --
> >>>> Michael Coates | OWASP | @_mwc
> >>>>
> >>>>
> >>>> _______________________________________________
> >>>> OWASP-Leaders mailing list
> >>>> OWASP-Leaders at lists.owasp.org
> >>>> https://lists.owasp.org/mailman/listinfo/owasp-leaders
> >>>
> >>> _______________________________________________
> >>> OWASP-Leaders mailing list
> >>> OWASP-Leaders at lists.owasp.org
> >>> https://lists.owasp.org/mailman/listinfo/owasp-leaders
> >>>
> >>>
> >>> _______________________________________________
> >>> OWASP-Leaders mailing list
> >>> OWASP-Leaders at lists.owasp.org
> >>> https://lists.owasp.org/mailman/listinfo/owasp-leaders
> >> _______________________________________________
> >> OWASP-Leaders mailing list
> >> OWASP-Leaders at lists.owasp.org
> >> https://lists.owasp.org/mailman/listinfo/owasp-leaders
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/owasp-leaders/attachments/20131110/c51d675f/attachment.html>


More information about the OWASP-Leaders mailing list