[Owasp-leaders] (Projects Reboot 2012) Re: OWASP 2014 - Strategic Goals

Ludovic Petit ludovic.petit at owasp.org
Mon Nov 11 18:16:24 UTC 2013


I also forgot to mention the Marketing Initiative project as part of OWASP
2014 Strategic Goals, don't you think that might help a lot - including
Chapters - further to my previous post?

Sarah, Sam, Kate, c'mon Ladies, I do not see any post from you Mesdames.
Some spices in the soup?
;-)

Ludovic
Le 11 nov. 2013 19:04, "Eoin Keary" <eoin.keary at owasp.org> a écrit :

> Agreed the wiki is out of date, but Sam does a great job with the projects
> and keeps track of things.
>
> I Will update the wiki when I get time.
>
> Again thanks for the positive comments, very motivating.!!
>
>
>
> Eoin Keary
> Owasp Global Board
> +353 87 977 2988
>
>
> On 11 Nov 2013, at 15:14, Dinis Cruz <dinis.cruz at owasp.org> wrote:
>
> Eoin, when you say ' very successful reboot project funding' , can you be
> more specific on the criteria you used to reach that conclusion?
>
> For example where can I see:
> - all funds allocated
> - all funds projected to be spent
> - all funds actually spent
> - timeline of the expenditure
> - what was achieved with the funds spent?
> - the final deliverables of the project reboot 2012 (which started on
> Jun/Aug 2012)
>
> Also the page https://www.owasp.org/index.php/Projects_Reboot_2012 seems
> quite out of date. So I would expect that a number of the answers to my
> questions should be placed there (since it is important to have accurate
> historical documentation of this type of Owasp initiatives)
>
> Thanks
> On 11 Nov 2013 14:15, "Eoin Keary" <eoin.keary at owasp.org> wrote:
>
>> We have the very successful reboot project funding many projects. Some
>> are to be released at appsecusa such as the ciso guide.
>> I agree we need to spend more. If € is donated for a particular project
>> or chapter, we can't move that money to another project that easily, given
>> it was a donation.
>> This is frustrating but needs to be observed to be compliant with charity
>> law etc.
>>
>>
>> Eoin Keary
>> Owasp Global Board
>> +353 87 977 2988
>>
>>
>> On 11 Nov 2013, at 13:15, Dinis Cruz <dinis.cruz at owasp.org> wrote:
>>
>> This innovation will not come from 'owasp' . The way to do it is to
>> create a budget programme like the Owasp GSD project (
>> https://www.owasp.org/index.php/OWASP_GSD_Project) and trust the owasp
>> leaders with the responsibility and budget .
>>
>> This is the Projects/Chapters Buckets idea that I have been talking for a
>> while now, and that idea will do more for OWASP's ability to innovate ,
>> than any discussion thread or top-down initiative
>>
>> On the topic of Measurement , I completely agree, and that is something
>> that the owasp OpsTeam (the employees) should really focus on (since they
>> are the only ones that will have the independence and motivation to do it)
>> On 11 Nov 2013 03:03, "Jeff Williams" <jeff.williams at owasp.org> wrote:
>>
>>> I wasn't suggesting that the organization-focused goals aren't
>>> important. I'm thrilled to see OWASP continue to grow. Just saying a few of
>>> the strategic goal ideas for 2014 should be focused on our domain...
>>>
>>> * Foster innovation and experimentation. One possibility is a DARPA
>>> style high-risk, high-reward proposal program... there are others.
>>> * Encourage diversity.  I think the "Women in AppSec" program is great
>>> and should be expanded
>>> * Pursue Measurement.  As Jeremiah has correctly pointed out, nobody
>>> really knows if any of this stuff really works. Let's find out.
>>> * Advertise.  This isn't exactly the right word. I'm thinking of a
>>> "Truth" style campaign to help the world understand the importance of appsec
>>> * Encourage competition. The crypto community does this well through
>>> NIST for algorithms. Why not other defenses?
>>>
>>> --Jeff
>>>
>>>
>>> On Fri, Nov 8, 2013 at 11:21 PM, Jim Manico <jim.manico at owasp.org>wrote:
>>>
>>>> > Shouldn't the strategies have something to do with the mission?
>>>>
>>>> Of course. But we also need a well run organization in order to
>>>> properly serve the mission. The staff has done a remarkable job in cleaning
>>>> up a lot of difficult messes that OWASP had become. There is no shame meant
>>>> in that statement. OWASP is just growing up - kind of like moving from a
>>>> start-up to a larger organization. The organizational changes that Colin
>>>> and Josh suggest are really critical in terms of efficiency. We just want
>>>> to maximize the minimal resources that we have to serve the mission.
>>>>
>>>> Another thing, the suggestions below from Colin and Josh are additions,
>>>> not the entire set of strategic goals of the organization.
>>>>
>>>> Here are the past OWASP strategic goals.
>>>> https://docs.google.com/a/owasp.org/document/d/19BJMDMTVWlwqMcvUfDy1Mcjtd_bKGbhu-D-VBE-7kFU/edit
>>>>
>>>> We are going to be building the 2014 strategic goals after AppSecUSA (
>>>> www.appsecusa.com) on November 22rd.
>>>> https://www.owasp.org/index.php/November_22,_2013 You are welcome to
>>>> dial in and lend advice and support!
>>>>
>>>> If you have any suggestions as to how we can make "aggressive game
>>>> changing innovation" in an open, vendor-neutral and community based way,
>>>> then bring it on!
>>>>
>>>> > How are we going to change the trajectory of software development?
>>>>
>>>> Jeff, as one of the OWASP Top Ten leaders, you have a HUGE opportunity
>>>> to effect the culture of software. I see the OWASP Top Ten in almost every
>>>> dev shop I run into. So I ask you, is the OWASP Top Ten 2013 an "aggressive
>>>> pursuit and encouragement of game-changing innovation, not just
>>>> technological but cultural"? I think that one of your biggest opportunities
>>>> to see the change you want.
>>>>
>>>> Aloha,
>>>> Jim
>>>>
>>>>
>>>> > How are we going to change the trajectory of software development?
>>>>  How to make appsec something every developer wants to know...aspirational?
>>>> >
>>>> > The strategies ought to include aggressive pursuit and encouragement
>>>> of game-changing innovation, not just technological but cultural. Otherwise
>>>> we will continue to slowly lose ground in the face of rapid tech expansion.
>>>> >
>>>> > --Jeff
>>>> >
>>>> >
>>>> >> On Nov 8, 2013, at 4:25 PM, Colin Watson <colin.watson at owasp.org>
>>>> wrote:
>>>> >>
>>>> >> I still quite like the "platform" and "quality" aspects.
>>>> >>
>>>> >> 1. The community (incl staff) efforts on updating design and the wiki
>>>> >> has made a huge improvement. Contrary to the 2013 objective, the wiki
>>>> >> stuff is improving from the bottom up, but I'm sure this will surface
>>>> >> onto the home page soon.
>>>> >>
>>>> >> 2. I'd like to see some effort in enabling "self-service" for
>>>> >> volunteers to take some of the load off the staff e.g. "how tos and
>>>> >> FAQs" for project leaders.
>>>> >>
>>>> >> 3.  I also think we need to keep pushing the "open" aspect. Make it
>>>> >> difficult for secret groups, cliques and closed-door activities to
>>>> >> occur.
>>>> >>
>>>> >> Colin
>>>> >>
>>>> >>
>>>> >>
>>>> >>> On 8 November 2013 21:06, Jim Manico <jim.manico at owasp.org> wrote:
>>>> >>> Right on, Josh! Bring it! :)
>>>> >>>
>>>> >>> Aloha,
>>>> >>> --
>>>> >>> Jim Manico
>>>> >>> @Manicode
>>>> >>> (808) 652-3805
>>>> >>>
>>>> >>> On Nov 8, 2013, at 4:02 PM, Josh Sokol <josh.sokol at owasp.org>
>>>> wrote:
>>>> >>>
>>>> >>> I would like to add two strategic goals to this list:
>>>> >>>
>>>> >>> 1) Create policies and processes to support the chapters.
>>>>  Encourage them to
>>>> >>> innovate.  Create a framework to allow them to be financially
>>>> >>> self-sufficient.
>>>> >>>
>>>> >>> 2) Investigate what it means to be an "OWASP member".  How do we
>>>> justify
>>>> >>> becoming a paid member?  What are the benefits that paid members
>>>> receive
>>>> >>> from their contributions?
>>>> >>>
>>>> >>> ~josh
>>>> >>>
>>>> >>>
>>>> >>> On Fri, Nov 8, 2013 at 2:50 PM, Michael Coates <
>>>> michael.coates at owasp.org>
>>>> >>> wrote:
>>>> >>>>
>>>> >>>> Leaders,
>>>> >>>>
>>>> >>>> For the past 2 years we have set strategic goals at the board
>>>> level. The
>>>> >>>> purpose of these initiatives are to zero in on a few key elements
>>>> where we
>>>> >>>> wish to drive growth. These strategic goals are also used to
>>>> prioritize and
>>>> >>>> guide the operation team's tactcial goals and focus.
>>>> >>>>
>>>> >>>> As we're planning for 2014 I'd like to ask all of you for your
>>>> thoughts
>>>> >>>> and feedback on strategic goals for the OWASP foundation. Please
>>>> note that
>>>> >>>> these items are geared towards the owasp organization, not any
>>>> specific
>>>> >>>> project, conference, chapter etc. OWASP is building the platform
>>>> for all of
>>>> >>>> these wonderful things to occur. How should we specifically try
>>>> and grow
>>>> >>>> that platform in pursuit of our mission in 2014?
>>>> >>>>
>>>> >>>> The list of 2012 and 2013 strategic goals can be found here:
>>>> >>>>
>>>> https://docs.google.com/document/d/19BJMDMTVWlwqMcvUfDy1Mcjtd_bKGbhu-D-VBE-7kFU/edit
>>>> >>>>
>>>> >>>>
>>>> >>>> Please reply to this thread with your thoughts, comments and ideas.
>>>> >>>>
>>>> >>>>
>>>> >>>>
>>>> >>>> Thanks!
>>>> >>>>
>>>> >>>> --
>>>> >>>> Michael Coates | OWASP | @_mwc
>>>> >>>>
>>>> >>>>
>>>> >>>> _______________________________________________
>>>> >>>> OWASP-Leaders mailing list
>>>> >>>> OWASP-Leaders at lists.owasp.org
>>>> >>>> https://lists.owasp.org/mailman/listinfo/owasp-leaders
>>>> >>>
>>>> >>> _______________________________________________
>>>> >>> OWASP-Leaders mailing list
>>>> >>> OWASP-Leaders at lists.owasp.org
>>>> >>> https://lists.owasp.org/mailman/listinfo/owasp-leaders
>>>> >>>
>>>> >>>
>>>> >>> _______________________________________________
>>>> >>> OWASP-Leaders mailing list
>>>> >>> OWASP-Leaders at lists.owasp.org
>>>> >>> https://lists.owasp.org/mailman/listinfo/owasp-leaders
>>>> >> _______________________________________________
>>>> >> OWASP-Leaders mailing list
>>>> >> OWASP-Leaders at lists.owasp.org
>>>> >> https://lists.owasp.org/mailman/listinfo/owasp-leaders
>>>>
>>>>
>>>
>>> _______________________________________________
>>> OWASP-Leaders mailing list
>>> OWASP-Leaders at lists.owasp.org
>>> https://lists.owasp.org/mailman/listinfo/owasp-leaders
>>>
>>> _______________________________________________
>> OWASP-Leaders mailing list
>> OWASP-Leaders at lists.owasp.org
>> https://lists.owasp.org/mailman/listinfo/owasp-leaders
>>
>>
> _______________________________________________
> OWASP-Leaders mailing list
> OWASP-Leaders at lists.owasp.org
> https://lists.owasp.org/mailman/listinfo/owasp-leaders
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/owasp-leaders/attachments/20131111/f0920f42/attachment-0001.html>


More information about the OWASP-Leaders mailing list