[Owasp-leaders] New Project: The OWASP Top Trumps Project

Mark Miller mark.miller at owasp.org
Wed Aug 13 17:25:56 UTC 2014

Thanks for the encouragement. This is shaping up to be a fun project. if we
can get everyone to update their projects within the next week, it will be
a good card game to play at the next conference. I can even see taking over
a session room for a "World Series of OWASP" shoot out!

I ran into Colin Watson at Black Hat last week and it reminded me that his
Cornucopia deck was the germ of the idea for the OWASP Top Trumps game. As
always, thanks Colin. Great work. -- Mark

On Tue, Aug 12, 2014 at 6:04 PM, Mark Arnold <lotusebhat at gmail.com> wrote:

> Much respect Mark! Let us know how we can assist if needs be. I have been
> asking our chapter locally about becoming more familiar with the various
> projects within OWASP globally. This idea may serve to be the vehicle that
> gets us there.
> /ma
> On Tue, Aug 12, 2014 at 5:55 PM, Timur 'x' Khrotko (owasp) <
> timur at owasp.org> wrote:
>> I believe, OWASP badly needs this kind of attractive actions - my
>> respect, Mark!
>> On Tue, Aug 12, 2014 at 11:42 PM, Mark Miller <mark.miller at owasp.org>
>> wrote:
>>> To All,
>>> I am ecstatic to announce the creation of the "*OWASP Top Trumps for
>>> Projects*" card game project. For those of you in the UK, little else
>>> needs to be said, so you can head over to the project page and read
>>> about it <https://www.owasp.org/index.php/OWASP_Top_Trumps_for_Projects>.
>>> If you haven't heard of Top Trumps, read on.
>>> *What is the Top Trumps Project?*
>>> Top Trumps is a hugely popular card game in the UK. I was introduced to
>>> it while at Cambridge during AppSec Europe 2014 a couple months ago. There
>>> are many, many different deck versions
>>> <https://www.google.com/search?q=top+trumps&newwindow=1&espv=2&source=lnms&tbm=isch&sa=X&ei=hofqU8iYJ_HfsAT554HwBQ&ved=0CAcQ_AUoAg&biw=1309&bih=697>
>>> because any subject can be used to create a Top Trumps game. The concept is
>>> very simple:
>>>    - Choose 5 or 6 attributes that are common between the items in the
>>>    deck
>>>    - Deal out all the cards to the players, face down
>>>    - Each player looks at their top card without showing it to the
>>>    others
>>>    - A player chooses one of the attributes from their card, trying to
>>>    choose the highest value
>>>    - All players show their top card
>>>    - Whoever has the highest value of the attribute chosen wins that
>>>    round and collects the cards
>>>    - Play continues until all the cards are gone
>>> It is a VERY fast paced game and lots of fun. I brought the Marvel
>>> Superheros deck home with me and within a matter of days, my kids knew ALL
>>> the attributes of ALL the characters. As an example, one of the attributes
>>> in that deck was "Number of times the character has appeared in a comic",
>>> and "Debut year". When I get the Iron Man card, I always select
>>> "Technology" when it's my turn :-)
>>> Example Cards from an Actual Top Trumps "Star Wars" Deck. Notice there
>>> is a short description along with the attribute set. Awesome!
>>> [image: Inline image 1]
>>> *Purpose of the Project:*
>>> The purpose of the OWASP Top Trumps Project is twofold. First it is to
>>> encourage project leaders to improve their projects. *The more current
>>> your project, the higher your attributes will be on your project card.*
>>> The second is to help people learn about active projects on OWASP. When I
>>> brought home a Top Trumps deck of Super Heros, my 9 and 11 year old played
>>> for three days, and by then knew all the attributes and strengths of all 40
>>> characters in the deck. Can you imagine if we all knew six major attributes
>>> of the 88 active projects on OWASP?
>>> *Some suggested criteria: *
>>>    - Number of contributors
>>>    - Average commits (per week / month / year?)
>>>    - Open Hub activity level
>>>    - Open Hub Community Rating
>>>    - Open Hub OWASP ranking (as per https://www.openhub.net/orgs/OWASP)
>>>    - Open Hub users
>>> This is just a way to start so you can tell how the attributes of a
>>> project might be evaluated. These might not be the final criteria after
>>> final evaluation of the projects, but it's a start.
>>> *How Can You Participate*
>>> *As a leader of a project please make sure your project information is
>>> up to date*. The evaluation is dynamically generated from your project. The
>>> current status of your project evaluation can be found on the evaluation
>>> page <https://www.openhub.net/orgs/OWASP>. The more current your
>>> project information is, the higher your attribute score will be on your
>>> project card.
>>> *Conclusion*
>>> This is an extremely easy way for people to learn about ongoing projects
>>> as they play the game. The intent is to create a new deck each year.
>>> I will start building the deck on August 25, 2014, so that gives you
>>> enough time to evaluate and update your own project. My intent is to have
>>> the first iteration of the deck available for you to download prior to
>>> AppSec USA 2014, Denver.
>>> So get started! Make sure your project is up to date... and may the
>>> force be with you.
>>> --
>>> *Mark Miller, Senior Storyteller*
>>> *Curator and Founder, Trusted Software Alliance*
>>> *Host and Executive Producer, OWASP 24/7 Podcast ChannelCommunity
>>> Advocate, Sonatype*
>>> *Developers and Application Security: Who is Responsible?*
>>> <https://www.surveymonkey.com/s/Developers_and_AppSec>
>>> _______________________________________________
>>> OWASP-Leaders mailing list
>>> OWASP-Leaders at lists.owasp.org
>>> https://lists.owasp.org/mailman/listinfo/owasp-leaders
>> Email us to enforce secure link with your mail servers (domain).
>> This message may contain confidential information - you should handle it
>> accordingly.
>> Ez a levél bizalmas információt tartalmazhat, és ekként kezelendő.
>> _______________________________________________
>> OWASP-Leaders mailing list
>> OWASP-Leaders at lists.owasp.org
>> https://lists.owasp.org/mailman/listinfo/owasp-leaders
> --
> Best,
> Mark
> twitter: @lotusebhat
> email: lotusebhat at post.harvard.edu
> "Any man’s death diminishes me because I’m Involved in mankind." John Donne
> "One thing I ask of the Lord...that I may witness the goodness of the Lord
> in the land of the living (Psalms 27: 4, 13 --- my translated conflation of
> these verses in the Hebrew Masoretic text, Stuttgartensia)"

*Mark Miller, Senior Storyteller*
*Curator and Founder, Trusted Software Alliance*

*Host and Executive Producer, OWASP 24/7 Podcast ChannelCommunity Advocate,

*Developers and Application Security: Who is Responsible?*
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/owasp-leaders/attachments/20140813/1bf00b1a/attachment-0001.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image.png
Type: image/png
Size: 500045 bytes
Desc: not available
URL: <http://lists.owasp.org/pipermail/owasp-leaders/attachments/20140813/1bf00b1a/attachment-0001.png>

More information about the OWASP-Leaders mailing list