[Owasp-leaders] Standing for the OWASP Board: an agenda for the future

Andrew van der Stock vanderaj at owasp.org
Sun Jul 27 01:30:50 UTC 2014


Hi there,

I have formally submitted my name to be in the Board Elections 2014.

I am standing for:

* *Reforming the Board*. We need to improve the independence, ethics and
dispute resolution processes. I will be a root and branches reformer to
encourage the Board to make a couple of the positions available to truly
independent directors. I will be encouraging all current Board and future
Board members to undertake an Institute of Company Directors course to
understand their duties, and the way they integrate with the Foundation
they are responsible for.

* *Projects*. We must broaden our church to be truly inclusive of modern
web applications, web services, cloud, system, embedded and mobile. I
propose the Board create a process for RedBook style short intensive
workshops of 1-2 weeks where projects can ask for funding to move their
project to completion or a much higher state of quality. This should be
backed by industry participation, ensuring our core deliverables are
actually useful to developers and architects. The days of funding anyone
but the content creators must end. We need to be famous for our developer
centric projects, and these projects should be immediately useful to
developers and their teams.

* *Standards*. We need to be the trusted advisor to PCI, NIST, and ISO.
This is not an easy path to take, but if we are not at the table, we become
irrelevant. Additionally, we have an opportunity to take our flagship
standards products (Application Security Verification Standard and
Proactive Controls) and plug a market hole for easily applicable advice to
developers. Developers don't read ISO 27034, they don't read PCI DSS. They
should be reading and using our materials.

* *Education*. We need to create University level course (100, 200, 300)
with the help of a university educator. I propose that we ask a range of
universities to come to AppSec USA and start the process of formulating a
curriculum, which once completed will become the default standard
university curriculum for application security.

I know there are excellent candidates already. I encourage you to ask them
their positions on reforming the Board, Projects, Standards, and Education.
With your vote, you get to choose the future of OWASP. I want to bring us
back to our core mission of being relevant to developers, the literal
standard bearer for all application developers, and the thought leader for
the next generation of contributors and supporters.

thanks
Andrew
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/owasp-leaders/attachments/20140727/a4192483/attachment.html>


More information about the OWASP-Leaders mailing list