[Owasp-leaders] 2016 Developer Survey Results

johanna curiel curiel johanna.curiel at owasp.org
Tue Mar 22 20:36:08 UTC 2016


>>But we want to do a little research first to find out how to engage
developers and where our message fits.

Agree. We can create content but that does not mean that this content will
help engage developers. Producing content is very labor intensive task an
if you produce the content without the right approach then you will have a
chance not to engage these developers.

Maybe will be great to have some kind of surveys during these dev's
conferences on the booth giving prices to those that fill them in.
Designing the survey is also essential.This is part of the research.

The research idea is an excellent start. I ask myself how many actual
'developers' are part of the owasp community? (excluding pen testers and
security engineers with solid education and background in security?)

I was a full time developer before going deep in security  and I joined
OWASP *after* I did my studies in security engineering , not before.

It will be interesting to know *how* to engage properly developers with
zero background in security.

Cheers

Johanna

On Tue, Mar 22, 2016 at 4:26 PM, Noreen Whysel <noreen.whysel at owasp.org>
wrote:

> I think it is pretty clear. Find out what kinds of developer events people
> are going to, have a presence at these events, learn how they are reaching,
> teaching and communicating with the developer community, Then "design an
> outreach program" part takes into consideration what we learned. I think
> the last part is what Johanna is interested in and can be developed at a
> local chapter level or via virtual trainings. But we want to do a little
> research first to find out how to engage developers and where our message
> fits.
>
> Noreen Whysel
> Community Manager
> OWASP Foundation
>
> On Tue, Mar 22, 2016 at 4:20 PM, johanna curiel curiel <
> johanna.curiel at owasp.org> wrote:
>
>>  Just "being there" is a great place to start.
>>
>> Hi Bill, I believe this already happens. With just being there in a form
>> of a booth presence does always help. Thats actually how I got involved
>> with owasp, but this is an 'old' strategy, nothing new and only has impact
>> on those developers that assist to conferences.
>>
>> What about all those thousands of devs that cannot pay these expensive
>> conferences, living in countries like me?
>>
>> I support Matt's idea and I just think that it needs to be promoted so we
>> can design this outreach, not just as visiting conferences
>>
>> cheers
>>
>> Johanna
>>
>> On Tue, Mar 22, 2016 at 4:16 PM, Bill Sempf <bill at pointweb.net> wrote:
>>
>>>
>>>
>>> On Tue, Mar 22, 2016 at 4:04 PM, johanna curiel curiel <
>>> johanna.curiel at owasp.org> wrote:
>>>
>>>>
>>>>
>>>> We do not reach this community just by assisting to these conferences.
>>>>
>>>>
>>> I disagree comprehensively with this statement. Through participation in
>>> developer conferences like CodeMash and Stirtrek, I have seen quantifiable
>>> increase in the 'reach' of security.  All of the OWASP chapters in the area
>>> have seen significant increases in growth, there have been far more
>>> security -focused talks at user groups, and there has been a significant
>>> increase in requests for security expertise from the area consulting
>>> firms.  Just "being there" is a great place to start.
>>>
>>> That said, if something significant is learned while we are just being
>>> there, and it leads to a larger strategy, so be it.  Personally, I'm
>>> pleased to see some action on a front of attack, rather than constant
>>> discussion.  It's a low risk activity with a potentially high reward.
>>>
>>> S
>>>
>>>
>>
>>
>>
>> --
>> Johanna Curiel
>> OWASP Volunteer
>>
>
>


-- 
Johanna Curiel
OWASP Volunteer
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/owasp-leaders/attachments/20160322/8c9a08a2/attachment-0001.html>


More information about the OWASP-Leaders mailing list