[Owasp-leaders] OWASP Top 10 Leadership Transition
Andrew van der Stock
vanderaj at owasp.org
Sun Jun 11 13:32:26 UTC 2017
Thank you to Dave and Jeff for starting the OWASP Top 10 all the way back
with the first edition in 2004. OWASP would be a far different organisation
without Dave and Jeff's stewardship of not only the OWASP Top 10, but OWASP
These are incredibly big shoes to fill, but it's important to not lose
sight of the fact that the OWASP Top 10 is a flagship project used by many
organisations for better and worse. Dave's actions to hand over the
leadership is a truly selfless act, and an act I want to recognise up front
because it shows the sort of spirit that pervades OWASP and we want more
of, not less. I do hope that Dave and Jeff continue to help with the OWASP
Top 10 and OWASP more generally.
Thank you Dave and Jeff, and everyone who has helped create the OWASP Top
10 since its inception.
WIth so many individual and organisational users and stakeholders, it will
not be possible to please everyone, but I hope that over the next week, we
can get pretty far down the path towards an agreed path forward. I look
forward to taking the OWASP Top 10 through to release this year, and
hopefully codify some of the elements of the OWASP Top 10's so that folks
can have confidence in the process, the data, and the document itself.
To that end, I will be transitioning the text to markdown at Github in bite
sized pieces, and transitioning feedback to Github issues. This provides a
level of transparency as to authorship and accountability for changes. I
think everyone agrees that we need to develop Flagship projects out in the
open, easily forkable, and easily and transparently maintainable. We will
use Github for this purpose. The MASVS team use a markdown to PDF
generator, which will use to allow follow the text through every single
change and merge, suggest changes and see their suggestions come to life.
I have asked the organisers of the OWASP Summit to change the agenda to be
more working sessions, and less "pile on" sessions. The times and dates
will remain the same, as it's too late to change those. If there are
constructive and positive contributions, it's time to get them into the
organisation, process, data collection, data, analysis, and text
construction. I want us to be working together on agreed outcomes and drive
this thing forward to a release at AppSec USA in September. This is a very
aggressive schedule, but I think the data is there, we just need to look at
it properly and agree on an analysis. I look forward to working with you
all at the summit; hopefully, my ADSL link will hold up sufficiently to
make this possible.
Lastly, I will work with even the harshest critics as long as you honestly
want to make this project and OWASP better, but simply stirring the pot or
trolling is not acceptable. Those who do stuff - win. It is the OWASP way,
and has been since the earliest days. So for the critics, it's now time to
work with us, or leave us in peace to let those who will build the next
OWASP Top 10 finish it.
On Sun, Jun 11, 2017 at 2:29 AM, Dave Wichers <dave.wichers at owasp.org>
> Hi everyone,
> The OWASP Top 10 Project is excited to welcome Andrew van der Stock as the
> new project leader. Andrew is a longtime OWASP contributor, a current
> OWASP board member, and led the 2007 Top 10 release. He will shepherd the
> 2017 Top 10 release candidate to a final release. The current project
> leaders are transitioning off the T10 effort.
> Please help Andrew by attending the OWASP Summit Top 10 sessions being
> held next week near London. You can attend in person or remotely. Andrew is
> seeking other OWASP community members that are on-site to help facilitate
> those sessions. This is your chance to help shape the future of the OWASP
> Thank you all for your contributions to OWASP and the T10 over the years
> and thank you Andrew for stepping up to take ownership of this important
> OWASP project.
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the OWASP-Leaders