[Owasp-Malaysia] Fwd: FW: [Owasp-leaders] Creating OWASP 4.0!

najmi.zabidi at gmail.com najmi.zabidi at gmail.com
Wed Dec 8 08:49:48 EST 2010

Ada sape nak pergi Portugal ke. Leh jumpe Christian Ronaldo

---------- Forwarded message ----------
From: Kate Hartmann <kate.hartmann at owasp.org>
Date: Wed, Dec 8, 2010 at 8:55 PM
Subject: FW: [Owasp-leaders] Creating OWASP 4.0!
To: owasp-all at lists.owasp.org

OWASP Community,

Please take note of Jeff William’s post below.  His message was
originally sent to the OWASP-Leader’s list, but is applicable to

Thank you.

Kate Hartmann

Operations Director



Skype:  Kate.hartmann1

From: owasp-leaders-bounces at lists.owasp.org
[mailto:owasp-leaders-bounces at lists.owasp.org] On Behalf Of Jeff
Sent: Tuesday, December 07, 2010 11:37 PM
To: owasp-leaders at lists.owasp.org
Subject: [Owasp-leaders] Creating OWASP 4.0!

Hi everyone,

In my mind, OWASP 1.0 was pre-wiki with lots of great work and a less
great infrastructure.  OWASP 2.0 was establishing the 501c3, putting
in the wiki, and getting lots of great projects started. OWASP 3.0
started with the Summit in Portugal when we created the new committees
and has focused on creating thriving projects instead of standalone
tools.  Thank you for all of your efforts growing a fun, civil,
productive community.

I reach out to you now to ask you to take some time and think about
what OWASP should become.  The time has come to measure our success
not by the number of members, projects, and conferences, but by
whether we are succeeding at making the world’s software more secure.
It’s time to get our message and strategy to the next level.


If you consider yourself an OWASP Leader, won’t you take a few minutes
of quiet time and propose a few ideas for how OWASP can retool,
reorganize, refocus, and revamp itself to really achieve our mission?
We will rip, mix, and burn these ideas into a new strategy for OWASP
at the Portugal Summit.  I encourage you to check out the resort and
all the plans happening right now at

Here are some ideas to get you started.

·         We bootstrap several application security ecosystems around
key technologies like mobile, cloud, REST

·         We reach out to governments around the world to help them
push for application security

·         We raise money to fund real security enhancements to tools,
browsers, protocols (e.g. OpenSSL)

·         We make the OWASP materials more usable by providing a
“user” site and keep the wiki for development

·         We invest in marketing AppSec – How do we scale David Rice
and the “greening” of AppSec

·         We continue our education initiative – academies, college
chapters, videos, curriculum

·         We continue our browser initiative and do whatever it takes
to get the browsers and frameworks talking

·         We invest in getting in front of new technologies like HTML5

·         We launch a no-holds barred XSS eradication campaign

·         We create a set of objective AppSec *market* metrics that
quantify the state of our art

·         We continue to push on creating standards

·         ???

We need your ideas NOW.  Get yourself on the list!


In one week of thinking, arguing, coding, hacking, and writing we are
going to accomplish more than the rest of the world’s appsec efforts
combined.  We’ll see you in Portugal ready to rock.  Thanks!


To unsubscribe from the Owasp-all mailing list, you will need to
unsubscribe yourself from all OWASP mailing lists you belong too. This
list is automatically generated to allow OWASP to contact all
it&#8217;s members in one distribution.

Best regards, OWASP
-------------- next part --------------
OWASP-Leaders mailing list
OWASP-Leaders at lists.owasp.org

More information about the Owasp-Malaysia mailing list