OWASP AppSec Europe 2006 Manifesto Enabling organizations to develop, maintain, and purchase applications that they can trust
OWASP AppSec Europe 2006 It’s about community Built on great foundations built by our contributors Greater peer to peer participation Emphasis on local community building More support for your projects
OWASP AppSec Europe 2006 It’s about building a solid foundation Transparency Improve membership experience Membership packages Individual Corporate Sponsor Starter chapter pack Key projects Projects
OWASP AppSec Europe 2006 It’s about delivery We have delivered some really cool stuff recently We have a very full year ahead Volunteer burn out happens We’re here to help you
OWASP AppSec Europe 2006 Major initiatives Guide Training CLASP Testing Guide Project incubator Wiki Forums Blogs Top 10 Conferences WebScarab WebGoat Ajax J2EE.NET Yours! Validation Local chapters Building our brand Certification
OWASP AppSec Europe 2006 History 2000: Mark Curphey and Microsoft Word 2001: OWASP Guide 1.0 Sep 2002: Many volunteers finish 1.1.1 Oct 2002: owasp-leaders created Leaders from each project This meritocracy still leads us today
OWASP AppSec Europe 2006 History 2003: OWASP Foundation created Chair: Jeff Williams Conferences Chair: Dave Wichers OWASP Leaders (about 30 odd people) OWASP Members OWASP Users
OWASP AppSec Europe 2006 OWASP Foundation Key activity: self-sustaining this financial year Currently earning a bit of cash Not enough to pay for a full time employee How to spend the money? and still do the stuff we want?
OWASP AppSec Europe 2006 Transparency Need your input on our executive leadership model Publish finances at least once per year Sponsorship schedule (inc. in kind) Propose move to member-only elections in 2007 timeframe (à la NetBSD, Debian, etc) Support? (Show of hands!)
OWASP AppSec Europe 2006 Funding model Need to increase OWASP individual members Current funding model is broken We will fix the model, but we need your input Funds for local development Some money for room booking fees, pizza, etc Money to build global organization
OWASP AppSec Europe 2006 Local chapters Easily the most useful OWASP activity Lots of chapters all around the world We want more! Chapter Starter Pack
OWASP AppSec Europe 2006 Local chapter support Use our Internet resources Announce meetings well in advance Have a schedule well in advance Be consistent Community: blogs, forum - in your local language Present new stuff ... or borrow other chapter’s slides
OWASP AppSec Europe 2006 Guidelines for chapters Encourage membership in OWASP Try to be easily found and a popular time Always try to meet, if only for drinkies Local sponsorship by vendors is fine Try not to be 0wned by the vendors (of any type) Protect yourself - insurance, talk choices, etc
OWASP AppSec Europe 2006 Membership drive We need you to join ... once we have worked out the funding model $100 USD Members get to vote and lead Renewing members will get our membership pack What do you want to see?
OWASP AppSec Europe 2006 Leadership focus Developing OWASP Foundation and infrastructure Helping you deliver timely, useful projects Keeping today’s flagship products fresh and relevant
OWASP AppSec Europe 2006 Updating old favorites OWASP Guide 3.0 PDF, book, and Wiki Top 10 2007 Wiki Edition - need volunteers Testing Guide 1.0 PDF and Wiki - need volunteers
OWASP AppSec Europe 2006 Standards Top 10 is an awareness product, not a standard Need a standard Relevant, useful and practical Long lived and stable Not particularly verbose or long Must take input from key users (PCI, DHS,etc)
OWASP AppSec Europe 2006 Certification Our brand is important to us Need something to help get rid of freeloaders Do we really want to run a certification lab? Need a certification project
OWASP AppSec Europe 2006 Training Many firms using OWASP Top 10 / Guide without permission We need a training project Top 10 1/2 day (Business types) Architects 1 Day Developer 3 Day Certify trainers? Train the trainer? How to ensure we don’t get ripped off or brand sullied? Or destroy friendly businesses?
OWASP AppSec Europe 2006 Project Focus Participate! What do you want us to focus on?
OWASP AppSec Europe 2006 Project incubators Initiate any project you like Each project will have its own space Community: Link to team member blogs and forum Resources: Samples, downloads, private workspace