2018 - What question would you like to ask the candidates in the OWASP Global Board election? #1
Comments
|
Besides all the governance issues the main question for everyone would be to simply define what OWASP and OWASP focus is for them. Writing something and sticking to the wall v/s living by that code makes all the difference. I am outlining buch of different questions which can help them in answering to the above. combined together we can get a clear idea of what each candidate has in mind. Is the focus on appsec conferences, community building or developer initiatives. At this point to anyone looking at OWASP its a unfocused group of people trying the hands on just about everything. OWASP Started with Web in its name but now also deals with mobile, iot and what not. Is community a side effort or one of the core initiatives. Is OWASP region or location specific focused efforts. Is focus on Offence or Defence. The top projects are all in offensive side of things or testing not much for developers as actionable stuff. Any plans on focusing on that areas would also be a nice thing to know I see a lot of lofty claims but what do the board achieve in one year do anyone care to give details of what was achieved in last tenure. lets not point to board meeting minutes for references rather can we have a proper year end goals claimed vs goals achieved listing to see what board actually did. |
|
These are really thought provoking questions. OWASP was born out of a lot of passion and a desire to improve the coding in web apps. Well, there was no IoT then, and nothing really to speak of in mobile. OWASP has expanded to keep true to the ideals of its birth by expanding to address these important areas. Poorly written code is not only still here among us, but has actually gotten worse, due to the new technology of IoT. We have a lot of leadership that must be provided to help push change in this area, as well as mobile. Community? You bet we are about community. It is the glue the keeps us all together. Teams are working everywhere to build standards, templates, and tools. Regular meetings are happening around the globe, with educational speakers and networking bringing all of us closer together. Don't forget the awesome AppSec and local conferences. And NEVER forget the parties and dinners. Regarding offense or defense, we obviously need both. Developers are a key force in OWASP, and most conferences provide developer talks as the majority of the sessions. I have seen many great ideas that can be implemented right away in organizations. Bottom line, it sounds like you are looking for an OWASP Charter, and manifesto of who and what we are, and what we want. Of course, chances are if you polled all OWASP members, you would get a lot of different answers, with a focus on a variety of goals. We cannot be everything to everyone, but we sure can tackle several initiatives in a variety of realms simultaneously. And the way this gets done is through community...and passion...and collaboration. |
|
Looks like the intentions got lost in paragraphs. Let me put one liner questions here.
With recent discussions going on on owasp-leaders list its very clear that new board has the work cut out for them so if they answer these questions it will be easier for community / members to make a right call. Besides this i would also love to see sort of like a report card done by outgoing board members what they wanted to achieve and what did they achieved. that can then feedback for next set of folks to understand how things flow around here. |
|
Time for comments on the 2018 Board elections has ended. Closing this 'issue' to stop additional submissions |
Please enter your questions below as comments to this 'issue'.
For existing questions you like, go ahead and up-vote them. For more info on the 2018 election, check out the wiki page.
The text was updated successfully, but these errors were encountered: