Sunday, November 6, 2011

Lots of Great Things Happening At OWASP

You may be curious to know that OWASP has been doing quite a bit this past year.  With over 1500 members in 189 local chapters around the globe, it’s not hard to understand why so much is happening.  During 2011, major OWASP conferences were held in Asia, Europe, Latin America and North America. In addition to the traditional conferences, the 2nd OWASP world summit took place in Portugal with 180 security experts attending from 30 different countries. During this event attendees focused on working sessions to tackle security challenges facing the industry (read the full report and results here). OWASP was also present with talks or booths at 38 other events throughout 2011. 
In addition to security conferences, many OWASP leaders are speaking at developer conferences to spread security knowledge directly to those building the applications. We’ll be gathering better metrics in the future, but a quick and informal twitter question reveals many OWASP individuals are presenting security at non-security conferences such as JsFoo, PHP in the cloud, Jazoon, UberConf, JavaOne, SuperMondays, guest lecturing at Universities, DjangoCon, Pycon, PHPLondon, Cloud Camps, Bar Camps, #educause, #jasig and many more.
The OWASP community is also growing strong through a variety of OWASP projects. Some of these are mature tool sets and resources that are tackling challenging security problems; others are in experimentation and exploration phases to test out new areas of research.  To better aid project growth the OWASP Projects committee is continually working to provide a framework that encourages experimentation and new project ideas and also builds the process, quality and supporting resources needed to foster more mature projects.
While OWASP has a great number of excellent resources, we also realize that its not always the easiest to find the material you are looking for.  We’re busy figuring out ways to best match up individuals with the relevant and high quality OWASP materials.  New approaches may include building specific paths through the website based on developers, testers, architects, etc (builders, breakers, defenders, or more) or it could be through a meta data store of all project information, or even an approach where projects are categorized into maturity levels such as Incubator / Labs / Flagship. None-the-less, we’re aware this is an important area that needs attention to further grow the usability and accessibility of OWASP resources.
If you’re interested in helping out then please reach out to anyone within OWASP, join or propose a project, or even volunteer on an OWASP committee.  The battle to raise awareness around application security is a challenging task and we’re constantly looking for fresh ideas and talented individuals to volunteer their time and abilities towards furthering the OWASP mission. 
Lastily, I realize this doesn't scratch the surface of everything took place in 2011 with OWASP. Please comment below with items you'd like to recognize.

Michael Coates
OWASP