Lots of Great Things Happening At OWASP
You may be curious to know that OWASP has been doing quite a bit
this past year. With over 1500
members in 189 local chapters around the globe, it’s not hard to understand
why so much is happening. During 2011, major
OWASP conferences were held in Asia, Europe, Latin America and North America.
In addition to the traditional conferences, the 2nd OWASP world summit took place in Portugal with 180 security experts attending from 30 different countries. During this event attendees focused on working sessions to tackle security
challenges facing the industry (read the full report and results here). OWASP was also present with talks or booths at 38 other events throughout 2011.
In addition to security conferences, many OWASP leaders are speaking
at developer conferences to spread security knowledge directly to those
building the applications. We’ll be gathering better metrics in the future, but
a quick and informal twitter question reveals many OWASP individuals are
presenting security at non-security conferences such as JsFoo,
PHP in the cloud, Jazoon,
UberConf, JavaOne, SuperMondays,
guest lecturing at Universities, DjangoCon, Pycon, PHPLondon, Cloud Camps, Bar
Camps, #educause, #jasig and many more.
The OWASP community is also growing strong through a variety of
OWASP projects. Some of these are mature tool sets and resources that are tackling
challenging security problems; others are in experimentation and exploration
phases to test out new areas of research.
To better aid project growth the OWASP Projects committee is
continually working to provide a framework that encourages experimentation and
new project ideas and also builds the process, quality and supporting resources
needed to foster more mature projects.
While OWASP has a great number of excellent resources, we also
realize that its not always the easiest to find the material you are looking
for. We’re busy figuring out ways to
best match up individuals with the relevant and high quality OWASP materials. New approaches may include building specific paths through the website based on
developers, testers, architects, etc (builders, breakers, defenders, or more) or
it could be through a meta data store of all project information, or even an
approach where projects are categorized into maturity levels such as Incubator
/ Labs / Flagship. None-the-less, we’re aware this is an important area that
needs attention to further grow the usability and accessibility of OWASP
resources.
If
you’re interested in helping out then please reach out to anyone within OWASP,
join or propose a project, or even volunteer on an OWASP committee. The battle to raise awareness around
application security is a challenging task and we’re constantly looking for
fresh ideas and talented individuals to volunteer their time and abilities
towards furthering the OWASP mission.
Lastily, I realize this doesn't scratch the surface of everything took place in 2011
with OWASP. Please comment below with items you'd like to recognize.
Michael Coates
OWASP
OWASP