Copyright © The OWASP Foundation Permission is granted to copy, distribute and/or modify this document under the terms of the GNU Free Documentation License. The OWASP Foundation OWASP AppSec June 2004 NYC Discussion – What Do You Want OWASP to Accomplish this Year? Jeff Williams, OWASP Chair CEO, Aspect Security

OWASP AppSec OWASP’s Unique Role  OWASP solves the collective action problem  The entire market benefits together  Why not wait for government?  Regulation, taxation, and enabling private lawsuits  Won’t fix the market and won’t happen anyway

OWASP AppSec The OWASP Foundation  Structured as a not-for-profit 501c3  Contributions are tax-deductible  Infrastructure  4 servers  2 SSL accelerators  Dedicated network  Backup  People  Dedicated volunteer experts who care about the cause

OWASP AppSec OWASP Projects  Guidelines  Guide, FAQ,.NET Guide, Tomcat Guide  Metrics  Metrics*  Legal  Contracts*, ISO17799*, Privacy*, Sarb-Ox*  Standards  Top Ten  Vulnerability and Risk Analysis  WebScarab,.NET, Testing I, Testing II  Community  Portal, Columns, oLabs, Local Chapters  Education  WebGoat

OWASP AppSec OWASP Local Chapters  Dallas, Texas  Houston, Texas  Austin, Texas  Atlanta, Georgia  San Francisco, California  Los Angeles, California  Boston, Massachusetts  Washington, D.C.  New York, New York  Rochester, New York  Switzerland  Turkey  Vienna, Austria  London, England  Toronto, Canada  India  Israel  Australia  Panama

OWASP AppSec What Should We Emphasize?  Guidelines  Metrics  Legal  Standards  Vulnerability and Risk Analysis  Community  Education  Other Areas?  Tools, Documentation, or Both?