1. Copyright © 2004 - The OWASP Foundation Permission is granted to copy, distribute and/or modify this document under the terms of the GNU Free Documentation License. The OWASP Foundation OWASP AppSec June 2004 NYC http://www.owasp.org Discussion – What Do You Want OWASP to Accomplish this Year? Jeff Williams, OWASP Chair CEO, Aspect Security jeff.williams@owasp.orgeff.williams@o 410-707-1487

2. OWASP AppSec 2004 2 OWASP’s Unique Role  OWASP solves the collective action problem  The entire market benefits together  Why not wait for government?  Regulation, taxation, and enabling private lawsuits  Won’t fix the market and won’t happen anyway

3. OWASP AppSec 2004 3 The OWASP Foundation  Structured as a not-for-profit 501c3  Contributions are tax-deductible  Infrastructure  4 servers  2 SSL accelerators  Dedicated network  Backup  People  Dedicated volunteer experts who care about the cause

4. OWASP AppSec 2004 4 OWASP Projects  Guidelines  Guide, FAQ,.NET Guide, Tomcat Guide  Metrics  Metrics*  Legal  Contracts*, ISO17799*, Privacy*, Sarb-Ox*  Standards  Top Ten  Vulnerability and Risk Analysis  WebScarab,.NET, Testing I, Testing II  Community  Portal, Columns, oLabs, Local Chapters  Education  WebGoat

5. OWASP AppSec 2004 5 OWASP Local Chapters  Dallas, Texas  Houston, Texas  Austin, Texas  Atlanta, Georgia  San Francisco, California  Los Angeles, California  Boston, Massachusetts  Washington, D.C.  New York, New York  Rochester, New York  Switzerland  Turkey  Vienna, Austria  London, England  Toronto, Canada  India  Israel  Australia  Panama

6. OWASP AppSec 2004 6 What Should We Emphasize?  Guidelines  Metrics  Legal  Standards  Vulnerability and Risk Analysis  Community  Education  Other Areas?  Tools, Documentation, or Both?