Eoin Keary

OWASP board member since 2009. Elected to position of global Vice Chair, September 2011.

A long time member of OWASP. Based in Dublin and director of bccriskadvisory.com

LinkedIn profile click here

Eoin Keary has been with OWASP since 2004. He is based in Ireland and runs a software security practice, bccriskadvisory.com.

He is currently on the global board of the OWASP foundation, he was elected to the board in 2009. During this time Eoin assisted in founding the OWASP legal entity in Europe and has helped provide structure to OWASPs finances and strategy. Eoin currently leads the reboot project which aims to improve current OWASP projects and start new ones. Eoin believes the projects OWASP delivers are a key aspect of the foundation and also very important in helping both developers and security professionals in building more secure software. Eoin previously lead the OWASP Testing Guide and  currently the OWASP Code Review Guide and also contributed to other OWASP projects such as OWASP SAMM, OWASP CISO Guide & CISO Survey, OWASP Cheat sheets, and the OWASP ASVS & ZAP as a reviewer.

Eoin also founded the OWASP Dublin chapter in 2006 and the OWASP Ireland event in 2008 which is in its 4th year and also hosted OWASP eu in 2011.

Eoin believes OWASP needs to focus more on outreach to the software development community and also involve itself more with the industries which rely on software to achieve business and social goals by assisting organisations, CISO's and security communities in writing and defending software infrastructure. To this end,  Eoin frequently delivers free technical and executive awareness workshops to help organisations achieve their goals in a secure manner.

My involvement in OWASP to date.............

OWASP Ireland Chapter leader and founder since 2004

Have held regular meetings, promoted OWASP and application security in general. I have developed a stong community within Ireland in terms of secure development such that large organisations are aware of OWASP and invite me for comment and involvement in application security awareness efforts. I am involved in ongoing efforts to consolidate the security community with groups such as IISF, IAI and ISSA.

OWASP Testing guide leader (2005-2007)

Handed over from Daniel Cuthbert in 2005. Lead the testing guide effort, transferred it to wiki from word document in 2006. Wrote significant portions of the guide. Handed guide to Matteo Meucci in 2007

Code review guide (V1.1) leader - "Worlds first open source code review guide"

Lead and founder of guide. Authored 70% of currrent code review guide. Considered the most comprehensive code review guide on the web. Ongoing project currently at V1.1 Tools such as OWASP code crawler are inspired by the guide. Used by US Gov agencies, Insustry Security standards etc.

OWASP ASVS Reviewer

Reviewed and supplied suggestions for most recent release of ASVS. Presented viability of ASVS to industry leads in terms of integration of standard into strategic direction.

OWASP SAMM Contributor

Along with team members, suggested rewrite of SAMM questionaire based on experience of using in the field. With the aim of overall maturity of the SAMM document and process. I have fostered the SAMM approach into a number of large european organisations.

OWASP Ireland 2009 Sole organiser of successful event which has made a large impact on local application security community. Event covered costs and was within budget. Achieved media coverage with many local and business "broad sheet" newspapaers. Managed to gather an impressive panel of speakers for such a modest event.

OWASP Live CD (2007) "Recruited" Josh Perrymon (packetfocus) to donate his Live CD to OWASP.

OWASP Mmebership Packs Initiated the summer of code effort to develop membership packs for OWASP individual &amp; corporate members.

My OWASP Roadmap

Focus on quality:

In order to gain more widespread adoption of OWASP guidence and vision our deliverables need to be of leading practice qualty. "half baked" tools, whitepapers and guides do not assist and in some cases detract from the OWASP "Brand". A core problem with opensource efforts is quality control which must be addressed.

Membership:

The concept of membership is still misunderstood. Signing up to a mailing list is not membership. Membership should be defined as an active supporter of OWASP either by actions or in the financial sense. Quality deliverables also shall drive up membership. Organisations and individuals that acquire solutions to their problems from OWASP may be more inclined to give a little back (Join OWASP).

Initiate Governance (but minimize red tape) I believe we need a governance model such that industry shall embrace our goals but also limit the bureaucracy which stifles imagination and creativity. This is a fine line but is nevertheless important in terms of attempting to raise the bar for software security.