What do you want OWASP to be

This page contains is a place holder for OWASP leader's responses to the following question:

Question
OWASP project leaders, chapter leaders and members, as it grows what do you want OWASP to become?


 * A certifying and CBK type pseudo-company like (ISC)2?
 * An open source project organized along the lines of Debian, Apache, or a similar group that owns a set of projects?
 * Does OWASP want to certify apps, testers, both or none? (I've seen all POV advocated)
 * Who will be required to pay what kind of dues, if any?
 * How formal of an organization will OWASP become?
 * Is the status quo preferable to the proposed change?
 * Other?

For the newer members of this list, here are some pages which you might find interesting:


 * About_OWASP
 * How_OWASP_Works
 * OWASP_brand_usage_rules
 * Chapter_Rules
 * Chapter_Leader_Handbook
 * Category:Chapter_Resources
 * Tutorial
 * OWASP_Education_Presentation

Answers
(Please add your local chapter and put your comments under your local chapter heading)

CHAPTERS
NY/NJ Metro 10/31 - Under membership and local chapter leaders review pending comment

Belgium Nov-1 - Pending comments from Belgium mailing members and board members

PROJECTS
Education (Seba)
 * I do not think OWASP is the right place to perform certifications. It makes us ‘lawmaker’ and judge at the same time. What OWASP could/should do is propose a certification scheme / criteria input for other parties. This is even a project: http://www.owasp.org/index.php/SpoC_007_-_The_OWASP_Web_Security_Certification_Framework ?
 * Organization wise, I like the http://www.apache.org/foundation/how-it-works.html. The organization should not be the goal: it is there to support achieving the goals. My vote for Apache like organization: +1
 * OWASP has been driven by volunteers, who invest personal time: that is worth far more than a membership fee. Let’s keep this separated.
 * Over-regulation kills creativity and scares volunteers away. We should keep it very easy for people to start new projects or new chapters. When the projects/chapters grow, the contributing people and project leader(s) can regulate themselves if it is necessary to guarantee continuity. By providing some practical how-to’s and working examples instead of rules, OWASP provides the framework for successful projects/chapters.
 * Some projects and chapters will ‘die’: how do we detect this and make this visible? It should be clear for OWASP users/visitors what the project / chapter status is.Define a few measurable criteria that taken together provide a good insight in the project/chapter status.