Hello, I would like to be considered for the OWASP board membership. I am a long time member of OWASP and have contributed year on year to OWASP projects and the OWASP mission of fighting the causes of software insecurity. I am based in Dublin, Ireland and run the Ernst & Young application security team across Europe.
To see updates to the Wiki that I have done see: click here
My involvement in OWASP to date.............
OWASP Ireland Chapter leader and founder since 2004
Have held regular meetings, promoted OWASP and application security in general.
I have developed a stong community within Ireland in terms of secure development such that large organisations are aware of OWASP and invite me for comment and involvement in application security awareness efforts. I am involved in ongoing efforts to consolidate the security community with groups such as IISF, IAI and ISSA.
OWASP Testing guide leader (2005-2007)
Handed over from Daniel Cuthbert in 2005.
Lead the testing guide effort, transferred it to wiki from word document in 2006.
Wrote significant portions of the guide.
Handed guide to Matteo Meucci in 2007
Code review guide (V1.1) leader - "Worlds first open source code review guide"
Lead and founder of guide.
Authored 70% of currrent code review guide.
Considered the most comprehensive code review guide on the web.
Ongoing project currently at V1.1
Tools such as OWASP code crawler are inspired by the guide.
Used by US Gov agencies, Insustry Security standards etc.
OWASP ASVS Reviewer
Reviewed and supplied suggestions for most recent release of ASVS.
Presented viability of ASVS to industry leads in terms of integration of standard into strategic direction.
OWASP SAMM Contributor
Along with team members, suggested rewrite of SAMM questionaire based on experience of using in the field.
With the aim of overall maturity of the SAMM document and process.
I have fostered the SAMM approach into a number of large european organisations.
OWASP Ireland 2009
Sole organiser of successful event which has made a large impact on local application security community.
Event covered costs and was within budget.
Achieved media coverage with many local and business "broad sheet" newspapaers.
Managed to gather an impressive panel of speakers for such a modest event.
OWASP Live CD (2007)
"Recruited" Josh Perrymon (packetfocus) to donate his Live CD to OWASP.
OWASP Mmebership Packs
Initiated the summer of code effort to develop membership packs for OWASP individual & corporate members.
My OWASP Roadmap
Focus on quality:
In order to gain more widespread adoption of OWASP guidence and vision our deliverables need to be of leading practice qualty. "half baked" tools, whitepapers and guides do not assist and in some cases detract from the OWASP "Brand". A core problem with opensource efforts is quality control which must be addressed.
The concept of membership is still misunderstood. Signing up to a mailing list is not membership. Membership should be defined as an active supporter of OWASP either by actions or in the financial sense. Quality deliverables also shall drive up membership. Organisations and individuals that acquire solutions to their problems from OWASP may be more inclined to give a little back (Join OWASP).
Initiate Governance (but minimize red tape) I believe we need a governance model such that industry shall embrace our goals but also limit the bureaucracy which stifles imagination and creativity. This is a fine line but is nevertheless important in terms of attempting to raise the bar for software security.