Revision as of 16:48, 2 June 2011 by Jmanico (Talk | contribs)

Jump to: navigation, search


My name is Jim Manico and I've been an active member of OWASP since 2008.

  • I am the founder, producer and host of the OWASP Podcast Series. As of May 2011 I have published 84 shows and have spent over 500 hours making the OWASP Podcast a reality. I am grateful to my many guests who have made the show a success.
  • I am also a contributor and project manager of the ESAPI Project. I have one of the largest number of individual check-in's for the ESAPI-Java project and work to ease communication between the many volunteers of this project.
  • I am also the chair of the OWASP Connections Committee where I manage the OWASP Blog, twitter feed and press communications for OWASP. I feel that these activities are directly inline with the OWASP core mission of spreading awareness.
  • I am also spearheading several ESAPI-like projects that provide modular single-use controls for ease of use. I have only begun these efforts, but have started to manage the OWASP Encoder , the OWASP validator and the OWASP HTML Sanitizer project with a variety of very talented developers.
  • I also have been a significant contributor and manager of the OWASP Cheatsheet Series. I've worked on the XSS, DOM XSS, SQL Injection, Cryptographic Storage, Forgot Password and other topics in this series.

I feel very hesitant to list what I have given to OWASP, because OWASP has given so much more to me. I am a teacher/student of secure coding practices and have found OWASP materials to be the best in industry.

OWASP is a non profit organization. One of the most important responsibilities of a non-profit board is to secure adequate resources for the organization to fulfill its mission. If given the honor and responsibility of becoming a board member,I would use my position to work with grant writers and other resources to secure additional funding for OWASP projects.

I also feel that quality is critical to OWASP's future. As OWASP changes and more developers enter the fold, the quality of our open source defensive projects must increase. This kind quality cannot be solved via automation alone. I wish to use increased funds within OWASP to hire additional full-time technical staff to help ensure that the work we do meets the quality and functionality expectations that developers require to write low-risk application software.

  1. Maintain OWASP values and culture of innovation and vendor neutrality
    1. Allow low barrier for entry for new projects
    2. Ensure that all board activities and use of funding is conducted in an open way
    3. Organization-wide adherence to vendor neutrality
  2. Create change/maturation driver through funding
    1. Establish engagement paradigm for commercial / federal grants
    2. Utilize funding to hire additional full time technical and organizational resources for OWASP
  3. Facilitate planned “Apache Model” for project measurement, management, and labeling
    1. Inventory current project and software assets
    2. High barrier of entry for *production quality* OWASP projects
    3. Hire additional FTE support staff to manage project infrastructure
  4. Modernize/Simplify the OWASP Website
    1. Hire additional FTE support staff to manage and run the OWASP website
    2. Craft adoption guide
      1. For common organization archetypes
      2. For common individual professional roles