Revision as of 17:51, 2 June 2011 by Jmanico (talk | contribs)

Jump to: navigation, search


My name is Jim Manico and I've been an active member of OWASP since 2008.

  • I am the founder, producer and host of the OWASP Podcast Series. As of May 2011 I have published 84 shows and have spent over 500 hours making the OWASP Podcast a reality. I am grateful to my many guests who have made the show a success.
  • I am also a contributor and project manager of the ESAPI Project. I have one of the largest number of individual check-in's for the ESAPI-Java project and work to ease communication between the many volunteers of this project.
  • I am also the chair of the OWASP Connections Committee where I manage the OWASP Blog, twitter feed and press communications for OWASP. I feel that these activities are directly inline with the OWASP core mission of spreading awareness.
  • I am also spearheading several ESAPI-like projects that provide modular single-use controls for ease of use. I have only begun these efforts, but have started to manage the OWASP Encoder , the OWASP validator and the OWASP HTML Sanitizer project with a variety of very talented developers.
  • I also have been a significant contributor and manager of the OWASP Cheatsheet Series. I've worked on the XSS, DOM XSS, SQL Injection, Cryptographic Storage, Forgot Password and other topics in this series.

OWASP is a non profit organization. One of the most important responsibilities of a non-profit board is to secure adequate resources for the organization to fulfill its mission. If given the honor and responsibility of becoming a board member, I would use my position to work with grant writers and other resources to secure additional funding for OWASP projects.

I included a summary of my 4 point "plan for OWASP's future" below:

  1. Maintain OWASP values and culture of innovation and vendor neutrality
    1. Allow low barrier for entry for new projects
    2. Ensure that all board activities and use of funding is conducted in an open way
    3. Organization-wide adherence to vendor neutrality
  2. Create change/maturation driver through funding
    1. Establish engagement paradigm for commercial / federal grants
    2. Utilize funding to hire additional full time technical and organizational resources for OWASP
  3. Facilitate planned “Apache Model” for project measurement, management, and labeling
    1. Inventory current project and software assets
    2. High barrier of entry for *production quality* OWASP projects
    3. Hire additional FTE support staff to manage project infrastructure
  4. Modernize/Simplify the OWASP Website
    1. Hire additional FTE support staff to manage and run the OWASP website
    2. Craft adoption guide
      1. For common organization archetypes
      2. For common individual professional roles