My name is Jim Manico and I've been an active member of OWASP since 2008.
- I am the founder, producer and host of the OWASP Podcast Series. As of May 2011 I have published 84 shows and have spent over 500 hours making the OWASP Podcast a reality. I am grateful to my many guests who have made the show a success.
- I am also a contributor and project manager of the ESAPI Project. I have one of the largest number of individual check-in's for the ESAPI-Java project and work to ease communication between the many volunteers of this project.
- I am also the chair of the OWASP Connections Committee where I manage the OWASP Blog, twitter feed and press communications for OWASP. I feel that these activities are directly inline with the OWASP core mission of spreading awareness.
- I am also spearheading several ESAPI-like projects that provide modular single-use controls for ease of use. I have only begun these efforts, but have started to manage the OWASP Encoder , the OWASP validator and the OWASP HTML Sanitizer project with a variety of very talented developers.
- I also have been a significant contributor and manager of the OWASP Cheatsheet Series. I've worked on the XSS, DOM XSS, SQL Injection, Cryptographic Storage, Forgot Password and other topics in this series.
OWASP is a non profit organization. One of the most important responsibilities of a non-profit board is to secure adequate resources for the organization to fulfill its mission. If given the honor and responsibility of becoming a board member, I would use my position to work with grant writers and other resources to secure additional funding for OWASP projects.
I included a summary of my 4 point "plan for OWASP's future" below:
- Maintain OWASP values and culture of innovation and vendor neutrality
- Allow low barrier for entry for new projects
- Ensure that all board activities and use of funding is conducted in an open way
- Organization-wide adherence to vendor neutrality
- Create change/maturation driver through funding
- Establish engagement paradigm for commercial / federal grants
- Utilize funding to hire additional full time technical and organizational resources for OWASP
- Facilitate planned “Apache Model” for project measurement, management, and labeling
- Inventory current project and software assets
- High barrier of entry for *production quality* OWASP projects
- Hire additional FTE support staff to manage project infrastructure
- Modernize/Simplify the OWASP Website
- Hire additional FTE support staff to manage and run the OWASP website
- Craft adoption guide
- For common organization archetypes
- For common individual professional roles