Posted by John Steven on September 21, 2011
Out at AppSec USA, the OWASP board met and decided that it was valuable to support a partnership model with private industry. The aim: figure out a way to allow private (or federal) organizations to shape existing OWASP assets to better meet their needs. Better meeting an organization’s needs will likely involve:
As describe above here, the “buyer” (an organizational stakeholder) drives interaction. For this, I posit a buyer-driven work flow (see figure below)
(Buyer-driven workflow available: here )
Summarizing, the buyer coordinates with the OWASP project owner, determines things like: level of effort (LoE), division of responsibilities, and what will ultimately be shared. The producer then works with OWASP project team resources to hit scheduling and roadmap sign-posts.
If you’re interested in helping your organization with benefiting from open source projects, perhaps I can help there. If you’re interested in helping mature the projects themselves, I can definitely help–especially with OWASP ESAPI or cheat sheets. I’m also very interested in feedback on the whole partnership model. Please send mail.
Get the latest Software Integrity news, thought leadership, and more.