Out at AppSec USA, the OWASP board met and decided that it was valuable to support a partnership model with private industry. The aim: figure out a way to allow private (or federal) organizations to shape existing OWASP assets to better meet their needs. Better meeting an organization’s needs will likely involve:
As describe above here, the “buyer” (an organizational stakeholder) drives interaction. For this, I posit a buyer-driven work flow (available here).
Summarizing, the buyer coordinates with the OWASP project owner, determines things like: level of effort (LoE), division of responsibilities, and what will ultimately be shared. The producer then works with OWASP project team resources to hit scheduling and roadmap sign-posts.
If you’re interested in helping your organization with benefiting from open source projects, perhaps I can help there. If you’re interested in helping mature the projects themselves, I can definitely help–especially with OWASP ESAPI or cheat sheets. I’m also very interested in feedback on the whole partnership model. Please send mail.