End of year thank you! Corporate Membership or Donations, 20th Anniversary keynotes, Distinguished Lifetime Members, Waspy Awards, Multi-Factor Authentication, oh my!

Andrew van der Stock

Thursday, December 23, 2021

This year has been extremely challenging, and it looks like 2022 will be more of the same. But in the meantime, we have had some amazing successes, and I want to celebrate them. So here’s a very overdue and yet still timely end of year blog blow out!

Read on to learn about our end of year Donation and Corporate membership drive, 20th Anniversary keynotes, Distinguished Lifetime Members and WASPY Awards announcements, and lastly how we intend to implement multi-factor authentication by the end of Q1 2022.

End of year Donation and Corporate Member Drives

If you are like many organizations, you often have spare funds on a “use or lose it” basis. We would love for you to consider OWASP as a potential donor or becoming a corporate member to support our mission.

End of year directed donations to projects, chapters, diversity scholarships, and education curriculum development

We have worked with our accountants to work with our Corporate Supporters and Members to help direct donations the way you want in 2022 (deadline is January 19, 2022 when the December books close), but we can accept the money this year. If you are able to support OWASP financially, and want to really help our mission, we have a range of things we would like to fund in 2022:

• Support all Projects and Chapters via donating to the expense pool
• Support our Diversity Scholarship Fund for OWASP AppSec Globals and training
• Support our Education Committee’s work on an industry curriculum, and more recently, a Developer AppSec Bootstrap (tentative title)

Donations may be tax deductible for US based organizations. Please consult a qualified tax accountant to determine your eligibility.

To make a donation, please use our automated donation system. If you want to direct your donation to a cause or get an invoice for your accountants, please contactKelly Santalucia (and cc me).

End of year Corporate Membership Drive

Our current Corporate Membership offer is if an existing member renews early at a higher level (say from Silver to Gold or Platinum), the benefits of the new level applies for the entire combined residual time of the corporate membership. This is a fantastic offer for those thinking about really supporting the OWASP mission.

You can find out about what’s in our Corporate Membership Packages here. There’s a package for everyone, including startup and regional discounts, as well as various levels of support.

For corporate membership, please contact Kelly Santalucia and cc me for more details and let’s make it happen. Everyone is on leave from today until January 3, but I will be checking my mail once a day, and if I will make sure it can happen before the end of the year for you.

20th Anniversary Keynotes Videos Now Available

We held our 20th Anniversary in September over 24 hours, and not only was it our most attended event ever (virtual or in person), it helped celebrate our global community, past, and future. The event was a huge success, and really helped OWASP cement its financial future in very difficult times.

20th Anniversary Keynotes

You can watch all the OWASP 20th Anniversary Keynotes here:

• Eva Galperin - Who Deserves Cybersecurity? Expanding Our Circle of Care
• Jaya Baloo - Our Secure Future
• Chris Wysopal - AppSec: From Outsiders to Allies
• Mark Curphey - 20:20 The history and future of OWASP
• Philip De Ryk - AppSec is too Hard?

The remaining videos of this are coming along slowly due to me - who knew that it takes time and skill to edit videos. Our members will be getting early access as they become available, probably early in the new year.

AppSec Virtual Videos Now Available to Members

AppSec Virtual videos are now available to all attendees and OWASP members. Please check your email for links to a hidden playlist. We’ll release these to the public on the 15th of January, so as to provide early access to attendees and our members.

Distinguished Lifetime Membership Awards

At OWASP’s 20th Anniversary, the Global Board awarded five Distinguished Lifetime Membership Awards. Distinguished Lifetime Membership Awards are for extraordinary services to the OWASP Community over a lengthy period of time.

You can learn more about the awardees here:

• Mark Curphey for (co-)founding OWASP - Video coming
• Dave Wichers - for 20 years of continuous extraordinary service
• Jeff Williams - for 20 years of continuous extraordinary service
• Fiona Collins for extraordinary services to the OWASP community - Video coming
• Matteo Mattuci - Video coming

You can watch the entire Distinguished Lifetime Members playlist here:

We honor our inaugural Distinguished Lifetime Members here:

Thank you to each and every one of our Distinguished Lifetime Members! Literally, without their extraordinary service to OWASP and our community, OWASP literally would not be here today.

WASPY Awards 2021

Similarly, at the 20th Anniversary, the OWASP Member community nominated and voted in an election for various Waspy Awards.

The 2021 WASPY Award Winners are:

• Best Innovator - Bjoern Kimmich
• Best Community - Tanya Janca
• Best Educator - Tanya Janca
• Best Project - OWASP Zap
  • Rick Mitchell
  • Ricardo Pereira

You can watch the entire WASPY Awards playlist here:

We honor our all our WASPY Award winners here:

As these awards are nominated by and voted for by OWASP Members, one of the categories (Best Project Team) might be changed next year to ensure that if we do “Best project” again, we will be making all Project Leaders eligible. As of right now, Leaders do not need to be Members. However, with complimentary membership, any Leader can become a member if they so choose, and we have memberships available from $8 to $50 per year depending on your location and if you are a student in a emerging economy.

Multifactor Authentication is coming

OWASP needs to lead by example. All our services are in the cloud - we don’t run a single server. The trust boundary is not a firewall, but authentication and access control. OWASP is going to lead by example and up our authentication game. By the end of Q1 of 2022, and after consultation with the community on the actual date, we will be mandating multi-factor authentication on all OWASP resources. Currently, only 15% of all OWASP accounts use multi-factor authentication, which when I saw it, was shocking to me especially as application security and managing risk is our actual field.

All of us have been pushing MFA in our industry for more than a decade, and yet, only 15% of us actually have it enabled. Reminds me of the famous saying “You gotta pump those numbers up! Those are rookie numbers!” The OWASP Foundation already mandates MFA for all Board members and staff, and now it’s time for our community to have enforced MFA on all things OWASP, starting with our Google owasp.org accounts. You can enable it today - just follow the directions.

I will be consulting with our community in January to answer your questions and identify a go live enforcement date. I will be reaching out with vendors of password managers to assist our members in that transition for discounts or a group buy or similar. If you work at a password manager vendor, please reach out and let’s make it happen.

I strongly urge everyone to use MFA on every account that supports it, and use password managers to use long random and unique passwords on all your accounts. I’ve been doing this since 2001, when I stopped using a simple, medium, and “secure” password. It’s time. Let’s get it done.

Wrapping up 2021 and looking forward to a safe and prosperous 2022 for all

2021 has been a huge year. We’ve emerged a stronger community, with more members than ever (5463), more event RSVPs than at any time during the pandemic, more active chapters than ever, project leaders have received grants to work on our projects for the first time, and this is allowing OWASP to deliver on its mission and demonstrate its true impact potential. We have completed finance reform so that every chapter can meet, AppSec Days events are no longer tied to chapters, but any OWASP leader, and more. The Community elected two new members to the Board - Glenn ten Cate and Avi Douglen. I look forward to working with the new Board on the customer experience program, improving our marketing, replacing our home grown member management tools with a fully fledged association management platform.

2022 promises to be a big year. We have had to cancel the in person element of OWASP AppSec Global Dublin, but we will still be running virtual events and training throughout the year in all time zones. We encourage all leaders and members to consider if a regional AppSec Day event is right for you - we are here to grow our events by allowing our members to run smaller, profitable events in their local regions. The Chapter Committee are working towards a formalized model of Regional Chapters, allowing new regional chapters in more than five years. Most of all, I hope to see you at AppSec Global San Francisco. The dates are changing to be in November. Once the contracts are all done, we will making a new announcement in the early new year.

Lastly and not least, our offices are closed from as soon as I upload the last keynote until January 3, 2022. I hope everyone has a safe and merry Christmas (or holiday season if you have one), and a Happy New Year.