Strategic direction of OWASP (part 1)


Grant Ongers

Friday, March 31, 2023

The board and I have had an interesting three months thus far, what with the open letter the resignation of Mark Curphey and a record number of board meetings (8) and scheduled board hours (20) for this period of the year (only 3 months so far). But what did all that actually achieve?

Well, to start with the board have reiterated their belief in OWASP’s BHAG (big hairy audacious goal) encapsulated in our current vision statement:

  • No more insecure software

We have also aligned behind our missions statement central to that vision which is:

  • To be the global open community that powers secure software through education, tools, and collaboration

To that end the board have defined four strategic objectives:

  • Foster a welcoming and inclusive collaboration between practitioners, researchers, and other stakeholders to create a sense of belonging, share expertise, build projects, and advance the state of software security
  • Develop and promote free and open-source tools and knowledge to support secure software development practices
  • Provide education and training programs for developers, security professionals, and other stakeholders to increase awareness and knowledge of software security and growing the next generation of security practitioners and provides opportunities for personal and professional growth
  • Conduct research and analysis to better understand and mitigate risks to software systems and processes

In order to achieve these objectives we are defining Strategies and Tactics for each of them, and we are doing this in public and with as many board members as we can.

I will continue to publish our progress here as it’s made and close to ready for consumption, but bear in mind that nothing described here or in the mindmap linked above is completely final and that everything is still open to discussion.