Update on the ASVS Community Meetup

image

Josh Grossman

Wednesday, July 3, 2024

Our new banner

The OWASP Application Security Verification Standard (ASVS) Project held it’s first ever, in-person, community meetup during last week’s Global AppSec Lisbon conference. This was an exciting opportunity for anyone interested in the project to come and meet some of the leaders, discover how to get involved and learn about our upcoming plans. We are super grateful to our friends at Jit for their supporting in running the event.

This post is a quick summary of the meetup including key information on how you can get involved!

tl;dr

If you don’t want to read all the blurb and just want to get involved, you can either:


The talks

As you can see from our agenda, we had several talks planned as well as some informal discussion time as well.

Jim Manico kicked off the morning with a freestyle overview about the ASVS, giving some background and context on the project to anyone who might not be familar with it. This was followed by Daniel Cuthbert dialing in from the UK to give us an update on his outreach efforts with various public sector organisations and government departments to get them to incorporate ASVS in their guidance and regulation.

To finish off the first set of talks, I gave an overview of the guiding principles for version 5.0, talked through our goal to release 5.0 by the end of this year, and provided some more information on how you can get more involved (more on this below).

Jim delivers the first talk
Jim delivers the first talk

After a break for informal discussions and then lunch, we came back to hear a fascinating talk from Irene Michlin and Aleksas Spiridenkovas about how they used Retrieval-Augmented Generation to get better responses from a Chatbot when asking it which ASVS requirements would be useful for a new software requirement or feature

Alex and Irene deliver their talk
Alex and Irene deliver their talk

Talks about applying the ASVS are always popular and this was no exception!


Discussions

We were able to have a number of discussions with current or potential users of ASVS in between the talks and over lunch. These discussions continued after the meetup as well, over both days of the conference and gave us some great feedback and ideas for taking the project forwards.


Opportunities to get Involved

One of the key aims of the meetup was to get more people involved in the project. The more people who give their input, the better the quality of the guidance in the standard. Plus, if more people get involved in running the project itself, it makes it easier for the project leaders to push things forward.

To that end, I had printed out a couple of posters to stick around the meetup to let people know how they could get involved. (You can see them dotted around the room in the pictures above).

If you want to get involved you can take a look at them here:

After the meetup, I also stuck the posters up in some other locations around the conference as well. Thanks to Starr for the idea and also for helping us get set up and also to Sam for publicising that on Twitter which got us enquiries from people who weren’t at the conference!


Our new identity

We also took the opportunity to showcase our new logo and branding templates with roll-up posters and stickers, as well as special shiny stickers and keyrings for people who have actively contributed to ASVS. We have plenty of contributor stickers left to give out as well so earn yours today 😀).

Our new merchandise!
Our new merchandise!

Next steps

We are super excited by the success and popularity of this event and the interest in the ASVS. We are currently thinking about organising a virtual version to bring this type of meetup to a wider audience.

If you want to know more, stay in touch via our social media channels and website:

Watch Star