Grant Ongers

We have already started reaching out to developers, through activities like the Developer Summit and through the Outreach Committee. After all, they are in the best place to affect application security in a meaningful way. That work needs to continue. We also need to bring OWASP beyond the Top 10 and into the board rooms, and onto the red and blue team's radars. I will continue that work though the connections I have with DEF CON and BlackHat, and through the work that both the Education and Outreach Committees are doing with our corporate sponsors.

This is one of the hard problems to solve. On the one hand we want chapters to be self-sufficient and to grow and fill their seats themselves, on the other hand we want to give them every opportunity to do that. We do need to provide them with support and I hope that the Chapters Committee will be able to lead the charge in this regard. On a more personal note I am working to ensure that the chapters I know that have gone through this are getting reborn, Cape Town and Abu Dhabi for example. The latter of which I'm speaking at, at the relaunch of soon - despite it being far too early on a Saturday morning :-)

I have served two years on the OWASP Board - though, through, arguably the hardest time for organisations like ours. The last year I have served as the Treasurer and have had to find ways to ensure that the Foundation says afloat through it all. It looks like we will actually end this year in a better position than we budgeted for and with a far better chance to start next year off right.

This is something that I have spent the entirety of this year working on. The broad plan is that each of the budget areas will become self-funding. And that the areas that do better than anticipated can provide support to those that don't do as well. A big part of that will be the grant's process which will allow projects and committees to acquire direct funding for efforts in their areas, I hope to trial the first full cycle of that soon with the Education Committee.

Of course there are many other areas where we need to work on, to start with we need to get more corporations that leverage the outputs of the Foundation to contribute meaningfully to the running of the organisation, and we need to increase out member base as well (by getting more developers onboard - they do outnumber us 100 to 1).

Mostly the two points mentioned above:
- I want to get developers to join us as members; and
- I want to get more corporate sponsors contributing directly to projects through grants

There is a third thing I guess I can come up with and that is that I think that we should probably get more engagement from the community, although that is already starting to happen, we are seeing it.

The reasons for the first two should be self explanatory: more members means we will have more membership revenue - but more importantly we will be bringing our mission to more people and to people more able to make an impact on code quality. And corporations that leverage OWASP should (and for the most part want to) contribute back. Let's help them do so.

OWASP should be talking to the engineers, we should be an organisation of engineers and for engineers. The work described earlier will help us position ourselves as the place for developers to go for knowledge, frameworks, and tools to ensure security quality of their code is at the right level.