OWASP Security Champions Guide
Welcome to the home of the OWASP Security Champions Guide Project! Our goal is to create an open-source, vendor-neutral guidebook for AppSec professionals to help them build and improve their own successful Security Champion programs.
One size will not fit all – so this playbook is designed for you to pick and choose the elements your organization can adopt or leverage to create your own customized program. We will provide customizable artifacts that can be used to start or improve your program. It doesn’t stop there! As your program matures, the playbook will provide you with next steps and new factors for consideration to further empower your program and your champions.
To make this happen, our project team is interviewing security leaders, program coordinators, and security champions to establish what makes a successful program. Participants represent a range of company sizes, industries, geographies, and also different levels of security program maturity. We want to know what works, what doesn’t work, what promotes success, and what leads to failure.
We are looking for more participants to take part in this exciting project. Whatever your experience of Security Champions programs – good or bad – we want to hear from you! Especially if you are/have been:
- A security champion
- A program leader
- A CISO or executive in an organization with experience of Security Champions programs
Watch our latest project update here (11 minutes).
We’d love to hear your feedback and ideas. Check out the ‘Get Involved’ tab for more details.
Get Involved
If you are running a Security Champions Program, or starting one, contact us via LinkedIn message!
Call for Security Champions Artifacts!
The OWASP SCG Committee is looking for contributions in the form of artifacts and interviews. These can be (anonymized) presentations, program documents, or whatever tools have been useful to your organization.
For example:
- Program Charters
- KPIs & Metrics
- Training Materials
- Guidelines & Best Practices
- Success Stories & Case Studies
- See more artifact types and their descriptions here!
We’re collecting data from companies worldwide that have Security Champions Programs at any stage of maturity (including wishful thinking!). Please contact us (Irfaan Santoe, Marisa Fagan, Aleksandra Kornecka) to set up a time to meet and donate.
Collaborate
Let’s talk, see where we can help, and most importantly, if you used anything from us, let us know if that worked for you! If you have a platform where we can discuss our Security Champions Program and would like to offer a collaboration or publication, reach out, too! This helps drive the message.
Contact us on LinkedIn to get involved!
Updates
Follow us on LinkedIn to get instantly notified of news and publications!