OWASP Security Champions Guide

OWASP Security Champions Guide logo

Welcome to the home of the OWASP Security Champions Guide Project! Our goal is to create an open-source, vendor-neutral guidebook for AppSec professionals to help them build and improve their own successful Security Champion programs.

One size will not fit all – so this playbook is designed for you to pick and choose the elements your organization can adopt or leverage to create your own customized program. We will provide customizable artifacts that can be used to start or improve your program. It doesn’t stop there! As your program matures, the playbook will provide you with next steps and new factors for consideration to further empower your program and your champions.

To make this happen, our project team is interviewing security leaders, program coordinators, and security champions to establish what makes a successful program. Participants represent a range of company sizes, industries, geographies, and also different levels of security program maturity. We want to know what works, what doesn’t work, what promotes success, and what leads to failure.

We are looking for more participants to take part in this exciting project. Whatever your experience of Security Champions programs – good or bad – we want to hear from you! Especially if you are/have been:

  • A security champion
  • A program leader
  • A CISO or executive in an organization with experience of Security Champions programs

Watch our project launch video here.

We’d love to hear your feedback and ideas. Check out the ‘Get Involved’ tab for more details.

The OWASP Security Champions Manifesto is a set of guiding principles crucial to any successful program.

The principles have been drawn from an initial series of in-depth interviews with Application Security leaders from across the globe as part of our wider goal to provide a comprehensive Security Champions playbook (coming soon).

The Ten Key Principles for a Successful Security Champions Program

  1. Be passionate about security
  2. Start with a clear vision for your program
  3. Secure management support
  4. Nominate a dedicated captain
  5. Trust your champions
  6. Create a community
  7. Promote knowledge sharing
  8. Reward responsibility
  9. Invest in your champions
  10. Anticipate personnel changes

Prefer a visual? Download your copy of our principles infographic Manifesto infographic

Check back soon to find out more about these key principles and how to put them into practice.

Next Steps

As you can imagine, a project like this is not done after its first publication. We’re super proud we are finally online with our manifesto after working on it for a while with our project team. But we know we aren’t done yet!

Our current roadmap focuses mostly on expanding the manifesto. This will be with a why-how-what approach. So explaining why you need something and what we envision that looks like, followed by hows: where can you start. Lastly it would be great to offer some anonymized and general decks, docs, whatever you need to achieve a certain principle.

Get Involved

If you are running a Security Champions Program, or starting one, reach out! Let’s talk, see where we can help and most importantly: if you used anything from us, let us know if that worked for you!

If you have a platform where we can talk about our Security Champions Program and would like to offer a collaboration or publication, reach out too! This really helps drive the message.

Updates

Follow these pages to get instantly updated when we publish new things. We don’t have a set update schedule (yet), but will be publishing as often as possible when we improve things.

Watch Star