OWASP Operating Plan 2022 - Introduction


The OWASP Foundation has navigated 2021 with some difficulty, but we have met or exceeded our budget and delivered more reform than in any time of our history. We have recovered much of the lost trust from the community by deeply involving them in our organization and the outcomes. Everyone should be proud of the work they have done in 2021.

After the successful reform of so many of OWASP’s policies to return our focus to our community, it’s time to eliminate the burrs and friction of doing business with the Foundation. We will be undertaking a top to bottom customer experience review, with a focus on eliminating all unnecessary procedures, policies, and optimizing what remains with a strong focus on building our community at scale. This means any procedure or policy that has a large impact on staff time will be investigated and automated or removed. Our staff must enable and support the community, not create unnecessary work for either the community or the Foundation itself. The cornerstone of this strategy is “one touch” and “self-service automation first”.

We plan to break through 7000 financial members in 2022, and 10,000 members by 2025 at the latest, so anything we do to allow everyone to manage their own affairs will be done. To that end, we will be writing our business requirements, evaluating our current and potential future systems with a view to implementing an off the shelf association management platform and best of breed event management system. The primary focus of both changes is complete self-service and automation of our core processes, reduce the burdens on staff, and reduce costs.

Mission Statement and Operating Plan Goals

By the time the 2022 operating plan will be reviewed and approved by the Board, a new mission statement is likely to be in place. It currently reads:

No more insecure software.

As an organisation concerned with the quality of software security, OWASP

  • supports the building of impactful projects;
  • develops and nurtures communities through events and chapter meetings worldwide; and
  • provides educational publications and resources in order to enable developers to write better software, and security professionals to make the world’s software more secure.

Improving the security of all applications protects everyone’s privacy and the integrity of systems we all rely on and of all our data. This is for the common good of all.

This will allow the OWASP Foundation to lens its goals, deliverables, and activities through our newly approved mission statement, the first since our first mission statement from 2001. We will prioritize those parts of our mission that are important, and -0deprioritize or stop doing things that aren’t - per our mission.

As part of this, we will be modernizing our approach to program delivery, working with the community rather doing everything for them. This change has already started in 2021, and is one of the primary reasons we managed to get so much of the 2021 Operating Plan delivered. We will continue to work with the community to deliver our major goals in 2022.