OWASP Industry Outreach ( OIO )

1. OWASP Industry Outreach(OIO) Introduction/Proposal

2. What is it • An invite-only event focused on industry leaders to address issues and approaches related to web security and secure software development. • A chance for industry to “ASK” OWASP what to focus on. • An opportunity for industry to highlight high priority issues within application security that they face. • An opportunity for OWASP to listen and define direction which is relevant to the reality of the situation.

3. Why? • OWASP relevance: For OWASP to mature it needs to address the problems directly. • OWASP Growth: Again addressing industry issues creates adoption and growth • OWASP “Standard”: My over time position OWASP methodologies as a leading industry standard(more adoption, growth).

4. How? • Step1: Industry Forums: “Invite-Only” sessions for industry delegates such they can discuss freely issues faced by them – OWASP Listens. • Step2: Findings/Insight is correlated and feed back to delegates in dashboard format demonstrating OWASP has listened. • Step3: OWASP decides what projects to focus on based on insights from forum. Involvement required from: • Industry & connections committee: invite delegates, build bridges • Conferences committee: Assist in forum implementation • Projects Committee: Alignment and decision of projects of focus based on output. Also see template invite letter

5. Risks (nothing ventured, nothing gained) • Risk: Failure; • Lack of industry buy in/interest • Inconclusive output/divergence of opinion • Momentum/support • OWASP Image • “Closed Session”: Elitist??? • NDA/Confidentiality Agreements • Failure of initiative