Tuesday, June 17, 2014

Is OWASP broken?

That’s a silly question.  I wasn’t going to comment on the current struggles of the Board of Directors for fear of adding to the Pointless InfoSec Drama, but I need to say a few things about it.  I am not an OWASP insider, but I do support their mission.


OWASP has done a lot of great things, and continues to do so today.  As I said, I’m not an insider, but there appear to be some struggles at the global Board level and possibly organizationally at the national and international level.  And I don’t really care- I hope it gets sorted out soon, but the power of OWASP (and a myriad of other organizations, not just in InfoSec and tech) is largely in the local and regional chapters and events, and in the OWASP projects.

If you believe in OWASP (or any other organization struggling with high-level issues), I encourage you to focus your efforts locally, that’s almost always where you can make the most difference.  In the case of OWASP, there are also the numerous projects- you don’t need to be local to work on them.

As Tip O’Neill frequently observed, “All politics is local”.  Please don’t waste time on drama, focus locally and keep up the good work.