The History and Future of OWASP

20 years ago I was moderating the webappsec mailing list on securityfocus and had just started a new job running application security at Charles Schwab, when the CIO came running down the hall demanding to speak to the new guy. He wanted to know why we were in the Wall Street Journal and what I was going to do about it. I felt like I had been framed. After fending off ambulance chasers and wading through marketing “bull shiitake” from vendors, I realized there was a gap that needed to be filled. OWASP was born. No real plan, no real goal, armed with just a belief that the world needed better information I sent out a call to action for like-minded people to get involved. The rest as they say is history. Looking back it’s been an amazing success story of a community that has had a significant positive impact on the world during a time when development technology and the threat landscape has changed beyond recognition. What was critical to OWASPs success and how should it evolve over the next 20 years? We will t
Back to Top