OWASP is in a state of discord. Over the past few years, there have been fractures in the community. Recently, there have been arguments on the leader email list that have clearly breached the lines of etiquette. Personal attacks, distribution of funds, and complaints of lack of diversity are creating tension among the members.
If we, as an organization refuse to confront these issues, there is a real potential we will no longer have relevance to the AppSec community. The in-fighting has become a detriment to chapter leaders and project leaders, who are looking to OWASP for consistent leadership and direction.
In early July, the OWASP board announced the appointment of Andrew van der Stock as Executive Director. I called and spoke with Andrew at length about how he intends to confront the existing issues in the organization, and what he hopes to accomplish during his tenure.
I have known Andrew for years through his work on the Application Security Verification Standard. As a previous OWASP board member, he has insight into how the board works and how to make changes.
In our discussion, we spoke directly about the current problems at OWASP and Andrew's vision for moving the organization forward by confronting existing problems in policy, rewriting sections of the bylaws, and setting up enforcement of those bylaws.
Andrew has not set himself an easy task. The push-back is sure to cause more strife in the beginning, but he is determined to implement changes that will make OWASP stronger in the long run, and put us on a course to continue to be a leading role to the AppSec community.
In the spirit of transparency and open discussion, Andrew answered every question I had for him. He intends to continue this discussion with the community through the creation of live-online discussions. For now, Andrew is ready to implement his vision for OWASP, as he talks about here. Let's get started.