Wednesday, February 27, 2008
The struggle of forming a security community...
Many folks are aware that I am attempting to kick off a local chapter of OWASP where the goal is to make application security "visible"...
Hopefully many folks will be attending my inaugural meeting on Thursday, February 28th at 5:30 pm. Anyway, one of the issues in kicking off a group such as OWASP is in identifying all the folks who have interest in such a topic. Generally speaking, OWASP is relevant to anyone who writes software,but the issue is in figuring who still writes software nowadays since much of this is being done offshore.
Of course, if you are an employee of Wipro, Accenture, Cognizant, TCS, Satyam, Infosys and so on, you would have keen interest. The problem is how does James McGovern invite you? I guess at some level, I would have to have a way to know that you actually live in my area which there is no great way of learning this.
I could of course forward invites to others from your firm, but many people who accept invites tend to not forward to others they know which makes the problem of figuring out who you are more difficult.
Another approach is to ask software vendors to participate and of course they usually do. The problem though is that they tend to be lurkers and are only thinking about attendees as sales lead. Most sales folks tend to not have any desire to build community unless it benefits them. How successful do you think I would be if I were to ask IBM, Oracle, Sun, EMC and others to forward invites for OWASP to their customers?
Note this is not just about software firms as consulting firms will struggle with the same mindset. Maybe the best strategy is to simply blog about it and hope that some random individual who happens to live on the same side of town as I will forward to folks they know...
| | View blog reactionsHopefully many folks will be attending my inaugural meeting on Thursday, February 28th at 5:30 pm. Anyway, one of the issues in kicking off a group such as OWASP is in identifying all the folks who have interest in such a topic. Generally speaking, OWASP is relevant to anyone who writes software,but the issue is in figuring who still writes software nowadays since much of this is being done offshore.
Of course, if you are an employee of Wipro, Accenture, Cognizant, TCS, Satyam, Infosys and so on, you would have keen interest. The problem is how does James McGovern invite you? I guess at some level, I would have to have a way to know that you actually live in my area which there is no great way of learning this.
I could of course forward invites to others from your firm, but many people who accept invites tend to not forward to others they know which makes the problem of figuring out who you are more difficult.
Another approach is to ask software vendors to participate and of course they usually do. The problem though is that they tend to be lurkers and are only thinking about attendees as sales lead. Most sales folks tend to not have any desire to build community unless it benefits them. How successful do you think I would be if I were to ask IBM, Oracle, Sun, EMC and others to forward invites for OWASP to their customers?
Note this is not just about software firms as consulting firms will struggle with the same mindset. Maybe the best strategy is to simply blog about it and hope that some random individual who happens to live on the same side of town as I will forward to folks they know...