Matasano Chargen Random Thoughts On OWASP
One of those times when I start writing a comment on a post and end up rambling for so long that it ends up being worth a post...
--
I'll chime in on the OWASP needs some staff line. I know they've got loads of great people running it but I reckon they could benefit from some people to focus on specific areas of OWASP.
A good example.. the website. Wikis are great for some types of site and information but personally I think that finding things on the current OWASP site is harder than it should be.
The only way that I've found to tell what's happening on the site seems to be to look at the wiki recent changes list, which isn't a very user friendly experience.
Also some of the great information that is on there is not well flagged up. An example would be this page which has a really cool list of web app. security stuff but I only found it digging through the diffs, usually I wouldn't think to go into a specific chapter to find that.
Another example, where I think a permanent staff member would be useful, is administering the SPOC projects and chivying the people assigned to them for updates.
Right now it's rapidly turning into a summer/autumn of code not spring ;o) . the status page that's gone up has all the projects at 0% complete !
All In all I think OWASP are doing some great work, a lot of which may be less appreciated 'cause it's not as discoverable as it could be....
