Application Security Promotion Ideas

Ideas for Promoting OWASP and Application Security
While we've been pretty successful at creating some great content and tools, we desperately need to get better at getting out our message. This page is for capturing, discussing, and sharing ideas for evangelizing OWASP.

Don't be afraid to propose some big ideas, but please try to be realistic. OWASP is completely volunteer, so there are some things that we can't tackle. Also, don't create a new idea for every slogan or advertisement - let's group these into marketing campaign ideas. Let's try the following format:

==Idea Title== Details of marketing campaign idea. Include the investment of time and money required and try to estimate the likely benefit.

This page is the "brainstorm" page where there are no bad ideas. Let's discuss these ideas on the "discuss" page.

=Promotion Ideas=

Vendor Support
When we had our first chapter meeting in Denver last month, vendors were very helpful in getting the word out to their contacts. Sales people specialize in networking, which is something we can leverage. This works very well at a local level, but I think it could help on a larger scale as well.

OWASP Movie about web application (in)security
Let's do a animated story as movie on web application (in)security. A very nice example is the one on trusted computing I saw the other day: http://www.lafkon.net/tc/.

OWASP Slogans
Let's do a slogan contest, pick a winner, and make t-shirts available. The goal of the contest would be to come up with a slogan that will raise awareness, get people thinking about secure coding, and get a laugh.

OWASP Ad Campaign
Let's emulate the "thetruth.com" campaign against smoking. We can emphasize application security facts, and create some catchy posters that people can download and put in their cube.

OWASP Pledge
Let's get organizations to take the OWASP Corporate Application Security Pledge, where they agree to do five important things for application security. If they register with us, they can use the logo as marketing. We could do a developer pledge too.

Security Humor
A little humor can put a smile on the face of a security professional, who is used to dealing with very dry and serious issues.

I want to share with you a song called Alice and Bob. Alice and Bob the song Lyrics of Alice and Bob

Public Relation
We should publicize all important events and documents that mention OWASP. For example, OWASP is a recommended guidelines in the PCI DSS version document.

Making OWASP known to major consulting companies like Gartner will help. Last time I looked there was nothing in Gartner's database about OWASP.