That's it. OWASP's community and scope is so wide (a great thing) that trying to be even more specific will end up in a massive thread and unproductive discussion (where just about everybody will be a bit right about something)
In you look at the current text in the owasp home page (which I helped to write) it says:
The Open Web Application Security Project (OWASP) is a 501(c)(3) worldwide not-for-profit charitable organization focused on improving the security of software. Our mission is to make software security visible, so that individuals and organizations worldwide can make informed decisions about true software security risks.
I don't really agree with this mission, since for example I think that OWASP should be "Making Security Invisible (by Becoming the Developer's Best Friends)". I.e. Invisible not Visible :)
Also, where is 'writing secure code' on that mission :)
That said there is (some) value in documenting and talking about values and principles, so while writing the Private threads are SO inefficient, Application Security Knowledge is available at the point of Need, and Password Hashes over SSL post, I had a look at the NHS core principles and constitution, and I wonder if we can re-write them :)
Here are the seven key principles that guide the NHS, 'OWASP Style':
TheNHSOWASP provides a comprehensive service, available to all irrespective of gender, race, disability, age, sexual orientation, religion or belief- Access to
NHSOWASP services (and knowledge) is based onclinicalWeb Application Security need, not an individual’s ability to pay The NHSOWASP aspires to the highest standards of excellence and professionalismThe NHSOWASP services must reflect the needs and preferences of developers, security professionals and application consumerspatients, their families and their carersThe NHSOWASP works across organisational boundaries and in partnership with other organisations in the interest of application securitypatients,localdevelopment communities and the wider populationThe NHSOWASP is committed to providing best value fortaxpayers’ moneyits funds and the most effective, fair and sustainable use of finite resourcesThe NHSOWASP is accountable to the public, communities andpatientsprofessionals it serves
This would of course mean that OWASP's OpsTeam (the current employees) take a much stronger role, and that the OWASP 'machine' is given the resources/authority to become the strong services oriented team that it wants to be.
A key challenge will be to do this without paying OWASP leaders (NHS does pay its doctors) which in my view shouldn't be done. See Why OWASP can't pay OWASP Leaders and On how to get paid to work on OWASP projects
Maybe I should add these principles to the list I wrote at I wish that OWASP in 2014 ...
