Well, I’ve been extraordinarily busy this year. Far too busy to do much beyond scratch myself. I feel bad as I:
- Didn’t end up writing a book, much to my wife’s relief
- Failed to blog as much as I wanted to, particularly on the layer 7, 8 and 9 issues such as business logic flaws that I love so much
- Left the OWASP Board without achieving anything major organizationally in the last twelve months. I never intended to stay on the board forever, but I achieved far less than I could have in the time I had, such as adopting a proper Foundation / Core / Leaders
- Failed to release any new releases of UltimaBB through complete inactivity
- Failed to lose any weight. In fact, I put on 15 kg since arriving in the USA, the single largest one year bump ever
- Failed to work on the OWASP Guide (much)
- Failed to improve my (weak) Japanese or learn Spanish even though that would be handy as you hear it so much here. My iPod is bursting at the seams with hundreds of Japanese and Spanish lessons, and I’ve listened to like five episodes all up
Listing it out like this, it’s like 2007 was a big fat failure. But that’s not entirely true:
- Moved to the USA and settled down. This doesn’t sound like much, but only if you’ve never moved country.
- Made a baby with my lovely wife. Our daughter is coming real soon now – we’ve had several close calls and she can’t wait to get out by the looks of things
- Saw about 25 of the 58 possible states*. The USA is awesome. I’ve been from Miami to Boston, from NYC to LA, and it’s so totally different and yet familiar. I can’t wait to see more.
- Got the job of a lifetime. The guys at Aspect are everything I thought they’d be and more. It’s a wonderful work environment with great people at the top, funny co-workers, and the work is challenging and varied, which is just up my alley.
- Lead Author and Editor of the Top 10 2007. That was a huge undertaking – incorporating all the other folks efforts. I’m glad it’s out there
- With my OWASP and Aspect hats on, worked on the SANS GSSP for Java with a bunch of other folks. We need certifications to get rid of the unqualified cowboys from our field. I am reasonably certain that multiple choice exams are NOT the way to do this, but it’s not likely my way (a master’s like dissertation or practical project) would fly
- Worked on the SANS Top 20 again (and got Jeremiah in on the act – he updated the first draft this year – much kudos to him!)
- Got the XMB folks back up on their feet with a dynamic set of programmers… which sort of took the wind out of UltimaBB, but that’s okay. XMB deserves all the success in the world after so many years of being effectively mismanaged
- Worked on researching mainframe security for web apps, which seems a total blank slate, yet vital to the world’s financial industry.
So next year, I plan to revisit some of my favorite themes, but I will only blog once in a blue moon by design. The blog entries will be farther apart, but I plan to make them content rich. Many of them will be previews for new OWASP research. In the meantime, I’m sure my life is about to completely change by a small 3 to 4 kg baby girl. We’ll see what happens next year!
* I say 58 not because I’m geographically challenged, just that Australia is the 51st through 58th (puppet) states. We’ll see if the new PM is a bit more independent or whether we trade one colonial master we ignore for another