What about the future short-term direction of the group? Curphey spoke candidly about the inquiry.

"[That is] one I don't really know the answer to. There never really has been a great master plan or a thought about the limits of what we can do. I have tried to make sure all projects are doing work for the right reasons in a professional and responsible manner."

With a thriving project on his hands, Curphey talked about how organizing and funding the work may change. "Things are now at the stage where we may need to get a little more formal. We need some sponsorship to enable us to build out the web portal to provide things like customized vulnerability alerting and aggregated news as well as providing some work flow for the contributors. We have toyed with th idea of a not-for-profit foundation, but it's costly and doing accounting and taxes will certainly take some fun away." He commented further on the issue of funding.

"I think OWASP is providing an important public service but with appropriate funding could do a lot more. We are a best efforts volunteer group today. I would love to see us grow to a not-for-profit funded group who can dedicate our efforts to the project. I am sure you can appreciate the daily work demands on the developers we have contributing code for WebScarab for instance. With a few full time developers the world would have some great products much faster. In an ideal world we would be able to pay the developers to build Open Source tools. When we have the first release of several of the current development projects under our belts, I think we will be in a better position to attract long term funding."

Like any other project, Curphey has faced his share of funding challenges. Other areas that are testing his leadership skills and his team's resources include coordination with other organizations, malicious use of the group's work and the continued guidance of the project.

Next: Agency Coordination, Use of Technology By the Bad Guys, and the Long Term »