[Committees-chairs] Top 10 Book Covers

Tom Brennan tomb at owasp.org
Wed Aug 17 11:29:35 EDT 2011 

Different audiances need different things

Some groups will eat up the LIVECD - https://www.owasp.org/index.php/Category:OWASP_Live_CD_Project  (btw with lots of .pdf on it as well)

Others prefer the - https://www.owasp.org/index.php/Cheat_Sheets

Still others need a 2 page (front and back) summary of all the projects and the summary/abstract https://www.owasp.org/index.php/Category:OWASP_Project

The people that are on the ground doing the events are volunteers community professionals and based on there judgement and submission of what they need into OCMS https://www.owasp.org/index.php/Owasp_Conference_Management_System  things fall into place and we can track, trend and report on it.

As a example -- look forward to the Industry survey - that should help us understand the "CUSTOMER" better -- that is the goal of a survey.


On Aug 17, 2011, at 11:23 AM, Rex Booth wrote:

> So perhaps this is a terminology issue.  The Top 10 pamphlet is not a book, folks - it's a pamphlet.
> 
> OWASP also has books that it has printed out (the secure coding methodology, I think, among them).  THOSE are books.  You know - lots of pages, a spine, bound, etc...
> 
> Now that we're all on the same page:
> 
> 1) Pamphlets good
> 2) Books bad
> 
> Rex
> 
> On 8/17/2011 11:19 AM, Sarah Baso wrote:
>> 
>> Rex,
>> 
>> Have you seen the printed book we are talking about? I am not sure it is that different than the "pamphlet" you are referring to (maybe we are talking about the same thing). These book(lets) are easy to carry and attractive.
>> 
>> From my experience talking to people at both Black Hat and Secure 360 (as well as some of the chapter meetings which the top 10 books have been distributed), I respectfully disagree. ESPECIALLY for people that come to the booth or are trying to learn about OWASP having something like the Top 10 in the format of the book have been great and well received -- they help people understand one core thing that OWASP has out in the community and it is a desk reference they can take with them. I have had much success talking about OWASP with a copy of the Top 10 in hand AND have had people coming back and asking for more to take back to their office. I don't think anyone cares about throwing them away in a year (or less). 
>> 
>> Sarah
>> 
>> 
>> On Wed, Aug 17, 2011 at 10:11 AM, Rex Booth <rex.booth at owasp.org> wrote:
>> No, books are not a good thing.  Handouts / pamphlets are.  Two very separate things.
>> 
>> As a consultant, I can take a copy of the top 10 printout into any client and leave it on their desk.  It's convenient for me to carry, It's attractive and easily digestible for my clients, and if it becomes dated in a year or so, nobody feels guilty about throwing it away.
>> 
>> None of the above is true for a book.
>> 
>> 
>> On 8/17/2011 11:05 AM, Kate Hartmann wrote:
>>> 
>>> Rex, agree about the expiration point.  Here is what you said in an email (separate thread) a few minutes ago J  “If it's fellow security consultants, I think hard-copy printouts of the top 10, etc, would have                       the most impact.  It would allow us to use them as force multipliers, too, and have them spread the word of OWASP for us.”
>>> 
>>> 
>>> Books are a good thing.
>>> 
>>>  
>>> Kate Hartmann
>>> 
>>> Operations Director
>>> 
>>> 301-275-9403
>>> 
>>> www.owasp.org
>>> 
>>> Skype:  Kate.hartmann1
>>> 
>>>  
>>> From: Rex Booth [mailto:rex.booth at owasp.org] 
>>> Sent: Wednesday, August 17, 2011 11:01 AM
>>> To: Kate Hartmann
>>> Cc: 'Jason Li'; committees-chairs at lists.owasp.org
>>> Subject: Re: [Committees-chairs] Top 10 Book Covers
>>> 
>>>  
>>> My thoughts:
>>> 
>>> 1) It needs to be generic and not time-sensitive.  Nothing helps make a resource look dated like an ad for a past conference on the cover, even if the content is still valid.
>>> 
>>> 2) Why are we spending thousands of dollars printing out books (as distinct from hardcopies of the top 10)?  Isn't that a little antiquated for a technology organization?  If we want to provide handouts, let's burn electronic copies to a DVD or thumbdrive or something.  Books seem wasteful in a whole bunch of ways - cost, environmental, space, etc.
>>> 
>>> Rex
>>> 
>>> On 8/17/2011 10:35 AM, Kate Hartmann wrote:
>>> 
>>> I agree to some extent that the inside cover should be generic, but our current “about OWASP” https://www.owasp.org/index.php/About_The_Open_Web_Application_Security_Project seems to focus more on how we are than what we are.  (governance, tax status, etc).  The inside cover of the Top 10 is an opportunity to promote more of what we do.  Maybe something like “if you find this book interesting, be sure to visit https://www.owasp.org/index.php/Category:OWASP_Project and look at [insert projects and focus points]
>>> 
>>>  
>>> Or, maybe something like … come to our Global App Sec Conferences [insert list of known events for the next 12 months]
>>> 
>>>  
>>> Or even … “as not what OWASP can do for you, but what you can do for OWASP” [insert link for current volunteer openings, ways to get involved, things we are working on]
>>> 
>>>  
>>> Kate Hartmann
>>> 
>>> Operations Director
>>> 
>>> 301-275-9403
>>> 
>>> www.owasp.org
>>> 
>>> Skype:  Kate.hartmann1
>>> 
>>>  
>>> From: Jason Li [mailto:jason.li at owasp.org] 
>>> Sent: Wednesday, August 17, 2011 10:24 AM
>>> To: Kate Hartmann
>>> Cc: committees-chairs at lists.owasp.org
>>> Subject: Re: [Committees-chairs] Top 10 Book Covers
>>> 
>>>  
>>> That's an interesting idea - but I'm not sure how I personally feel about putting such OWASP promotion inside the book.
>>> 
>>>  
>>> On the one hand, it's great to promote OWASP. On the other hand, a book is a rather persistent/permanent publication... hopefully the book will see a long life of usage and as a result, any such promotion will become dated (conferences pass, projects grow stale, etc). Moreover, when I think about what a normal book does on the inside cover, it's usually either blank - or it occasionally has a brief bio on the author. If we want to put something on the inside cover, I would suggest a generic "About OWASP" blurb. Just my humble opinion.
>>> 
>>>  
>>> With regards to professional services, I'm assuming that the urgency of Kate's request is because we want to get these books printed for an upcoming event (i.e. AppSecUSA?). If that's the case and we're under a time constraint, then I would suggest we try to find someone willing to design the inside cover for free or simply leave it as is. 
>>> 
>>>  
>>> As you guys know, I'm all for scalable, repeatable processes. If we have to fund professional services for this design, I think we will get better value by commissioning a generic template for the comprehensive layout of an OWASP book (typography, page layout, etc). Such a template could be re-used by any OWASP docmentation project, rather than piecemeal design for an individual project. Commissioning such a comp is on the GPC todo list and was part of our budget request for 2011 - but it is a task that we are not projecting to tackle until October or November at the earliest.
>>> 
>>>  
>>> -Jason
>>> 
>>>  
>>> On Wed, Aug 17, 2011 at 9:44 AM, Kate Hartmann <kate.hartmann at owasp.org> wrote:
>>> 
>>> One item that was on the agenda for yesterday’s postponed call was a discussion on what we should put on the inside cover of the “stock” copies of the OWASP Top 10.  My suggestion would be one of two “flyers” created to advertise projects and/or conferences.  We could do one page with both topics or one page specifically for projects and one just for conferences.  Please reply to this email indicating your preference:
>>> 
>>>  
>>> Projects page
>>> 
>>> Conferences page
>>> 
>>> Combined projects and conferences page
>>> 
>>>  
>>> Secondly, should we enlist professional services for design of this page? 
>>> 
>>>  
>>> Kate Hartmann
>>> 
>>> Operations Director
>>> 
>>> 301-275-9403
>>> 
>>> www.owasp.org
>>> 
>>> Skype:  Kate.hartmann1
>>> 
>>>  
>>> 
>>> _______________________________________________
>>> Committees-chairs mailing list
>>> Committees-chairs at lists.owasp.org
>>> https://lists.owasp.org/mailman/listinfo/committees-chairs
>>> 
>>>  
>>> 
>>> 
>>> 
>>> _______________________________________________
>>> Committees-chairs mailing list
>>> Committees-chairs at lists.owasp.org
>>> https://lists.owasp.org/mailman/listinfo/committees-chairs
>>>  
>> 
>> 
>> _______________________________________________
>> Committees-chairs mailing list
>> Committees-chairs at lists.owasp.org
>> https://lists.owasp.org/mailman/listinfo/committees-chairs
>> 
>> 
>> 
>> 
>> -- 
>> Administrator for
>> OWASP Global Conference Committee
>> OWASP Global Chapter Committee 
>> Los Angeles OWASP Chapter
>> 
>> Dir: 312-869-2779
>> skype: sarah.baso
>> 
> 
> _______________________________________________
> Committees-chairs mailing list
> Committees-chairs at lists.owasp.org
> https://lists.owasp.org/mailman/listinfo/committees-chairs

-------------- next part --------------
An HTML attachment was scrubbed...
URL: https://lists.owasp.org/pipermail/committees-chairs/attachments/20110817/c2e5f97d/attachment-0001.html

More information about the Committees-chairs mailing list