[Owasp-board] [Owasp-summit-europe-2008] Fwd: Yourvisit toUniversidade do Algarve
Paulo Coimbra
paulo.coimbra at owasp.org
Sun Sep 7 09:32:54 UTC 2008
Answers inline [pc].
Paulo Coimbra,
OWASP Foundation <https://www.owasp.org/index.php/Main_Page> Project
Manager
<blocked::https://www.owasp.org/index.php/OWASP_NYC_AppSec_2008_Conference>
OWASP AppSec NYC 2008 is coming... are you ready?
_____
From: owasp-summit-europe-2008-bounces at lists.owasp.org
[mailto:owasp-summit-europe-2008-bounces at lists.owasp.org] On Behalf Of
Joshua Perrymon
Sent: 06 September 2008 09:14
To: 'Eduardo V. C. Neves'; 'dinis cruz'; jeff.williams at owasp.org
Cc: 'OWASP Foundation Board List'; 'Dinis Cruz';
owasp-summit-europe-2008 at lists.owasp.org
Subject: Re: [Owasp-summit-europe-2008] [Owasp-board] Fwd: Yourvisit
toUniversidade do Algarve
I really like the idea of getting in front of more universities. This is
where the future developers will be coming from, and they need to understand
the importance of security early. I’d like to see some hands-on type demos
using webgoat, or even better- tying this into the OWASP top 10. Once the
“OWASP Intro book” is completed, this would be an asset to leave behind, or
send early to attendees if possible (download from lulu.com)
[pc] Seems to me a good way of working out a place in the future. We can
teach, right now, open and secure internet to our future OWASP contributors
and users.
Another PR aspect, may be to send the book out to media, .gov, and other
similar organizations with an invitation to one of the college events??
Just thinking of a way to get a buzz going without much overhead.
[pc] If we decide also to focus somehow in the local community, I
guess/wonder if the Portuguese government would possibly be open to a
contact made by our organization. They say publicly about their commitment
to the technological education and internet access for everyone. Maybe a
straight well-written American contact presenting the OWASP’s
characteristics, potential and usefulness could obtain some money and press.
I don’t know. The ministry in charge of science and
<http://www.mctes.pt/?idc=15> technology is Mariano Gago. Regarding the
private sector, Glint <http://www.pararede.com/> is the current designation
of ParaRede, one company that trades in technology, information systems and
electronic payment systems. One of the biggest Portuguese telecom is
Portugal Telecom <http://www.telecom.pt/InternetResource/PTSite/UK/> and
another interesting player from the same industry is SONAE
<http://www.sonae.pt/> , its bidder, the one that have recently essayed its
hostile purchase. One national respected technological school in our field
is IST <http://www.ist.utl.pt/en/?language=en> . We have also a way of
reaching the Portuguese KPMG branch through martin.jordan at kpmg.co.uk, the
principal adviser to KPMG/London on IT security. Paulo Querido
<mailto:pauloquerido at gmail.com> is a Portuguese blogger
<http://pauloquerido.net/> that writes about web and software development
in the most read Portuguese weekly newspaper (Expresso
<http://impresa.newspaperdirect.com/epaper/viewer.aspx> ) and Luís Rosendo
<mailto:lmrosendo at generator.pt> is the owner of a PR agency (Generator
<http://www.generator.pt/> ) with good national reach to whom I can ask to
spread our message in Portugal.
The colleges would host the event for free it looks like, and they would
have enough space to hold plenty of people. I guess you could also have a
small vendor area, but this depends on location and schedule I suppose.
[pc] Yes, we have a large variety of contents to divulge/sell. With the
SoC’s deadline, new contents and covers will be shortly available. By the
way, I think Kåre Presttun <mailto:kaare at mnemonic.no> is working to find
out a solution for OWASP in terms of booths. I am not sure if OWASP has
others promptly available.
This is like a chain of events in a way. You start the buzz with the
Universities and media using an onsite rally the troops style approach, then
use this to further promote the larger OWASP conferences.
[pc] I presume you have the list of press contacts recently sent off by
Brandi Moore to the OWASP PR mailing list. Maybe Tom Brennan can also help
us with this matter by sharing his NYC experience and press contacts.
For the Portugal Conference, I’m going to start a list of targeted
demographics and work on promoting and getting a buzz going. First, I we
need to think of a good angle/pitch. I think it’s cool that you can
basically learn about most of the OWASP projects in a short amount of time.
Not to mention some of the larger scale talks that will be going on. So
something like “ Come help make a change in global application security” .
[pc] I stole your line and added it to our Summit wiki page.
I think the message needs to state the importance of this “Global Event”,
and how much safer OWASP is making the applications of the world. That’s
the reason I wanted to get involved. Unlike a lot of other security
organizations that are in this solely for profit, OWASP brings value and can
grow due to investing the money back in the people.
#1 So this is the current task list for the conference right?
https://www.owasp.org/index.php/OWASP_EU_Summit_2008_Tasks
#2 How many people do we plan on having come to the event and buy tickets?
Is there a capacity on this?
[pc] Four-hundred people was the maximum number mentioned to the hotel
management.
#3 Who will be coming to the event? Who do we want to come to the event?
* Media / NewsPapers
* Universities
o Students
o Facility
* .Government/Authorities
o Police / Forensics/ Special Divisions
* Local IT Security Organizations/chapters/clubs?
* Public Sector Business
o Financial
o Healthcare
o Construction
o High-tech
o Software Dev Shops
Once we have a good hook to get a buzz going, we can put together a few PR
campaigns targeting the list above.
[pc] As in the other Summit organizational matters, we are already delayed
and your contribution is priceless. Thank you.
Thoughts? Ideas? Flames? ;)
JP
From: owasp-summit-europe-2008-bounces at lists.owasp.org
[mailto:owasp-summit-europe-2008-bounces at lists.owasp.org] On Behalf Of
Eduardo V. C. Neves
Sent: Friday, September 05, 2008 6:54 PM
To: dinis cruz; jeff.williams at owasp.org
Cc: OWASP Foundation Board List; Dinis Cruz;
owasp-summit-europe-2008 at lists.owasp.org
Subject: Re: [Owasp-summit-europe-2008] [Owasp-board] Fwd: Your visit
toUniversidade do Algarve
That is a great idea. We need to produce the letter as fast as we can and as
I did not receive the template yet, I will begin to work on something with
Jeff and share with the list. Can we complete this task on Sep. 9?
regards,
Eduardo, the "never stop to bug the list man" :)
----- Original Message -----
From: dinis cruz <mailto:dinis.cruz at owasp.org>
To: jeff.williams at owasp.org
Cc: OWASP <mailto:owasp-board at lists.owasp.org> Foundation Board List ;
Dinis Cruz <mailto:dinis at ddplus.net> ;
owasp-summit-europe-2008 at lists.owasp.org
Sent: Friday, September 05, 2008 7:26 PM
Subject: Re: [Owasp-summit-europe-2008] [Owasp-board] Fwd: Your visit
toUniversidade do Algarve
Now you're getting in to the groove :)
In my mind, this 1-day mini-conference at the University is specifically
designed to help to create the template to this type of events. The final
objective is to be able to 'productize' it so that OWASP related speakers
can deliver them over and over again (with minimal effort from the OWASP
mother-ship).
The costs for this could be covered by OWASP, or by a sponsor (since this is
one of those activities that generates a lot of good will).
And if we tie this with events like the OWASP Summit, the costs are even
lower since the speaker will already be scheduled to be there, so the extra
cost should be minimal :)
Jeff, with that in mind, are you ok with the idea of trying to get a couple
more events like this at the other Portuguese Universities that we will be
working with (we can even do an OWASP tour from the north of Portugal to the
south :) ).
Dinis
2008/9/5 Jeff Williams <jeff.williams at owasp.org>
I like the idea of reaching out beyond the security community – particularly
to developers - and universities might be a good way to get them young.
I think we should really think this through though. We can't just give
advanced talks – we'd have to give talks about basic stuff. Training
really.
Maybe it would be awesome for OWASP to fund appsec people to go give a
training day (free) at a university near where they live. OWASP provides
the materials (maybe some video). Would it be worth $1000 to teach a CS
department at a major university?
If we put some requirements on the program, people could make it a nice
resume builder (Approved OWASP Liason). (I'd call them Missionaries, but
you're already frowning on the Evangelist title).
Talk about some serious goodwill.
--Jeff
From: Dinis Cruz [mailto:dinis at ddplus.net]
Sent: Wednesday, September 03, 2008 6:58 PM
To: jeff.williams at owasp.org
Cc: dinis cruz; owasp-summit-europe-2008 at lists.owasp.org; OWASP Foundation
Board List
Subject: Re: [Owasp-board] Fwd: Your visit to Universidade do Algarve
They are the biggest University of the region and one the biggest in
Portugal. If there were good accommodation solutions close by we could even
do the Summit in there.
The one day conference at they campus is a great opportunity for OWASP to
expose our world, ideas and projects to a much wider audience. The deal is
that they organize everything and we only have to provide the speakers. This
is a great model for OWASP since it could scale quite easily and give OWASP
a much stronger presence at Universities.
You guys are reading too much on the test of their web application. Like I
said before this is just a low hanging fruit exercise and one that will be
made at the discresion of the OWASP people involved (assuming of course we
receive the proper authorization from the University Dean (also, nobody
'has' to participate).
I think it is a great deal, and I was actually thinking of proposing similar
deals with the other universities that I also want to have a connection with
this summit (of course that the further we go from the summit (in terms of
days and distance) the more there is a requirement that the 1-day conference
organizers pay for the speakers expenses).
In my view doing these 1-day events at universities are a perfect match for
OWASP' values and objectives.
Finally, given the PR value that we will get from this, I think that this is
a very good trade-off for OWASP
Dinis
On Wed, Sep 3, 2008 at 11:38 PM, Jeff Williams <jeff.williams at owasp.org>
wrote:
I'm not sure I get this. They'll help promote the conference and give us
some support people if we agree to do a one-day conference for them and test
their web application? Not sure it's a great trade-off.
--Jeff
From: owasp-board-bounces at lists.owasp.org
[mailto:owasp-board-bounces at lists.owasp.org] On Behalf Of dinis cruz
Sent: Wednesday, September 03, 2008 1:36 PM
To: owasp-summit-europe-2008 at lists.owasp.org; OWASP Foundation Board List
Subject: [Owasp-board] Fwd: Your visit to Universidade do Algarve
Hey Guys, check out the email below,
In principle we have our first Portuguese partnership for the Summit, the
University of Algarve: http://www.ualg.pt/index.php?lang=en
This is my old University and they seem to be quite motivated to work with
us.
I specially like the idea to do a 1 day event at their main campus since
that would be a great way to generate media interest to our event (they are
happy to use their marketing department to promote it) and also to further
expand our relationship with Universities (the deal is that we only have to
provide 4 to 5 speakers, and with the quantity of OWASP guys around I don't
expect that to be any problem at all :) )
Dinis
---------- Forwarded message ----------
From: Dinis Cruz <dinis.cruz at ouncelabs.com>
Date: 2008/9/3
Subject: RE: Your visit to Universidade do Algarve
To: Pedro Guerreiro <pguerr at gmail.com>
Cc: Vasco Freitas <vfreitas at ualg.pt>, paulo.coimbra at owasp.org,
dinis.cruz at owasp.org
Thanks Paulo Guerreiro.
I'm CCing Paulo Coimbra (paulo.coimbra at owasp.org) from OWASP who is the main
summit organizer.
As agreed we will send you shortly an official OWASP request for the 3
items: 10 Collaborators for OWASP Summit , one-day event at Algarve
University, and security inspection of UALG website.
Dinis
-----Original Message-----
From: Pedro Guerreiro [mailto:pguerr at gmail.com]
Sent: Wed 03/09/2008 14:55
To: Dinis Cruz
Cc: Vasco Freitas
Subject: Your visit to Universidade do Algarve
Dear Dinis,
I hope you made it safely to your home in London.
Thank you for your visit, yesterday, to our Department of Electronic
Engineering and Informatics, at Universidade do Algarve. My colleague, Vasco
Freitas, who is the head of the department, and myself, appreciated your
description of the activities of OWASP, and, in particular, of the plans for
the conference in November, at Santa Eulália.
We understood that we, at the University, could be of assistance in the
logistics of the conference, by organizing a team of around 10 students and
professors, who would be around performing various tasks (namely, for the
senior professors, chairing some sessions) and, in return, would be able to
attend some of the talks.
Actually, it would be great if, taking advantage of the presence of some
important names in Internet security in Portugal for the conference, we
could organize at the University a complementary event, say one day long,
with four 90 minutes presentations on the theme. We believe we could reach
an audience different from the one that will come to your conference. We
think this could happen on Monday, November 3, the day before the conference
starts.
We are also willing to let your team inspect the website of the University
of Algarve, for a "live" example of discovery of security faults. This would
happen in the days preceding your conference, after we get the proper
authorizations from our Rector. We will keep this activity "secret" so as
not to disturb the experiment.
This collaboration between OWASP and Universidade do Algarve -- support for
your conference, one-day event, and security inpection -- may for the basis
for a true partnership between our two organizations, that we would
increment in the future.
Best regards,
Pedro Guerreiro
_______________________________________________
Owasp-board mailing list
Owasp-board at lists.owasp.org
https://lists.owasp.org/mailman/listinfo/owasp-board
_____
_______________________________________________
Owasp-summit-europe-2008 mailing list
Owasp-summit-europe-2008 at lists.owasp.org
https://lists.owasp.org/mailman/listinfo/owasp-summit-europe-2008
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/owasp-board/attachments/20080907/edb056c0/attachment-0002.html>
More information about the Owasp-board
mailing list