[Owasp-summit-2013] OWASP Summit 2013 Venue

dinis cruz dinis.cruz at owasp.org
Tue Mar 20 00:36:57 UTC 2012


*A revamp and focus on OWASP projects is absolutely critica*l, BUT,
an interesting question is: *'Is this Summit the best place to do that?'*
*
*
For example Jason and Chris already tried to have a focused group to work
on OWASP projects at the last OWASP USA AppSec, and it was a though
exercise.
*
*
Also, if the plan is to have project leaders to all go to one location and
work on OWASP projects (which is a cool vision), shouldn't we first:

   - Identify what should be the 'objectives and deliverables' for such
   gathering of owasp project leaders (and its users)
   - Figure out what should be the criteria to select the projects that
   should be supported/focused-on
   - Contact the leaders of the projects that fit that criteria and ask
   them:
      - *Do they agree with the proposed  'objectives and deliverables' for
      them?* (first point)
      - *Can they go to 'a Summit' and work on their project, if OWASP
      covers all their expenses?* (yes ideally they will get a sponsor, but
      one has to start with a baseline assumption that we will have to cover
      their costs (after all they are critical for the task at hand))
      - *When can they spare a week to go to this Summit?*
      - *Where are they in the world? *(at that time)
      - *How far are they willing to travel?*

Note that the boat could be a great venue for this, it is just that we have
start from the other end (and the data collected from the questions above
might point to another direction).

Another potential issue with doing this type of 'OWASP Project focus' (or
other Codeathon activities) during a big (150+ people) OWASP Summit, is
that most OWASP leaders will want to participate on the other Working
Sessions. That is why creating a schedule for a Summit (of this size) is
so challenging (its almost like writing a song where the the 'speed' and
'dynamics' of the Working Sessions will make a massive difference).

At the last Summits, It was very difficult to pin down the participants to
a specific topic for more than 2 to 4 hours.

And realistically, would these OWASP Project leaders really want to spend
most of the Summit time in a room coding? (with everything else going on?)

I can see students and*'want-to-learn-how-to-use-this-tool-type-of-attendee'
*doing that, but usually our OWASP Project Leaders are active players in
our world, and they will want to be involved in the multiple Working
Sessions.

That said,* I do think that there is so much work that needs to be done to
'clear up' our OWASP projects, that a focused Summit is probably the only
way to do it*. I just question if the *Summit 2013 on Boat*, is the best
place for that to happen.

I also don't like the fact that that is almost 1 year from now, and *we
need to get out projects cleaned up much sooner than that!!!!*

Dinis Cruz


On 19 March 2012 23:15, Mark Bristow <mark.bristow at owasp.org> wrote:

> Eoin,
>
> Jason and I were just discussing this.  I agree 100% but it will
> require some planning on the front end to make sure we have the right
> people/projects.
>
> I'm hoping the GPC can help coordinate here but I'm sure they'd live
> your leadership on the matter.
>
> -Mark
>
> Sent from my wireless device
>
> On Mar 19, 2012, at 6:59 PM, Eoin <eoin.keary at owasp.org> wrote:
>
> > Cool,
> > I'd like to have a "track" focusing on owasp projects.
> >
> > Prior to this we need to identify existing and new blood to put the work
> in. Invite such people to the summit to demonstrate the foundations
> commitment to supporting this initiative.
> >
> > We also need to allocate new leaders where appropriate.
> > Purpose of the exercise is to flesh out the project deliverables,
> allocate roles and figure out timeframes.
> >
> >
> >
> >
> >
> >
> > Eoin Keary
> > BCC Risk Advisory
> > Owasp Global Board
> > +353 87 977 2988
> >
> >
> > On 19 Mar 2012, at 22:50, Ralph Durkee <Ralph.Durkee at owasp.org> wrote:
> >
> >> I agree that it would be good to have this Summit focus more on
> >> rebooting and revitalizing existing projects, and less so on starting
> >> new ones.   The projects are a huge part of OWASP, and need renewal.   I
> >> think we all agree that the Summit is not a conference, and it's really
> >> more project focused.   We do spend a lot of effort and emails on
> >> conferences, mostly because they are the major funding for OWASP, but
> >> the projects are where OWASP started, and they are better at providing
> >> lasting value to the community.
> >>
> >> To tie this in to the venue discussion, I think the cruise is the ideal
> >> way to get people together to work, since it's isolated, and comfortable
> >> and yet well equipped for collaborative work.
> >>
> >> --Ralph
> >>
> >> On 3/19/2012 5:30 PM, Eoin wrote:
> >>> Summit is important, we all get together and have a week to bounce off
> each other and energise, the last one really did achieve this thanks to
> mark, Dinis etc.
> >>> I believe we need to figure out what's that vision for the event. Why
> are we all converging at one place? What's the purpose?
> >>>
> >>> One item not mentioned in recent months is that state of owasp
> projects.
> >>> Many are inactive, static or dead. Our flagship projects are old and
> need refreshing. I really believe we should fund a strategy to reboot and
> onboard new blood for our projects.
> >>>
> >>> If we have money to spend we should spend some of it on things that
> make a difference to the world......
> >>>
> >>> It appears to me that we, as a global group are focused on conferences
> and events rather than the core of the foundation which IMHO are our
> documents and projects.
> >>>
> >>> This idea does not take away from the notion of holding a summit but
> we need to be mindful if why owasp exists in the first place??
> >>>
> >>>
> >>> -ek
> >>>
> >>>
> >>>
> >>>
> >>>
> >>>
> >>>
> >>>
> >>> Eoin Keary
> >>> BCC Risk Advisory
> >>> Owasp Global Board
> >>> +353 87 977 2988
> >>>
> >>>
> >>> On 19 Mar 2012, at 21:19, Jim Manico <jim.manico at owasp.org> wrote:
> >>>
> >>>> We already have several FTE's administering and working for OWASP. Is
> that bad?
> >>>>
> >>>> --
> >>>> Jim Manico
> >>>> (808) 652-3805
> >>>>
> >>>> On Mar 19, 2012, at 10:14 PM, Ralph Durkee <Ralph.Durkee at owasp.org>
> wrote:
> >>>>
> >>>>> So instead of having a Summit the money would be better spent hiring
> a
> >>>>> FTE?  I thought this was OWASP!
> >>>>>
> >>>>> -- Ralph
> >>>>>
> >>>>> On 3/19/2012 8:46 AM, Eoin wrote:
> >>>>>> Think of the projects we could productize (production quality)
>  with that money?
> >>>>>>
> >>>>>> We could employ a fte for 2 years to develop an open source static
> analysis engine for example?
> >>>>>>
> >>>>>> Just saying.....
> >>>>>>
> >>>>>>
> >>>>>> Eoin Keary
> >>>>>> BCC Risk Advisory
> >>>>>> Owasp Global Board
> >>>>>> +353 87 977 2988
> >>>>>>
> >>>>>>
> >>>>>> On 19 Mar 2012, at 12:19, "Dennis Groves, MSc" <
> dennis.groves at gmail.com> wrote:
> >>>>>>
> >>>>>>> On 19 Mar 2012, at 11:52, Jason Li wrote:
> >>>>>>>
> >>>>>>>> I'm not saying that it's a bad idea, but managing the perception
> is no
> >>>>>>>> small task and should be considered as part of the cost in the
> overall
> >>>>>>>> evaluation process.
> >>>>>>> I would go so far as to say that in many cases perception is
> reality.
> >>>>>>>
> >>>>>>> Even if the summit was wildly successful, and I hope it is - and
> produces some amazing document like say the definitive guide to cloud
> security - what do you think people will remember 3 years from now…
> >>>>>>>
> >>>>>>> That you spent $350k of the non-profits community money and took a
> holiday aboard a floating casino, or that your produced the definitive
> guide to cloud security?
> >>>>>>>
> >>>>>>>
> >>>>>>> --
> >>>>>>> [Dennis Groves](http://about.me/dennis.groves), MSc
> >>>>>>> [dennis.groves at gmail.com](mailto:dennis.groves at gmail.com)
> >>>>>>>
> >>>>>>> *"What is the use of living, if it be not to strive for noble
> causes and make this muddled world a better place for those who will live
> in it after we have gone."* -- Winston Churchill, October 10th, 1908
> >>>>>>>
> >>>>>>> --
> >>>>>>> You received this message because you are subscribed to the Google
> Groups "OWASP Summit 2013" group.
> >>>>>>> To post to this group, send email to owasp-summit-2013 at owasp.org.
> >>>>>>> To unsubscribe from this group, send email to
> owasp-summit-2013+unsubscribe at owasp.org.
> >>>>>>> For more options, visit this group at
> http://groups.google.com/a/owasp.org/group/owasp-summit-2013/?hl=en.
> >>>>>>>
> >>>>> --
> >>>>> You received this message because you are subscribed to the Google
> Groups "OWASP Summit 2013" group.
> >>>>> To post to this group, send email to owasp-summit-2013 at owasp.org.
> >>>>> To unsubscribe from this group, send email to
> owasp-summit-2013+unsubscribe at owasp.org.
> >>>>> For more options, visit this group at
> http://groups.google.com/a/owasp.org/group/owasp-summit-2013/?hl=en.
> >>>>>
>
> --
> You received this message because you are subscribed to the Google Groups
> "OWASP Summit 2013" group.
> To post to this group, send email to owasp-summit-2013 at owasp.org.
> To unsubscribe from this group, send email to
> owasp-summit-2013+unsubscribe at owasp.org.
> For more options, visit this group at
> http://groups.google.com/a/owasp.org/group/owasp-summit-2013/?hl=en.
>
>

-- 
You received this message because you are subscribed to the Google Groups "OWASP Summit 2013" group.
To post to this group, send email to owasp-summit-2013 at owasp.org.
To unsubscribe from this group, send email to owasp-summit-2013+unsubscribe at owasp.org.
For more options, visit this group at http://groups.google.com/a/owasp.org/group/owasp-summit-2013/?hl=en.

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/owasp-summit-2013/attachments/20120320/e747fd0e/attachment.html>


More information about the Owasp-summit-2013 mailing list