[Global_chapter_committee] chapter leaders input for summit

Seba seba at owasp.org
Wed Feb 9 20:25:10 EST 2011


Below the responses from chapter leaders to the online survey launched
Dec-Jan as input/questions for the Summit


Please provide us with any additional feedback to be reviewed at the OWASP
Summit? We expect 160+ of these and will post them publicly for everyone to
see to help us improve OWASP.

Give local chapter leader more control of chapter funds.
"At the current rate, USD 50 is a very stiff membership rate for Vietnamese,
especially when most of meeting attendances are students.

I'd like the GMC to think of region-based minimum rate, or, a voluntary
"Well, we not yet have any OWASP Summit in Malaysia. We just handle small
events like monthly meetup and some coffee shop meeting. In Malaysia we are
now starting back to up the community after last administration just abandon
the OWASP Malaysia.

I just tak over this chapter last year and we start to rebuild back this
community. For now we have around 400 people in our mailing list. We are now
start to promote OWASP to Malaysia and we collaborate and engage with OSS
community in Malaysia. We now try to get support by local gov and also local
company to support OWASP Malaysia in term for cover our Meetup every month.

We will learn from others chapter that held the OWASP Summit but our chapter
have limited budget and limited access. However we need guide and also
mentor from OWASP Foundation to look around our chapter i mean experience
OWASP board so we can learn how they manage it it would be appropriate for
beginner like us.

We need to find better ways of engaging directly with developers, through
mediums and formats that they already know and understand. We need to speak
their language, not ours.
"1. Increasing brand awareness of OWASP around the world beyond just the US
and Europe.
2. Allow student memberships at a further discounted rate
3. Build a repository of multimedia content to educate developers of the
adverse impact of insecure codes."
We are a new chapter and heve no funds.

"We planning to do a Training in Paris as in end April/beginnin gof May. We
need funds to bring some guys to Paris.
We planning some other meetings and need to invite some leaders too.

None of ours could be in Portugal, and we are very disapointed to not be
"- Organize Secure Coding Competitions during appsec conferences as a way to
encourage students from universities & third level institutions to
participate in these events and help them build safer apps.
- Improve OWASP website design to make it more friendly and easier to
navigate for users."
"I'm mostly happy with the organization and complete support the mission,
but at times I feel like we could treat our people (OWASP leaders and
members) better.

For example, last year various parts of my owasp chapter wiki are locked for
editing.  I wrote to multiple people (don't want to name names) and asked to
have it unlocked, or to explain why other chapter pages have been able to
customize theirs and I can't.  Emails ignored.

This is one of several cases where I've asked for help with something and
couldn't get any support.   What happened to professional courtesy?  I
understand people are busy, but if you are too busy to help, you should at
least respond and let the person know.  Being a chapter leader isn't easy
and it is very discouraging when you can't get a very basic level of support
with simple things like this.


"The Uruguay Chapter just started, but with a lot of support from a local
University : ORT Uruguay University.

I´m planning to go to the Summit, but I funds support to could assist. Also
could be great to get funds to invite the coordinator of the supporter
University to get more involved with OWASP."
"Not sure how much local funds need to be allocated yet.  Will know once we
hear from the travel company.

Note also that the Denver leaders are currently (trying) to run Boulder
also, as we've been unable to find a suitable replacement the founder and
former leader of that chapter."

"We need a clear process to request OWASP materials,banners and logos,

I also would like OWASP leaders to discuss adjusting the membership fees
scheme as the current common feedback is that its too expensive for our
chapter to expand. I suggest we follow the model of the ACM.ORG where they
differentiate the membership cost by region/student/professional..etc

\\thanks and kindest regards

I think we should review the chapters structure -- I agree about having
regional chapters leaders board, using the same structure as conference
committee in order to standardize all nomenclatures inside OWASP, and when a
country has many chapters, a national chapter leaders board is also

"Hope Everyone has fun at the summit :)

In terms of feedback, I'd agree with some of the comments on the mailing
list around focus.  I think one of OWASPs great strengths is the diversity
of people and projects, but I'd say that there can be too much of a good

Realistically OWASP leaders can only focus on a limited number of projects
at any one time, but new ones seem to spring up all the time, which has to
mean that less time is spent per-project.

At the moment there are (by a rough count) 136 OWASP projects betweeen
Release, beta quality and alpha quality (19 Release, 28 Beta and 89 Alpha),
and I'd say that maintaining momentum on that number of different projects
is a really difficult task..

I'd recommend focusing more effort on key projects, and perhaps restricting
the number of new projects.




One thing that is missing here is the expected amount of hours that
'leaders' are required to put in in order to be a 'leader'. It doesn't
detail this in the handbook and there are no stipulations in terms of how a
chapter can govern accountability of this time requirement being met.
I expect to have a discussion about the involvement of OWASP with the
research and academic world. Also expect to resume the discussion about the
involvement of OWASP work on local and european research funding
"I'm interested in the following topics:

* How to recruit members for local chapters including those in US and
greater China?
* Has the board considered different membership and sponoring amount for
students and residents of China?
* Would like to know details of the International and related projects
because I'm a leader of the Chinese Project.
* Accounting rules are different in China.  Currently it's cumbersome to
obtain membership and donation in China.  What can we do to help?
* I would like to attend the summit representing both Long Island and China
chapter.  I have submitted an application to the OWAPS board for funds. Is
it appropriate to apply for funds for the Long Island chapter and use for
the submit?"

"We're having a hard time to keep up the local chapter here running as many
regular members from Penang chapter had been moving to KL. We're looking
forward to have a mini conf/seminar at a few local universities here to
attract more members but the budget is always a main problem.
"We believe that OWASP should also establish legal status in Europe. This
would primarily facilitate accounting with many positive side-effects
(facilitate sponsorship, organization of local conferences, etc.). In the
leaders list, we have also identified numerous times the need for a European
OWASP shop.

Also sponsors and members rates should be flexible in order to match
different cultural and economical situations around the world. Also students
should benefit of a discount in membership rates, in order to attract
students-future developers.

OWASP should focus on bringing the AppSec word to non-security people. To
succeed in this we should develop complete educational frameworks for every
OWASP project. The OWASP Academies project is already doing a terrific work
on this."

I'm on the Global Chapter Committee and I don't agree with the new Chapter
Handbook. I will be discussing my opinions with the rest of the committee
over time.

"We held a handfull of local chapter meetings during 2010 in Denmark. What I
think really gave us all a motivation boost was when we had Samy Kamkar over
with the help of OWASP funding. We would love to see more international
presenters come to Denmark if possible.

It was also cool for us to be credited in the new OWASP Top 10. That was
also highly motivating since we did spend some time on it in Denmark.

Denmark has also had a good cooperation with especially John Willander and
the Swedish chapter over time and I think if we could expand this to a cross
Nordic OWASP cooperation it would be really nice.

Ulf Munkedal"
This is nothing but a freshly initiated OWASP local chapter.

"We still have no income (Bratislava is quite small city), but from 1.1.2011
we have a new stable place for regular OWASP meetings in local Bratislava
hackerspace, see http://www.progressbar.sk/ !

I believe this can increase number of all people interested in WebAppSec
that will support OWASP (in any way) including paid membership."

We request opportunities for speakers and vendor representatives to go on a
circuit and wish to encourage vendors to travel to our area.  AppSec
training is a huge need in the Midwest, from Omaha to Wichita to Topeka to
the greater Kansas City area.

"We need to constantly work on the OWASP goal: ""improving the security of
application software"". Looking at some of the latest activities, it seems
not all of them are aligned with our mission. Let's review these and/or
review our mission/ principles.
Every activity should be aligned with our mission:
Our mission is to make application security visible, so that people and
organizations can make informed decisions about true application security
According to these principles:
- We do this as a not-for-profit worldwide charitable organization.
- Everyone is free to participate in OWASP
- All of our materials are available under a free and open software
We, (OWASP Indonesia Local Chapter) haven't any funds yet so we don't have
anything to transfer. I have ask for a sponsorship to OWASP.

Chapter admin should be more accessible and info up to date. so that chapter
leaders can spend time doing useful thing while keeping admin to the minimum
(time) effort.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: https://lists.owasp.org/pipermail/global_chapter_committee/attachments/20110210/45ad944e/attachment.html 

More information about the Global_chapter_committee mailing list