<html>
  <head>
    <meta content="text/html; charset=ISO-8859-1"
      http-equiv="Content-Type">
  </head>
  <body bgcolor="#FFFFFF" text="#000000">
    <div class="moz-cite-prefix">I've found collecting  a draft of the
      presentation 30 days prior is a good practice.  The final can be
      3-5 days prior.   I would consider it professional, ensures
      quality, and allows you to have copies for attendees ready when
      they arrive.<br>
      <pre class="moz-signature" cols="72"> -- Ralph Durkee
Principal Security Consultant


</pre>
      On 03/29/2012 07:50 AM, John Wilander wrote:<br>
    </div>
    <blockquote
cite="mid:CALrECXCrGpgNQXoDCshJZiCh+dDbhkvYwksy3O-w2suQCBJjsw@mail.gmail.com"
      type="cite">My 50 cents ...<br>
      <br>
      1) The policy should be a simple bullet list and not multiple
      sections of text. Understandable for non-native English speakers
      in less than three minutes should be the goal.<br>
      <br>
      2) <i>"I will submit to the OWASP Event Leader my presentation(s)
        in one of the previous formats no later than 30 days prior to
        the conference."</i> I rarely even start preparing my
      presentation 30 days prior to the event since I want it fresh and
      in my cache. If I do prepare that early, I prepare my *demos*
      which are part of my *presentation* but not part of a slide deck.
      This 30 days rule is a typical PowerPoint Pusher requirement that
      alienates many quality presenters. Giving good talks is an art
      that doesn't fit well with static, month-old slide decks.<br>
      <br>
      3) The language of the policy is too formal for non-native English
      speakers. E.g. <i>"I agree to indemnify and hold harmless OWASP
        ..."</i>. With this level of language we'll have to translate it
      to several other languages => more time and effort spent on
      useless things while several high profile OWASP projects
      deteriorate.<br>
      <br>
         Regards, John<br>
      <br>
      <br>
      <div class="gmail_quote">2012/3/29 Dennis Groves <span dir="ltr"><<a
            moz-do-not-send="true" href="mailto:dennis.groves@owasp.org">dennis.groves@owasp.org</a>></span><br>
        <blockquote class="gmail_quote" style="margin:0 0 0
          .8ex;border-left:1px #ccc solid;padding-left:1ex"> I think we
          should be able to publish under the GNU Licenses as
          well. Additionally, I agree with Jim. I am just going to make
          it known that while I very much agree with vendor neutrality;
          however, we also must balance this with the fact that many of
          you are lucky to be supported by an employer who supports
          OWASP - and we should not discourage this! They are greasing
          the wheels and making it possible for OWASP to continue our
          mission. That said I believe OWASP should formalise that into
          a 'hard-line' so that they vendors have a clear incentives
          program, but still allows OWASP to maintain its strict vendor
          neutrality. In this way maybe more of us could find ourselves
          in the position Jim is in.<span class="HOEnZb"><font
              color="#888888">
              <div> <br>
              </div>
              <div>Dennis</div>
            </font></span>
          <div><span class="HOEnZb"><font color="#888888"><br
                  clear="all">
                <span
style="border-collapse:collapse;font-family:arial,sans-serif;font-size:13px">-- <br>
                  <a moz-do-not-send="true"
                    href="http://about.me/dennis.groves" target="_blank">Dennis

                    Groves</a>, MSc</span>
                <div> <span
style="border-collapse:collapse;font-family:arial,sans-serif;font-size:13px"><a
                      moz-do-not-send="true"
                      href="mailto:dennis.groves@owasp.org"
                      target="_blank">dennis.groves@owasp.org</a></span></div>
                <div>
                  <div style="text-align:left"><font color="#999999"
                      face="arial, sans-serif"><span
                        style="border-collapse:collapse"><span
                          style="border-collapse:separate;font-family:arial"><br>
                        </span></span></font></div>
                  <div style="text-align:left"><font color="#999999"
                      face="arial, sans-serif"><span
                        style="border-collapse:collapse"><a
                          moz-do-not-send="true"
                          href="http://www.owasp.org/" target="_blank"><img
                            moz-do-not-send="true" src="" height="36"
                            width="200"></a><br>
                      </span></font></div>
                </div>
                <div style="text-align:left"><font color="#999999"
                    face="arial, sans-serif"><br>
                  </font></div>
                <div style="text-align:left"><i
style="line-height:15px;color:rgb(51,51,255);font-family:Helvetica,Arial,sans-serif">This

                    work is licensed under the Creative Commons
                    Attribution-NonCommercial-NoDerivs 3.0 Unported
                    License. To view a copy of this license, visit <a
                      moz-do-not-send="true"
                      href="http://creativecommons.org/licenses/by-nc-nd/3.0/"
                      target="_blank">http://creativecommons.org/licenses/by-nc-nd/3.0/</a>
                    or send a letter to Creative Commons, 444 Castro
                    Street, Suite 900, Mountain View, California, 94041,
                    USA.</i></div>
              </font></span>
            <div>
              <div class="h5"> <br>
                <br>
                <br>
                <div class="gmail_quote">On Thu, Mar 29, 2012 at 04:47,
                  Benny Ketelslegers <span dir="ltr"><<a
                      moz-do-not-send="true"
                      href="mailto:benny.ketelslegers@owasp.org"
                      target="_blank">benny.ketelslegers@owasp.org</a>></span>
                  wrote:<br>
                  <blockquote class="gmail_quote" style="margin:0 0 0
                    .8ex;border-left:1px #ccc solid;padding-left:1ex"> I
                    agree as well...  No vendor pitch and creative
                    commons but not to forget a non-liability clause for
                    OWASP (chapter) for the content of the presentation.
                    Although I'm not sure about legality of such an
                    agreement in other (Asian) countries. Will do some
                    research. We need to have a translated version
                    anyway and too legal sounding text is hard to
                    translate for "volunteers". For non-liability clause
                    alone, I think asking the speaker to look and agree
                    to it is important. <span></span>
                    <div> Recommend using a template is fine but I
                      rarely see it enforced, plus limits people in
                      their creativity.</div>
                    <div><br>
                    </div>
                    <div>My 2¥.</div>
                    <div><br>
                    </div>
                    <div>Best regards
                      <div>
                        <div><br>
                          <br>
                          On Thursday, March 29, 2012, Tin Zaw wrote:<br>
                        </div>
                      </div>
                      <blockquote class="gmail_quote" style="margin:0 0
                        0 .8ex;border-left:1px #ccc
                        solid;padding-left:1ex">
                        <div>
                          <div>Jim, that was what I was saying as well,
                            so I am 100% with you on it<br>
                            -- vendor neutral, and available under
                            creative commons.<br>
                            <br>
                            Content and intent are more important than
                            look of the slides. And<br>
                            supporters -- vendors, volunteers, etc. --
                            must be acknowledged.<br>
                            <br>
                            On Wed, Mar 28, 2012 at 11:14 PM, Mark
                            Bristow <<a moz-do-not-send="true">mark.bristow@owasp.org</a>>

                            wrote:<br>
                            > I think your spot on.<br>
                            ><br>
                            > -Mark<br>
                            ><br>
                            > Sent from my wireless device<br>
                            ><br>
                            > On Mar 28, 2012, at 7:08 PM, Jim Manico
                            <<a moz-do-not-send="true">jim.manico@owasp.org</a>>

                            wrote:<br>
                            ><br>
                            > Personally, I think we need to enforce,
                            strictly, only 2 points on speakers:<br>
                            ><br>
                            > 1) All presentations must be creative
                            commons.<br>
                            > 2) No vendor pitches.<br>
                            ><br>
                            > Number 1 is easy to enforce. Number 2
                            is very difficult to enforce.<br>
                            ><br>
                            > WhiteHat Security is very kindly
                            sponsoring me to fly all over the<br>
                            > country/world to give vendor-neutral
                            secure-coding creative-commons talks.<br>
                            > They asked me, very politely, to brand
                            my PowerPoints as WhiteHat<br>
                            > Security. At first, I was really
                            against this. But a few things changed my<br>
                            > mind today.<br>
                            ><br>
                            > 1) WhiteHat is paying my salary, which
                            helps support my ability to deliver<br>
                            > these talks<br>
                            > 2) I would not be able to do this if it
                            was  not for their support giving me<br>
                            > massive chunks of time to do this<br>
                            > 3) WhiteHat is also a OWASP corporate
                            sponsor and supports various OWASP<br>
                            > conferences<br>
                            > 4) They are not trying to control ANY
                            of my content; they are even helping<br>
                            > me clean up my creative-commons slide
                            decks.<br>
                            ><br>
                            > My integrity matters to me. But I am
                            starting to think that a company who<br>
                            > supports me giving a whole lot of
                            vendor-neutral creative-commons secure<br>
                            > coding talks deserves some recognition.<br>
                            ><br>
                            > Thoughts, community? Am I off base
                            here?<br>
                            ><br>
                            > --<br>
                            > Jim Manico<br>
                            > <a moz-do-not-send="true"
                              href="tel:%28808%29%20652-3805"
                              value="+18086523805" target="_blank">(808)
                              652-3805</a><br>
                            ><br>
                            ><br>
                            ><br>
                            > On Mar 29, 2012, at 12:40 AM, Thomas
                            Brennan <<a moz-do-not-send="true">tomb@owasp.org</a>>

                            wrote:<br>
                            ><br>
                            ><br>
                            > We want to make a agreement that is
                            acceptable to the goals and mission of<br>
                            > the association in raising application
                            security.<br>
                            ><br>
                            > We don't want to have a paper-tiger
                            agreement that is disregarded as to<br>
                            > complex and not enforced do we?<br>
                            ><br>
                            > Revise and alert the speakers for
                            AppSecDC AppSecUSA EMEA, LATAM etc etc..<br>
                            > If OWASP can't do this with our
                            employees and volenteers then call it what<br>
                            > Seba noted best practice.<br>
                            ><br>
                            > Content is content it's either valuable
                            or it's not, I personally don't care<br>
                            > about a logo -- in many cases they paid
                            the airfare, lodging and salary of<br>
                            > the speaker (this includes Goverment
                            and other submitters) hence if the<br>
                            > preso sucks... It still sucks.<br>
                            ><br>
                            > The agreement is what I am changellging
                            and asking the committes chapters<br>
                            > and conferences trot a health check -
                            and the rest of the leaders for there<br>
                            > input as its their organization and
                            they speak for the 160 chapters and<br>
                            > running conferences.<br>
                            ><br>
                            ><br>
                            > On Mar 28, 2012, at 6:22 PM, Jim Manico
                            <<a moz-do-not-send="true">jim.manico@owasp.org</a>>

                            wrote:<br>
                            ><br>
                            > The speaker agreement is already very
                            clear on the topic of presentation<br>
                            > branding.<br>
                            ><br>
                            > " Speakers are encouraged to include
                            their contact information when<br>
                            > introducing themselves, but may NOT
                            include their logo on any visual and<br>
                            > handout materials. Speakers are to
                            avoid any appearance of commercialism in<br>
                            > their session and presentations are to
                            be of a technical or solutions<br>
                            > emphasis."<br>
                            ><br>
                            > At least 50% of all speakers I have
                            seen violate this, including board<br>
                            > members.<br>
                            ><br>
                            > The question is, do we want to enforce
                            this policy (from Nov 2011)?<br>
                            ><br>
                            > - Jim<br>
                            ><br>
                            ><br>
                            > A general remark from my side: only use
                            the speaker agreement when in doubt.<br>
                            > We use this agreement very
                            pragmatically in Belgium and have only
                            pointed to<br>
                            > it upfront to speakers when we thought
                            a certain speaker/topic could become<br>
                            > a commercial talk.<br>
                            ><br>
                            > Otherwise: minimize the red tape :-)<br>
                            ><br>
                            > --seba<br>
                            ><br>
                            > On Wed, Mar 28, 2012 at 8:22 PM, Teresa
                            Stevens<br>
                            > <<a moz-do-not-send="true">teresa-ann-stevens@comcast.net</a>>

                            wrote:<br>
                            >><br>
                            >> I agree with Josh. Thanks,<br>
                            >><br>
                            >> Teresa Stevens, CISSP, MSIA, PMMC<br>
                            >> Information Security Specialist –
                            Team Leader<br>
                            >> San Francisco Bay Area<br>
                          </div>
                        </div>
                        >> <a moz-do-not-send="true"
                          href="tel:510-842-8868" value="+15108428868"
                          target="_blank">510-842-8868</a> (home), 510--
                        <div><br>
                          Tin Zaw, CISSP, CSSLP<br>
                          Chapter Leader and President, OWASP Los
                          Angeles Chapter<br>
                          Member, OWASP Global Chapter Committee<br>
                          Google Voice: <a moz-do-not-send="true"
                            href="tel:%28213%29%20973-9295"
                            value="+12139739295" target="_blank">(213)
                            973-9295</a><br>
                          LinkedIn: <a moz-do-not-send="true"
                            href="http://www.linkedin.com/in/tinzaw"
                            target="_blank">http://www.linkedin.com/in/tinzaw</a><br>
_______________________________________________<br>
                          OWASP-Leaders mailing list<br>
                          <a moz-do-not-send="true">OWASP-Leaders@lists.owasp.org</a><br>
                          <a moz-do-not-send="true"
                            href="https://lists.owasp.org/mailman/listinfo/owasp-leaders"
                            target="_blank">https://lists.owasp.org/mailman/listinfo/owasp-leaders</a><br>
                        </div>
                      </blockquote>
                    </div>
                    <br>
                    _______________________________________________<br>
                    OWASP-Leaders mailing list<br>
                    <a moz-do-not-send="true"
                      href="mailto:OWASP-Leaders@lists.owasp.org"
                      target="_blank">OWASP-Leaders@lists.owasp.org</a><br>
                    <a moz-do-not-send="true"
                      href="https://lists.owasp.org/mailman/listinfo/owasp-leaders"
                      target="_blank">https://lists.owasp.org/mailman/listinfo/owasp-leaders</a><br>
                    <br>
                  </blockquote>
                </div>
                <br>
              </div>
            </div>
          </div>
          <br>
          _______________________________________________<br>
          Global_conference_committee mailing list<br>
          <a moz-do-not-send="true"
            href="mailto:Global_conference_committee@lists.owasp.org">Global_conference_committee@lists.owasp.org</a><br>
          <a moz-do-not-send="true"
href="https://lists.owasp.org/mailman/listinfo/global_conference_committee"
            target="_blank">https://lists.owasp.org/mailman/listinfo/global_conference_committee</a><br>
          <br>
        </blockquote>
      </div>
      <br>
      <br clear="all">
      <br>
      -- <br>
      John Wilander, <a moz-do-not-send="true"
        href="https://twitter.com/johnwilander" target="_blank">https://twitter.com/johnwilander</a><br>
      Chapter co-leader OWASP Sweden, <a moz-do-not-send="true"
        href="http://owaspsweden.blogspot.com" target="_blank">http://owaspsweden.blogspot.com</a>
      <div> Conf Comm, <a moz-do-not-send="true"
          href="http://www.owasp.org/index.php/Global_Conferences_Committee"
          target="_blank">http://www.owasp.org/index.php/Global_Conferences_Committee</a><br>
        My music <a moz-do-not-send="true"
          href="http://www.johnwilander.com" target="_blank">http://www.johnwilander.com</a>
        & my résumé <a moz-do-not-send="true"
          href="http://johnwilander.se" target="_blank">http://johnwilander.se</a><br>
      </div>
      <br>
      <br>
      <fieldset class="mimeAttachmentHeader"></fieldset>
      <br>
      <pre wrap="">_______________________________________________
OWASP-Leaders mailing list
<a class="moz-txt-link-abbreviated" href="mailto:OWASP-Leaders@lists.owasp.org">OWASP-Leaders@lists.owasp.org</a>
<a class="moz-txt-link-freetext" href="https://lists.owasp.org/mailman/listinfo/owasp-leaders">https://lists.owasp.org/mailman/listinfo/owasp-leaders</a>
</pre>
    </blockquote>
    <br>
    <br>
  </body>
</html>