[Global_conference_committee] Amendments to the recently approved GCC Governance Document (was: vote thread)

Kate Hartmann kate.hartmann at owasp.org
Mon Dec 20 09:42:17 EST 2010


Tin, throughout the planning for AppSec US, you held on to the idea that
attendance would be diminished by the existence of AppSec DC which was held
6 weeks post USA.

 

In my opinion, the numbers of attendees for both events were not compromised
by an East Cost/West Coast event.  Sponsorships were not compromised either
as I am only aware of two organizations who felt like they were forced to
choose.  AppSec DC was not financially profitable, however, because they
continued the expense of a Global event from 2009 with the resources of a
Regional event.  So, honestly, I'm not sure that argument is valid.

 

LASCON was held prior to DC, was a regional event, achieved 90 new
memberships, and made a profit for the local chapters.  Next year, they plan
on adding training days to their agenda.  They have taken the start small
and grow approach which is the opposite approach of the DC planning team -
start big and maintain.

 

During the planning for AppSec US, it became very evident that we had grown
to the point that we should not feel obligated to limit our events.  The
phrase "There are plenty of attendees for everyone" was one I hear repeated
over and over.

 

I think that by limiting the events that are being held globally and
tripping ourselves over a name, we run the risk of deflating the enthusiasm
of the hundreds of chapter leaders who's primary goal is not necessarily to
turn a profit, or promote themselves (although that is often a nice benefit
of hosting an event) but to support the mission of OWASP, increase
membership, and increase interest in their local area.

 

I have participated in most of the larger conferences and have helped many
other leaders with local activities.  Sometimes support is just a bag of
pens and a banner, other times it's covering the cost of printing flyers.
Sometimes it's bigger like working on a venue.

 

I think we really need to take a look at our mission.  Instead of looking at
ways to restrict activity and Foundation support, we need to look at
opportunities to increase support - especially to the regional events.  

 

It is up to us, as the "Global Committee" to promote the events in whatever
category they fall.  We should promote the regional events as regional
events through local lists and local companies.  The Global events are
promoted on a bigger scale.

 

I'm just getting worried that we are derailing from what the conferences
committee should focus on.  There needs to be guidelines and the committee
guidelines are awesome. 

 

I am looking forward to the definition of the core values so we can map our
decisions against that.

 

Kate Hartmann

Operations Director

301-275-9403

 <http://www.owasp.org/> www.owasp.org 

Skype:  Kate.hartmann1

 

From: global_conference_committee-bounces at lists.owasp.org
[mailto:global_conference_committee-bounces at lists.owasp.org] On Behalf Of
Tin Zaw
Sent: Sunday, December 19, 2010 9:19 PM
To: Mark Bristow
Cc: global_conference_committee; Eoin
Subject: Re: [Global_conference_committee] Amendments to the recently
approved GCC Governance Document (was: vote thread)

 

Let me discuss it from the potential attendee's perspective. 

 

It is very confusing. 

 

OWASP Global AppSec USA is a bloated, oxymoron term. 

 

If I am an OWASP member in France, what's the difference between AppSec
Europe and AppSec Ireland?

 

If I am an OWASP member in Texas, should I go to AppSec USA or AppSec DC,
given that travel costs will be about the same, and both conferences have
similar content.

 

If we are not careful, we are splitting the potential attendees. At AppSec
USA 2010, 50% of the attendees are from California. Should California have
its own Tier 1 AppSec? 

 

 

On Sun, Dec 19, 2010 at 5:04 PM, Mark Bristow <mark.bristow at owasp.org>
wrote:

I am for having a distinct name for the Tier 1 Conferences so they are
easily identified.  At first, trying to limit the use of AppSec seemed like
a good strategy, but it messes up existing branding and is basically
un-enforceable.  Starting with a new term "Global AppSec" fills the bill for
me if we limit it to the events I described.  And I think it will be easier
to enforce a "new" term.  This will also be important for "Global
Sponsorships".

 

Re the GCC Compliance check.  They way I would like it to work is, not only
do you get no Foundation support if you do not clear with us first, but your
in violation of OWASP branding rules.  I think it's important that the GCC
discuss applications for Global AppSec and Regional events and
approve/move/deny them as appropriate (funds, linup to mission ect).  For
local events, I think a "default permit" policy is more appropriate where
the GCC has a limited opportunity window (say a week) to object otherwise it
goes forward.

 

On Sun, Dec 19, 2010 at 7:54 PM, John Wilander <john.wilander at owasp.org>
wrote:

Not sure I understand, Mark. Are you for or against future regional AppSecs?
:)

 

If we allow for new regional AppSecs I'd love to make that our way to
enforce GCC compliance. If you make contact with the GCC only a month before
your event, skip the event system, do local money transfers, don't accept
OWASP's global sponsors, or don't have an OWASP booth ... you cannot call
yourself OWASP AppSec.

I understand that there might be confusion regarding the AppSec name. But I
think the addition of "Global" was intended to solve that. If we truly
believe that "Global" won't do the trick I think we should have the same
rules for all, regardless of history.

 

(Dinis, you were cut out of the loop. Don't know why. Added you back in.)

 

   /John

 

2010/12/20 Mark Bristow <mark.bristow at owasp.org>

 

Personally I'm not that sticky about the AppSec name being used by regional
cons.  However the Global AppSec title should be reserved for the class 1
events in North America, South America, Europe and Asia each year.

On Sun, Dec 19, 2010 at 7:38 PM, John Wilander <john.wilander at owasp.org>
wrote:

2010/12/20 Lucas Ferreira <lucas.ferreira at owasp.org>

 

John,

Doesn't the new OWASP Global AppSec name solve this issue?

 

No. Check the plan thread and you'll see that there's a policy change
clearly stating that the OWASP AppSec "title can only be used by global
cons, and by conferences who have already used this name twice by the end of
2011, moving forward, only new Global AppSecs can use this name".

 

So from now on only the lucky ones who managed to use the AppSec name
regionally twice before 2012 get to use it in the future. So we know there
will never be an AppSec Nordic, an AppSec France or an AppSec Argentina.

 

I think this is a biased decision. Either we allow for future regional
AppSecs (my vote) or we kill them all.

 

Quote from the plan thread:

Policy Changes

.         Change Conference Types to include:

o    OWASP Global AppSec Conferences (Currently AppSec Conferences)

o    OWASP AppSec Conferences (Title can only be used by global cons, and by
conferences who have already used this name twice by the end of 2011, moving
forward, only new Global AppSecs can use this name)

o    OWASP Regional/Theme Conference (currently Regional, DROP all regional
cons will now have to have a unique theme,

-- 

John Wilander, https://twitter.com/johnwilander
Chapter co-leader OWASP Sweden, http://owaspsweden.blogspot.com

Co-organizer Global Summit, http://www.owasp.org/index.php/Summit_2011

Conf Comm, http://www.owasp.org/index.php/Global_Conferences_Committee

 

 

_______________________________________________
Global_conference_committee mailing list
Global_conference_committee at lists.owasp.org
https://lists.owasp.org/mailman/listinfo/global_conference_committee




-- 

Mark Bristow
(703) 596-5175
mark.bristow at owasp.org

OWASP Global Conferences Committee Chair - http://is.gd/5MTvF
OWASP DC Chapter Co-Chair - http://is.gd/5MTwu
AppSec DC Organizer - https://www.appsecdc.org




-- 
John Wilander, https://twitter.com/johnwilander
Chapter co-leader OWASP Sweden, http://owaspsweden.blogspot.com

Co-organizer Global Summit, http://www.owasp.org/index.php/Summit_2011

Conf Comm, http://www.owasp.org/index.php/Global_Conferences_Committee

 




-- 
Mark Bristow
(703) 596-5175
mark.bristow at owasp.org

OWASP Global Conferences Committee Chair - http://is.gd/5MTvF
OWASP DC Chapter Co-Chair - http://is.gd/5MTwu
AppSec DC Organizer - https://www.appsecdc.org


_______________________________________________
Global_conference_committee mailing list
Global_conference_committee at lists.owasp.org
https://lists.owasp.org/mailman/listinfo/global_conference_committee




-- 
Tin Zaw, CISSP, CSSLP
Chapter Leader and President, OWASP Los Angeles Chapter
Google Voice: (213) 973-9295
LinkedIn: http://www.linkedin.com/in/tinzaw

-------------- next part --------------
An HTML attachment was scrubbed...
URL: https://lists.owasp.org/pipermail/global_conference_committee/attachments/20101220/177f2ac9/attachment-0001.html 


More information about the Global_conference_committee mailing list