[Global_conference_committee] OWASP Conferences & Demos & Open Source Projects

Michael Coates michael.coates at owasp.org
Fri Jun 17 12:04:36 EDT 2011


Here are some more concrete ideas on the Open Source Demo Area.  The ideas for the OWASP Projects could also work well at the blackhat demo space we are pursuing. 

1. Overall Messaging
Key message is that this area is to promote free and open material.  Ideally we could limit to groups that have nothing to sell. However, if we choose to include any "hybrid" companies (example: Burp is free but offers paid upgrade) then we must stress that this is not a booth to sell anything. Simply demo and showcase a commitment to free open products for app security.

2. Potential Targets
- OWASP Projects - Open to anyone that nominates. Need some sort of process to decide based on available space (see below)
- Open Source Projects - Mozilla, Apache Django, Spring, Ruby on Rails,
- Community Focused Projects - Google Reps for Google Summer of Code Project?, Hackers for Charity?
- Sort of Free Projects - Burp, Snort

3. Selection Process for OWASP Projects
Two options here:
1 - Project rep is present at a booth to talk about their project, demo it and more
2 - Project rep will not be at AppSecUSA at all and instead sends a 2 minute video that demos & introduces project. These can loop unattended on a large screen at the OWASP Projects booth.

4. Logistics
One idea is to send out a google submission form which allows projects to self nominate themselves.  We could either setup individual booths per selected project or we could have an "OWASP Projects" booth (or two) that has multiple computers with demos, project leads, and printed take aways with project info. In addition we could have one large computer screen that loops through video demos that have been submitted by other OWASP projects that are not in physical attendance.

Here are a few ideas for the google nomination form:
- Will your have a running demo of your tool/code/project?
- Will you have printed 1-page take away leaflets for your project?
- Will you be present in person or are you submitting a video to run unattended?

We should also standardize on the video format. That could get messy otherwise.  An idea I've seen in the past is to ask for youtube links.  Its pretty easy to setup a playlist of youtube videos and then we're guaranteed that the material will play.

Michael Coates

On Jun 13, 2011, at 7:11 PM, Lorna Alamri wrote:

> Hey Michael,
> Do you have time to discuss this sometime this week? 
> Lorna
> -----Original Message-----
> From: Michael Coates [mailto:michael.coates at owasp.org] 
> Sent: Thursday, June 09, 2011 5:13 PM
> To: Lorna Alamri; Adam Baso; Sarah Baso
> Cc: global_conference_committee
> Subject: OWASP Conferences & Demos & Open Source Projects
> I've got another question and an idea.  Copying in global conference
> committee (hope email gets through and doesn't bounce)
> 1. I saw that blackhat is doing a demo area where people can demonstrate
> different technologies that they're working on. The difference between this
> and a vendor area is whether or not the demo'ed technology, or really
> anything at all, is being sold.
> https://www.blackhat.com/html/bh-us-11/bh-us-11-arsenal.html
> Have we thought about this idea?  Mozilla would love to demo MozSecureWorld
> - an open source web app demonstrating fully functioning security controls
> I imagine other open source groups or independent OWASP people would love to
> demo their projects too.  The trick would be to separate this from the
> normal conference supporter setup which requires money. I think the
> distinction is whether or not the individual or company is trying to sell
> anything (e.g. are they an independent person with a cool open source demo
> or another non-profit?)
> 2. Free demo space for open source projects.  This somewhat place into the
> above idea, but should we think about advertising free demo space for any
> open source project (django, tomcat, etc)? (Yes, I'm definitely somewhat
> biased being at Mozilla - but I think it would be a cool idea to push that
> OWASP is open and other open orgs can come to our conferences and demo stuff
> for free). Perhaps they still pay normal conference attendance fees but then
> get a booth and a logo on the web site under "Open Source Projects in
> Attendance" 
> Michael Coates

More information about the Global_conference_committee mailing list