[Owasp-board] Special Request to perticipate in the sponsorship of Austin OWASP

Foster, Scott sfoster at austinnetworking.com
Thu Aug 23 16:49:01 UTC 2007

Great feedback guys.    Just trying to find a way to get a free lunch
provided.  I think that I will drop it for now.  I am not sure I have
time right now to give this any more energy.  If there is a good policy
that other chapters have come up?    I just need something to refer
vendors to when they ask to sponsor our meetings.   


I think that for now I will just tell folks that we don't allow sponsors
and evaluate if they  have something "worthy" to present.  

Scott Foster
Cell: 512-590-0185
Email:sfoster at austinnetworking.com
LinkedIn <http://www.linkedin.com/in/fostercs12000>     Check out Austin
OWASP <https://www.owasp.org/index.php/Austin>    Check out Austin AITP


From: Dinis Cruz [mailto:dinis at ddplus.net] 
Sent: Friday, August 10, 2007 8:20 AM
To: Foster, Scott
Cc: james.wickett at ni.com; OWASP Board; Cris Dewitt; Sebastien
Subject: Re: Special Request to perticipate in the sponsorship of Austin


Hi Scott

First off all congratulations for the number of events and the quality
of the presentations.

The only problem that exists with your currently Sponsorship model is
the line : '   The sponsoring vendor has the option to present their
specific technology that addresses one of the OWASP top 10. ', since
this allows vendors to 'buy' themselves into an OWASP event.

There is no problem in having individuals from vendors doing
presentations, but these have to be vendor neural and not 'marketing
pitches in disguise' . For example the ' Running Web Application Scans
using Watchfire AppScan 7.5.' doesn't seem to respect that spirit, where
H.D. Moore is a more fuzzy case since it is an Open Source tool with
enormous education value. 

What happens in other chapters is that the company sponsoring the event
(with dollar values similar to the ones you guys use) gets a reference,
a thank you note and in some locations a table where it can put some of
its marketing material (again in a soft / 'not in your face' mode) 

Vendor independence is very important to OWASP and we need to be very
careful to preserve our independence

Thanks for all the good work

Let me know if I can help with anything

Dinis Cruz
Chief OWASP Evangelist

On 8/10/07, Cris Dewitt <cdewitt at indepthsec.com> wrote:



My knee jerk reaction is yuk.  No offense intended, but my "vision" is
to use OWASP as more of a community building venue for security
developers in the Austin area and not as a sales/networking event.  Not
that networking doesn't happen, but it's more organic without the
"sponsors".  I just want us to be about the code.


The first sentence is where our opinions differ the most - I don't want
the vendor money.  If you can connect the dots between
community-building and the money - I'm open to listening.  


That all said, I can see where you have spent considerable thought about
how to minimize the sales pitch, but I think the folks we are
"marketing" to really just want to learn how to write secure code.  If
there is a vendor that can provide knowledgeable people to explain that,
bring it on.  If the solution is something other than writing the code
better, well, I'm not so open to that.


Ok, you asked for feedback.  I still luv ya' man...cd


From: Foster, Scott [mailto:sfoster at austinnetworking.com] 
Sent: Thursday, August 09, 2007 5:17 PM
To: Cris Dewitt
Cc: james.wickett at ni.com
Subject: Special Request to perticipate in the sponsorship of Austin


Guys what do you think of the as a invitation to sponsor our group.  I
am not finished but you get the idea.  Your feedback would be greatly
appreciated.  I want to get this ready to send out to all the vendors
that have any thing to do with web apps.   We are going to need a
non-profit status and checking account and all that if we do this.  



The Open Web Application Security Project (OWASP)
<http://www.owasp.org/index.php/Austin> is an open community dedicated
to enabling organizations to develop, purchase, and maintain
applications that can be trusted.  We advocate approaching application
security as a people, process, and technology problem because the most
effective approaches to application security includes improvements in
all of these areas.


Each month here in Austin during our chapter meeting, a subject matter
expert presents and on one of the OWASP top 10 topics
<http://www.owasp.org/index.php/OWASP_Top_Ten> . OWASP chapter meetings
are free and open to anyone interested in application security. 


Below are some of the meetings and topics we have had since we kicked
this thing off in July of last year.  

July 2007 Austin OWASP chapter meeting - at Whole Foods. Dan Cornell
presented on Cross Site Request Forgery 
June 2007 Austin OWASP chapter meeting - at National Instruments. James
Wicket presented on Running Web Application Scans using Watchfire
AppScan 7.5.
May 2007 Austin OWASP chapter meeting - at Whole Foods Market,downtown
"Bullet Proof UI - A programmer's guide to the complete idiot".
April 2007 Austin OWASP chapter meeting - 4/24  at National Instruments.
H.D. Moore (creator of MetaSploit will be presenting) 
March 2007 Austin OWASP chapter meeting - 3/27 at National Instruments,
A Rough Start of a Toolset for Assessing Java/J2EE Web Apps
January 2007 Austin Chapter Meeting
ng&action=edit>  - 1/30  at National Instruments, Single Sign On 
November 2006 Austin Chapter Meeting
ing&action=edit>  - 11/21 at National Instruments, OPEN ID
October 2006 Austin Chapter Meeting
ng&action=edit>  - 10/31 - Web Application Threat Modeling: Understand
How Attackers will Attempt to Exploit your App by  John Dickson and Cap
September 2006 Austin Chapter Meeting
- 9/26,  at Texas ACCESS Alliance building 
August 2006 Austin Chapter Meeting
<https://www.owasp.org/index.php/August_2006_Austin_Chapter_Meeting>  -
Tuesday- 8/29  on the National Instruments campus, AJAX Security: Here
we go again
in_Content_20060829.pdf>  - Dan Cornell from Denim Group
Austin OWASP chapter kickoff meeting - Thursday, 7/27


Sponsorship opportunities:

Just like all the other technology special interest groups we want the
sponsors money but not the sales pitch.  So in an effort to balance the
educational and financial needs of the group and marketing need of the
vendor  Each month as many as 30 local developers attend the Austin
OWASP meetings to learn about Web App threats and how to address them.
Attendees include developers, directors of security, vendors,
consultants, as well as vendor product managers, and open source tool
developers.   Sponsorship allows vendors to provide lunch for three
meetings for only $ 1500.   The sponsoring vendor has the option to
present their  specific technology that addresses one of the OWASP top
10.  The presentation must address how developers will address security
thru better code and software development.  The presentation by the
vendor must explore the security vulnerability at a code level
demonstrating how a hacker would exploit the vulnerability and then what
best practice in code development would address the vulnerability.   In
addition vendors who address security threats thru the use of
proprietary Appliances and software are allowed to present their
solution after they have defined at a code level the threat and a code
solution.   Due to holidays and speaker scheduling the three meetings
may not be consecutive months.    A sponsor may choose not to present if
they wish.  

Scott Foster
Cell: 512-590-0185
Email:sfoster at austinnetworking.com
LinkedIn <http://www.linkedin.com/in/fostercs12000>      Check out
Austin OWASP <https://www.owasp.org/index.php/Austin>    Check out
Austin AITP <http://www.austinaitp.org/> 



-------------- next part --------------
An HTML attachment was scrubbed...
URL: https://lists.owasp.org/pipermail/owasp-board/attachments/20070823/8016f7af/attachment-0001.html 

More information about the Owasp-board mailing list