[Owasp-board] Special Request to perticipate in the sponsorship of Austin OWASP

Dinis Cruz dinis at ddplus.net
Fri Aug 10 15:20:26 UTC 2007

Hi Scott

First off all congratulations for the number of events and the quality of
the presentations.

The only problem that exists with your currently Sponsorship model is the
line : '   The sponsoring vendor has the option to present their  specific
technology that addresses one of the OWASP top 10. ', since this allows
vendors to 'buy' themselves into an OWASP event.

There is no problem in having individuals from vendors doing presentations,
but these have to be vendor neural and not 'marketing pitches in disguise' .
For example the ' Running Web Application Scans using Watchfire AppScan 7.5.'
doesn't seem to respect that spirit, where H.D. Moore is a more fuzzy case
since it is an Open Source tool with enormous education value.

What happens in other chapters is that the company sponsoring the event
(with dollar values similar to the ones you guys use) gets a reference, a
thank you note and in some locations a table where it can put some of its
marketing material (again in a soft / 'not in your face' mode)

Vendor independence is very important to OWASP and we need to be very
careful to preserve our independence

Thanks for all the good work

Let me know if I can help with anything

Dinis Cruz
Chief OWASP Evangelist

On 8/10/07, Cris Dewitt <cdewitt at indepthsec.com> wrote:
>  Scott,
> My knee jerk reaction is yuk.  No offense intended, but my "vision" is to
> use OWASP as more of a community building venue for security developers in
> the Austin area and not as a sales/networking event.  Not that networking
> doesn't happen, but it's more organic without the "sponsors".  I just want
> us to be about the code.
> The first sentence is where our opinions differ the most – I don't want
> the vendor money.  If you can connect the dots between community-building
> and the money – I'm open to listening.
> That all said, I can see where you have spent considerable thought about
> how to minimize the sales pitch, but I think the folks we are "marketing" to
> really just want to learn how to write secure code.  If there is a vendor
> that can provide knowledgeable people to explain that, bring it on.  If the
> solution is something other than writing the code better, well, I'm not so
> open to that.
> Ok, you asked for feedback.  I still luv ya' man…cd
> *From:* Foster, Scott [mailto:sfoster at austinnetworking.com]
> *Sent:* Thursday, August 09, 2007 5:17 PM
> *To:* Cris Dewitt
> *Cc:* james.wickett at ni.com
> *Subject:* Special Request to perticipate in the sponsorship of Austin
> Guys what do you think of the as a invitation to sponsor our group.  I am
> not finished but you get the idea.  Your feedback would be greatly
> appreciated.  I want to get this ready to send out to all the vendors that
> have any thing to do with web apps.   We are going to need a non-profit
> status and checking account and all that if we do this.
> ************************
> The Open Web Application Security Project (OWASP) <
> http://www.owasp.org/index.php/Austin> is an open community dedicated to
> enabling organizations to develop, purchase, and maintain applications that
> can be trusted.  We advocate approaching application security as a people,
> process, and technology problem because the most effective approaches to
> application security includes improvements in all of these areas.
> Each month here in Austin during our chapter meeting, a subject matter
> expert presents and on one of the OWASP top 10 topics <
> http://www.owasp.org/index.php/OWASP_Top_Ten> . OWASP chapter meetings are
> free and open to anyone interested in application security.
> Below are some of the meetings and topics we have had since we kicked this
> thing off in July of last year.
> *July 2007 Austin OWASP chapter meeting* - at Whole Foods. Dan Cornell
> presented on Cross Site Request Forgery
> *June 2007 Austin OWASP chapter meeting* - at National Instruments. James
> Wicket presented on Running Web Application Scans using Watchfire AppScan
> 7.5.
> *May 2007 Austin OWASP chapter meeting* - at Whole Foods Market,downtown
>  "Bullet Proof UI - A programmer's guide to the complete idiot".
> *April 2007 Austin OWASP chapter meeting* - 4/24  at National Instruments.
> H.D. Moore (creator of MetaSploit will be presenting)
> *March 2007 Austin OWASP chapter meeting* - 3/27 at National Instruments,
> A Rough Start of a Toolset for Assessing Java/J2EE Web Apps
> *January 2007 Austin Chapter Meeting<https://www.owasp.org/index.php?title=January_2007_Austin_Chapter_Meeting&action=edit>
> * - 1/30  at National Instruments, Single Sign On
> *November 2006 Austin Chapter Meeting<https://www.owasp.org/index.php?title=November_2006_Austin_Chapter_Meeting&action=edit>
> * - 11/21 at National Instruments, OPEN ID
> *October 2006 Austin Chapter Meeting<https://www.owasp.org/index.php?title=October_2006_Austin_Chapter_Meeting&action=edit>
> * - 10/31 - Web Application Threat Modeling: Understand How Attackers will
> Attempt to Exploit your App by  John Dickson and Cap Diebel
> *September 2006 Austin Chapter Meeting<https://www.owasp.org/index.php/September_2006_Austin_Chapter_Meeting>
> * - 9/26,  at Texas ACCESS Alliance building
> *August 2006 Austin Chapter Meeting<https://www.owasp.org/index.php/August_2006_Austin_Chapter_Meeting>
> * - Tuesday- 8/29  on the National Instruments campus, AJAX Security: Here
> we go again<http://www.owasp.org/index.php/Image:DenimGroup_AJAXSecurityHereWeGoAgain_Content_20060829.pdf>- Dan Cornell from Denim
> Group <http://www.denimgroup.com/>
> *Austin OWASP chapter kickoff meeting* - Thursday, 7/27
> Sponsorship opportunities:
> Just like all the other technology special interest groups we want the
> sponsors money but not the sales pitch.  So in an effort to balance the
> educational and financial needs of the group and marketing need of the
> vendor  Each month as many as 30 local developers attend the Austin OWASP
> meetings to learn about Web App threats and how to address them.  Attendees
> include developers, directors of security, vendors, consultants, as well as
> vendor product managers, and open source tool developers.   Sponsorship
> allows vendors to provide lunch for three meetings for only $ 1500.   The
> sponsoring vendor has the option to present their  specific technology that
> addresses one of the OWASP top 10.  The presentation must address how
> developers will address security thru better code and software development.
> The presentation by the vendor must explore the security vulnerability at a
> code level demonstrating how a hacker would exploit the vulnerability and
> then what best practice in code development would address the
> vulnerability.   In addition vendors who address security threats thru the
> use of proprietary Appliances and software are allowed to present their
> solution after they have defined at a code level the threat and a code
> solution.   Due to holidays and speaker scheduling the three meetings may
> not be consecutive months.    A sponsor may choose not to present if they
> wish.
> Scott Foster
> Cell: 512-590-0185
> Email:sfoster at austinnetworking.com
> LinkedIn <http://www.linkedin.com/in/fostercs12000>    Check out Austin
> OWASP <https://www.owasp.org/index.php/Austin>   Check out Austin AITP<http://www.austinaitp.org/>

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/owasp-board/attachments/20070810/68b897c7/attachment-0002.html>

More information about the Owasp-board mailing list