[Owasp-board] Special Request to perticipate in the sponsorship of Austin OWASP

Dinis Cruz dinis at ddplus.net
Mon Aug 27 02:58:04 UTC 2007


ok thanks

Let's continue to work on the correct balance in the sponsorship of these
events, since this is a problem that is currently occurring very regularly


Dinis Cruz
Chief OWASP Evangelist
http://www.owasp.org

On 8/23/07, Foster, Scott <sfoster at austinnetworking.com> wrote:
>
>  Great feedback guys.    Just trying to find a way to get a free lunch
> provided.  I think that I will drop it for now.  I am not sure I have time
> right now to give this any more energy.  If there is a good policy that
> other chapters have come up?    I just need something to refer vendors to
> when they ask to sponsor our meetings.
>
>
>
> I think that for now I will just tell folks that we don't allow sponsors
> and evaluate if they  have something "worthy" to present.
>
> Scott Foster
> Cell: 512-590-0185
> Email:sfoster at austinnetworking.com
> LinkedIn <http://www.linkedin.com/in/fostercs12000>    Check out Austin
> OWASP <https://www.owasp.org/index.php/Austin>   Check out Austin AITP<http://www.austinaitp.org/>
>
>
>
> *From:* Dinis Cruz [mailto:dinis at ddplus.net]
> *Sent:* Friday, August 10, 2007 8:20 AM
> *To:* Foster, Scott
> *Cc:* james.wickett at ni.com; OWASP Board; Cris Dewitt; Sebastien
> Deleersnyder
> *Subject:* Re: Special Request to perticipate in the sponsorship of Austin
> OWASP
>
>
>
> Hi Scott
>
> First off all congratulations for the number of events and the quality of
> the presentations.
>
> The only problem that exists with your currently Sponsorship model is the
> line : *'   The sponsoring vendor has the option to present their
>  specific technology that addresses one of the OWASP top 10. *', since
> this allows vendors to 'buy' themselves into an OWASP event.
>
> There is no problem in having individuals from vendors doing
> presentations, but these have to be vendor neural and not 'marketing pitches
> in disguise' . For example the ' Running Web Application Scans using
> Watchfire AppScan 7.5.' doesn't seem to respect that spirit, where H.D.
> Moore is a more fuzzy case since it is an Open Source tool with enormous
> education value.
>
> What happens in other chapters is that the company sponsoring the event
> (with dollar values similar to the ones you guys use) gets a reference, a
> thank you note and in some locations a table where it can put some of its
> marketing material (again in a soft / 'not in your face' mode)
>
> Vendor independence is very important to OWASP and we need to be very
> careful to preserve our independence
>
> Thanks for all the good work
>
> Let me know if I can help with anything
>
>
> Dinis Cruz
> Chief OWASP Evangelist
> http://www.owasp.org
>
> On 8/10/07, *Cris Dewitt* <cdewitt at indepthsec.com> wrote:
>
> Scott,
>
>
>
> My knee jerk reaction is yuk.  No offense intended, but my "vision" is to
> use OWASP as more of a community building venue for security developers in
> the Austin area and not as a sales/networking event.  Not that networking
> doesn't happen, but it's more organic without the "sponsors".  I just want
> us to be about the code.
>
>
>
> The first sentence is where our opinions differ the most – I don't want
> the vendor money.  If you can connect the dots between community-building
> and the money – I'm open to listening.
>
>
>
> That all said, I can see where you have spent considerable thought about
> how to minimize the sales pitch, but I think the folks we are "marketing" to
> really just want to learn how to write secure code.  If there is a vendor
> that can provide knowledgeable people to explain that, bring it on.  If the
> solution is something other than writing the code better, well, I'm not so
> open to that.
>
>
>
> Ok, you asked for feedback.  I still luv ya' man…cd
>
>
>
> *From:* Foster, Scott [mailto:sfoster at austinnetworking.com]
> *Sent:* Thursday, August 09, 2007 5:17 PM
> *To:* Cris Dewitt
> *Cc:* james.wickett at ni.com
> *Subject:* Special Request to perticipate in the sponsorship of Austin
> OWASP
>
>
>
> Guys what do you think of the as a invitation to sponsor our group.  I am
> not finished but you get the idea.  Your feedback would be greatly
> appreciated.  I want to get this ready to send out to all the vendors that
> have any thing to do with web apps.   We are going to need a non-profit
> status and checking account and all that if we do this.
>
>
>
> ************************
>
> The Open Web Application Security Project (OWASP) <
> http://www.owasp.org/index.php/Austin> is an open community dedicated to
> enabling organizations to develop, purchase, and maintain applications that
> can be trusted.  We advocate approaching application security as a people,
> process, and technology problem because the most effective approaches to
> application security includes improvements in all of these areas.
>
>
>
> Each month here in Austin during our chapter meeting, a subject matter
> expert presents and on one of the OWASP top 10 topics <
> http://www.owasp.org/index.php/OWASP_Top_Ten> . OWASP chapter meetings are
> free and open to anyone interested in application security.
>
>
>
> Below are some of the meetings and topics we have had since we kicked this
> thing off in July of last year.
>
> *July 2007 Austin OWASP chapter meeting* - at Whole Foods. Dan Cornell
> presented on Cross Site Request Forgery
> *June 2007 Austin OWASP chapter meeting* - at National Instruments. James
> Wicket presented on Running Web Application Scans using Watchfire AppScan
> 7.5.
> *May 2007 Austin OWASP chapter meeting* - at Whole Foods Market,downtown
>  "Bullet Proof UI - A programmer's guide to the complete idiot".
> *April 2007 Austin OWASP chapter meeting* - 4/24  at National Instruments.
> H.D. Moore (creator of MetaSploit will be presenting)
> *March 2007 Austin OWASP chapter meeting* - 3/27 at National Instruments,
> A Rough Start of a Toolset for Assessing Java/J2EE Web Apps
> *January 2007 Austin Chapter Meeting<https://www.owasp.org/index.php?title=January_2007_Austin_Chapter_Meeting&action=edit>
> * - 1/30  at National Instruments, Single Sign On
> *November 2006 Austin Chapter Meeting<https://www.owasp.org/index.php?title=November_2006_Austin_Chapter_Meeting&action=edit>
> * - 11/21 at National Instruments, OPEN ID
> *October 2006 Austin Chapter Meeting<https://www.owasp.org/index.php?title=October_2006_Austin_Chapter_Meeting&action=edit>
> * - 10/31 - Web Application Threat Modeling: Understand How Attackers will
> Attempt to Exploit your App by  John Dickson and Cap Diebel
> *September 2006 Austin Chapter Meeting<https://www.owasp.org/index.php/September_2006_Austin_Chapter_Meeting>
> * - 9/26,  at Texas ACCESS Alliance building
> *August 2006 Austin Chapter Meeting<https://www.owasp.org/index.php/August_2006_Austin_Chapter_Meeting>
> * - Tuesday- 8/29  on the National Instruments campus, AJAX Security: Here
> we go again<http://www.owasp.org/index.php/Image:DenimGroup_AJAXSecurityHereWeGoAgain_Content_20060829.pdf>- Dan Cornell from Denim
> Group <http://www.denimgroup.com/>
> *Austin OWASP chapter kickoff meeting* - Thursday, 7/27
>
>
>
> Sponsorship opportunities:
>
> Just like all the other technology special interest groups we want the
> sponsors money but not the sales pitch.  So in an effort to balance the
> educational and financial needs of the group and marketing need of the
> vendor  Each month as many as 30 local developers attend the Austin OWASP
> meetings to learn about Web App threats and how to address them.  Attendees
> include developers, directors of security, vendors, consultants, as well as
> vendor product managers, and open source tool developers.   Sponsorship
> allows vendors to provide lunch for three meetings for only $ 1500.   The
> sponsoring vendor has the option to present their  specific technology that
> addresses one of the OWASP top 10.  The presentation must address how
> developers will address security thru better code and software development.
> The presentation by the vendor must explore the security vulnerability at a
> code level demonstrating how a hacker would exploit the vulnerability and
> then what best practice in code development would address the
> vulnerability.   In addition vendors who address security threats thru the
> use of proprietary Appliances and software are allowed to present their
> solution after they have defined at a code level the threat and a code
> solution.   Due to holidays and speaker scheduling the three meetings may
> not be consecutive months.    A sponsor may choose not to present if they
> wish.
>
> Scott Foster
> Cell: 512-590-0185
> Email:sfoster at austinnetworking.com
> LinkedIn <http://www.linkedin.com/in/fostercs12000>     Check out Austin
> OWASP <https://www.owasp.org/index.php/Austin>   Check out Austin AITP<http://www.austinaitp.org/>
>
>
>
>
>
>
> --
>



--
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/owasp-board/attachments/20070827/9d060866/attachment-0002.html>


More information about the Owasp-board mailing list