[Owasp-board] FW: SANS and OWASP partnership?

Michelle Thompson michelle.thompson at aspectsecurity.com
Thu Dec 6 20:08:20 UTC 2007


Hi Everyone,

While I was at the San Jose OWASP conference I was approached with the
possible idea of a partnership between SANS & OWASP to sponsor some kind
of event together (a one-day summit, conference, etc.) I think it might
be a great opportunity to spread the OWASP message to a larger group of
individuals.  I just wanted to get your thoughts on the idea and see if
you would like to sponsor an event together.  Information about a
possible sponsorship is below.

Thanks,
Michelle Thompson 

-----Original Message-----
From: Stephen Northcutt [mailto:stephen at sans.edu] 
Sent: Friday, November 16, 2007 2:03 PM
To: 'Fuller, Kevin R.'; allanpaller at sans.org; 'Stephen Northcutt';
'Mason Brown'
Cc: Michelle Thompson
Subject: RE: SANS and OWASP partnership?

Aloha Michelle,

In no way speaking for Alan and Mason, but from my perspective, SANS is
all
about community. We have no interest or goal to take anything *away*
from
OWASP, but rather to look for opportunities for synergy, to take the
strengths of both organizations and make something that benefits both
organizations. I know Mason has had numerous conversations with Aspect,
so I
doubt I am plowing new ground, but perchance if a new idea or concept
can
come out of this discussion, then life is very good indeed.

Thank you! S.

Stephen Northcutt, President
The SANS Technology Institute (www.sans.edu)
808.823.1375
Cyber Defense Initiative - Washington DC; 17 courses, Dec 11- 18
http://www.sans.org/info/15821

SANS Security 2008 - New Orleans, LA; 21 courses, Jan 11-19 
http://www.sans.org/info/15826

"'No manager left behind' shows through!" Oscar Peterson, Nokia


-----Original Message-----
From: Fuller, Kevin R. [mailto:KFuller at DMV.CA.gov] 
Sent: Friday, November 16, 2007 1:08 PM
To: allanpaller at sans.org; Stephen Northcutt; Mason Brown
Subject: SANS and OWASP partnership?

All,

I just got back from the OWASP conference in San Jose.  I volunteered
(The only way to go financially and socially!)and got to talk with staff
and board members.  In a conversation with their conference coordinator
(Their version of Carol Calhoun since their conference format is similar
to the Summit Series). I asked if they had ever considered approaching
SANS about partnering with SANS for a conference.  I explained that SANS
is focusing more and more on software security.  She said that they had
not but that it might be a good idea since they are focused with getting
the word out about software security.

I can see a win-win situation if you two were to partner.

SANS would gain more exposure to the developer community: OWASP is a
known entity and their audience appears to be primarily developers and
web application security specialists.  From my experience with SANS
their audience is a cross section of security industry primarily from
the OS /infrastructure arena and not so much from the development
community. It would also dovetail nicely on the current initiatives that
SANS is promoting in software security.

OWASP would benefit from being associated with SANS and would be able to
reach a greater audience of security professionals beyond the
development community. They would also expose that audience to their
many tools and programs they have for helping improve software security.
One tool I found particularly interesting was their Enterprise Security
API.  It appeared to be useful in securing many known and unknown
security type application functions as a transparent layer in the web
application when used (more to come).

Anyways, below is the information on their conference coordinator.  In
her real job she works directly for two of the board members and has
their ear on a daily basis. Or, if you would prefer to allow me to
forward a staff email address to her she can initiate the contact and
inquiry.

Michelle Thompson
913-526-5254 wk
michelle.thompson at aspectsecurity.com

Kevin Fuller
CCNP, GSNA, GCIA,GSEC, GWAS, GREM
ISD/System Test, DMV





More information about the Owasp-board mailing list