[Owasp-board] FW: SANS and OWASP partnership?

Sebastien Deleersnyder seba at deleersnyder.eu
Sat Dec 22 05:50:29 UTC 2007


Any thoughts on the question below?
I am pro doing something together with SANS. They have a good reputation in



-----Original Message-----
From: owasp-board-bounces at lists.owasp.org
[mailto:owasp-board-bounces at lists.owasp.org] On Behalf Of Michelle Thompson
Sent: donderdag 6 december 2007 21:08
To: owasp-board at lists.owasp.org; Alison McNamee
Subject: [Owasp-board] FW: SANS and OWASP partnership?

Hi Everyone,

While I was at the San Jose OWASP conference I was approached with the
possible idea of a partnership between SANS & OWASP to sponsor some kind
of event together (a one-day summit, conference, etc.) I think it might
be a great opportunity to spread the OWASP message to a larger group of
individuals.  I just wanted to get your thoughts on the idea and see if
you would like to sponsor an event together.  Information about a
possible sponsorship is below.

Michelle Thompson 

-----Original Message-----
From: Stephen Northcutt [mailto:stephen at sans.edu] 
Sent: Friday, November 16, 2007 2:03 PM
To: 'Fuller, Kevin R.'; allanpaller at sans.org; 'Stephen Northcutt';
'Mason Brown'
Cc: Michelle Thompson
Subject: RE: SANS and OWASP partnership?

Aloha Michelle,

In no way speaking for Alan and Mason, but from my perspective, SANS is
about community. We have no interest or goal to take anything *away*
OWASP, but rather to look for opportunities for synergy, to take the
strengths of both organizations and make something that benefits both
organizations. I know Mason has had numerous conversations with Aspect,
so I
doubt I am plowing new ground, but perchance if a new idea or concept
come out of this discussion, then life is very good indeed.

Thank you! S.

Stephen Northcutt, President
The SANS Technology Institute (www.sans.edu)
Cyber Defense Initiative - Washington DC; 17 courses, Dec 11- 18

SANS Security 2008 - New Orleans, LA; 21 courses, Jan 11-19 

"'No manager left behind' shows through!" Oscar Peterson, Nokia

-----Original Message-----
From: Fuller, Kevin R. [mailto:KFuller at DMV.CA.gov] 
Sent: Friday, November 16, 2007 1:08 PM
To: allanpaller at sans.org; Stephen Northcutt; Mason Brown
Subject: SANS and OWASP partnership?


I just got back from the OWASP conference in San Jose.  I volunteered
(The only way to go financially and socially!)and got to talk with staff
and board members.  In a conversation with their conference coordinator
(Their version of Carol Calhoun since their conference format is similar
to the Summit Series). I asked if they had ever considered approaching
SANS about partnering with SANS for a conference.  I explained that SANS
is focusing more and more on software security.  She said that they had
not but that it might be a good idea since they are focused with getting
the word out about software security.

I can see a win-win situation if you two were to partner.

SANS would gain more exposure to the developer community: OWASP is a
known entity and their audience appears to be primarily developers and
web application security specialists.  From my experience with SANS
their audience is a cross section of security industry primarily from
the OS /infrastructure arena and not so much from the development
community. It would also dovetail nicely on the current initiatives that
SANS is promoting in software security.

OWASP would benefit from being associated with SANS and would be able to
reach a greater audience of security professionals beyond the
development community. They would also expose that audience to their
many tools and programs they have for helping improve software security.
One tool I found particularly interesting was their Enterprise Security
API.  It appeared to be useful in securing many known and unknown
security type application functions as a transparent layer in the web
application when used (more to come).

Anyways, below is the information on their conference coordinator.  In
her real job she works directly for two of the board members and has
their ear on a daily basis. Or, if you would prefer to allow me to
forward a staff email address to her she can initiate the contact and

Michelle Thompson
913-526-5254 wk
michelle.thompson at aspectsecurity.com

Kevin Fuller
ISD/System Test, DMV

Owasp-board mailing list
Owasp-board at lists.owasp.org

No virus found in this incoming message.
Checked by AVG Free Edition. 
Version: 7.5.503 / Virus Database: 269.16.15/1173 - Release Date: 5/12/2007

More information about the Owasp-board mailing list