[Owasp-board] FW: SANS and OWASP partnership?

Jeff Williams jeff.williams at owasp.org
Wed Dec 26 02:12:05 UTC 2007


I'm not crazy about doing anything "with" SANS. It's become clear to me that
they're purely in appsec for profit, and that they don't care about what's
best for the world. I don't believe that they will help us.

--Jeff

-----Original Message-----
From: owasp-board-bounces at lists.owasp.org
[mailto:owasp-board-bounces at lists.owasp.org] On Behalf Of Dave Wichers
Sent: Saturday, December 22, 2007 9:05 AM
To: owasp-board at lists.owasp.org
Cc: Michelle Thompson
Subject: Re: [Owasp-board] FW: SANS and OWASP partnership?

Thanks for the reminder. I think we should explore doing something with them
too. I have existing personal contacts with Allan Pallar and Mason Brown so
I'll start a dialog with them in Jan and I'll get Alison involved to help
organize something.

Thanks, Dave

-----Original Message-----
From: owasp-board-bounces at lists.owasp.org
[mailto:owasp-board-bounces at lists.owasp.org] On Behalf Of Sebastien
Deleersnyder
Sent: Saturday, December 22, 2007 12:50 AM
To: owasp-board at lists.owasp.org
Subject: Re: [Owasp-board] FW: SANS and OWASP partnership?

Board,

Any thoughts on the question below?
I am pro doing something together with SANS. They have a good reputation in
Belgium.

Regards

Seba

-----Original Message-----
From: owasp-board-bounces at lists.owasp.org
[mailto:owasp-board-bounces at lists.owasp.org] On Behalf Of Michelle Thompson
Sent: donderdag 6 december 2007 21:08
To: owasp-board at lists.owasp.org; Alison McNamee
Subject: [Owasp-board] FW: SANS and OWASP partnership?

Hi Everyone,

While I was at the San Jose OWASP conference I was approached with the
possible idea of a partnership between SANS & OWASP to sponsor some kind
of event together (a one-day summit, conference, etc.) I think it might
be a great opportunity to spread the OWASP message to a larger group of
individuals.  I just wanted to get your thoughts on the idea and see if
you would like to sponsor an event together.  Information about a
possible sponsorship is below.

Thanks,
Michelle Thompson 

-----Original Message-----
From: Stephen Northcutt [mailto:stephen at sans.edu] 
Sent: Friday, November 16, 2007 2:03 PM
To: 'Fuller, Kevin R.'; allanpaller at sans.org; 'Stephen Northcutt';
'Mason Brown'
Cc: Michelle Thompson
Subject: RE: SANS and OWASP partnership?

Aloha Michelle,

In no way speaking for Alan and Mason, but from my perspective, SANS is
all
about community. We have no interest or goal to take anything *away*
from
OWASP, but rather to look for opportunities for synergy, to take the
strengths of both organizations and make something that benefits both
organizations. I know Mason has had numerous conversations with Aspect,
so I
doubt I am plowing new ground, but perchance if a new idea or concept
can
come out of this discussion, then life is very good indeed.

Thank you! S.

Stephen Northcutt, President
The SANS Technology Institute (www.sans.edu)
808.823.1375
Cyber Defense Initiative - Washington DC; 17 courses, Dec 11- 18
http://www.sans.org/info/15821

SANS Security 2008 - New Orleans, LA; 21 courses, Jan 11-19 
http://www.sans.org/info/15826

"'No manager left behind' shows through!" Oscar Peterson, Nokia


-----Original Message-----
From: Fuller, Kevin R. [mailto:KFuller at DMV.CA.gov] 
Sent: Friday, November 16, 2007 1:08 PM
To: allanpaller at sans.org; Stephen Northcutt; Mason Brown
Subject: SANS and OWASP partnership?

All,

I just got back from the OWASP conference in San Jose.  I volunteered
(The only way to go financially and socially!)and got to talk with staff
and board members.  In a conversation with their conference coordinator
(Their version of Carol Calhoun since their conference format is similar
to the Summit Series). I asked if they had ever considered approaching
SANS about partnering with SANS for a conference.  I explained that SANS
is focusing more and more on software security.  She said that they had
not but that it might be a good idea since they are focused with getting
the word out about software security.

I can see a win-win situation if you two were to partner.

SANS would gain more exposure to the developer community: OWASP is a
known entity and their audience appears to be primarily developers and
web application security specialists.  From my experience with SANS
their audience is a cross section of security industry primarily from
the OS /infrastructure arena and not so much from the development
community. It would also dovetail nicely on the current initiatives that
SANS is promoting in software security.

OWASP would benefit from being associated with SANS and would be able to
reach a greater audience of security professionals beyond the
development community. They would also expose that audience to their
many tools and programs they have for helping improve software security.
One tool I found particularly interesting was their Enterprise Security
API.  It appeared to be useful in securing many known and unknown
security type application functions as a transparent layer in the web
application when used (more to come).

Anyways, below is the information on their conference coordinator.  In
her real job she works directly for two of the board members and has
their ear on a daily basis. Or, if you would prefer to allow me to
forward a staff email address to her she can initiate the contact and
inquiry.

Michelle Thompson
913-526-5254 wk
michelle.thompson at aspectsecurity.com

Kevin Fuller
CCNP, GSNA, GCIA,GSEC, GWAS, GREM
ISD/System Test, DMV


_______________________________________________
Owasp-board mailing list
Owasp-board at lists.owasp.org
https://lists.owasp.org/mailman/listinfo/owasp-board



-- 
No virus found in this incoming message.
Checked by AVG Free Edition. 
Version: 7.5.503 / Virus Database: 269.16.15/1173 - Release Date: 5/12/2007
21:29


_______________________________________________
Owasp-board mailing list
Owasp-board at lists.owasp.org
https://lists.owasp.org/mailman/listinfo/owasp-board


_______________________________________________
Owasp-board mailing list
Owasp-board at lists.owasp.org
https://lists.owasp.org/mailman/listinfo/owasp-board





More information about the Owasp-board mailing list