[Owasp-board] FW: SANS and OWASP partnership?

Sebastien Deleersnyder Sebastien.Deleersnyder at telindus.be
Thu Dec 27 16:25:47 UTC 2007


Jeff, all,

As I (re)ignited this thread:

The SANS 'contacts' I have in Belgium are indeed more focused on network
security.

What I do see is that www.secappdev.org is hosting the SANS GSSP exam,
but Johan (organizer) has mixed feelings on this as well. There are only
2 a 3 subcribers for that exam until now: I'll keep an eye on that.

I agree that any 'partnering' should focus on sw development
conferences. 
We want to do the same in Belgium with Microsoft and JavaPolis events
(we even did an OWASP gig at the latter).
OWASP FR is doing an OWASP presentation together with Mark at the
Microsoft tech days in February.

We should kick the (chapter) leaders to identify similar events in their
region an provide them with a slide deck (based on what was already
provided by Jeff towards Seb in France).
If ok for you I'll initiate that next week.

Regards

Seba


-----Original Message-----
From: owasp-board-bounces at lists.owasp.org
[mailto:owasp-board-bounces at lists.owasp.org] On Behalf Of Jeff Williams
Sent: 27 December 2007 16:13
To: 'Dinis Cruz'
Cc: owasp-board at lists.owasp.org
Subject: Re: [Owasp-board] FW: SANS and OWASP partnership?

I don't think SANS will go for this model.

And who are we trying to reach by partnering with SANS?  Network
security
people?  We need to be reaching out to developers.  I think partnering
with
the software development conferences is where we should be spending our
time.  Not chasing our tail trying to explain software to non-developer
people.

--Jeff

-----Original Message-----
From: Dinis Cruz [mailto:dinis at ddplus.net] 
Sent: Wednesday, December 26, 2007 12:01 PM
To: jeff.williams at owasp.org
Cc: owasp-board at lists.owasp.org
Subject: Re: [Owasp-board] FW: SANS and OWASP partnership?

I agree with Jeff''s comment with SANS for profit motives, and that
they don't really 'care' about security the way we do.

That said, SANS do have a huge market penetration and I agree that
this would be a good opportunity to expose OWASP to people who
otherwise would not be expose to it.

Here are some points on moving this forward:

- In order to make sure that OWASP 'message' is not diluted or
modified by SANS we need to have some OWASP heavyweights there. So if
in the US this event should be in Washington DC and if in Europe in
London (since Belgium and NYC are already going to have a conference
in 08)

- We should have veto power over the event's agenda & objectives, and
make sure the end result is something we are comfortable with

- the financial arrangement should be something like 50%/50%

- we must make sure that we have time to present OWASP and how it
works (will be interesting to see how SANS will do their bit).

Bottom line, it is a good opportunity that  we should do with due care

Dinis

On 12/26/07, Jeff Williams <jeff.williams at owasp.org> wrote:
> I'm not crazy about doing anything "with" SANS. It's become clear to
me
that
> they're purely in appsec for profit, and that they don't care about
what's
> best for the world. I don't believe that they will help us.
>
> --Jeff
>
> -----Original Message-----
> From: owasp-board-bounces at lists.owasp.org
> [mailto:owasp-board-bounces at lists.owasp.org] On Behalf Of Dave Wichers
> Sent: Saturday, December 22, 2007 9:05 AM
> To: owasp-board at lists.owasp.org
> Cc: Michelle Thompson
> Subject: Re: [Owasp-board] FW: SANS and OWASP partnership?
>
> Thanks for the reminder. I think we should explore doing something
with
them
> too. I have existing personal contacts with Allan Pallar and Mason
Brown
so
> I'll start a dialog with them in Jan and I'll get Alison involved to
help
> organize something.
>
> Thanks, Dave
>
> -----Original Message-----
> From: owasp-board-bounces at lists.owasp.org
> [mailto:owasp-board-bounces at lists.owasp.org] On Behalf Of Sebastien
> Deleersnyder
> Sent: Saturday, December 22, 2007 12:50 AM
> To: owasp-board at lists.owasp.org
> Subject: Re: [Owasp-board] FW: SANS and OWASP partnership?
>
> Board,
>
> Any thoughts on the question below?
> I am pro doing something together with SANS. They have a good
reputation
in
> Belgium.
>
> Regards
>
> Seba
>
> -----Original Message-----
> From: owasp-board-bounces at lists.owasp.org
> [mailto:owasp-board-bounces at lists.owasp.org] On Behalf Of Michelle
Thompson
> Sent: donderdag 6 december 2007 21:08
> To: owasp-board at lists.owasp.org; Alison McNamee
> Subject: [Owasp-board] FW: SANS and OWASP partnership?
>
> Hi Everyone,
>
> While I was at the San Jose OWASP conference I was approached with the
> possible idea of a partnership between SANS & OWASP to sponsor some
kind
> of event together (a one-day summit, conference, etc.) I think it
might
> be a great opportunity to spread the OWASP message to a larger group
of
> individuals.  I just wanted to get your thoughts on the idea and see
if
> you would like to sponsor an event together.  Information about a
> possible sponsorship is below.
>
> Thanks,
> Michelle Thompson
>
> -----Original Message-----
> From: Stephen Northcutt [mailto:stephen at sans.edu]
> Sent: Friday, November 16, 2007 2:03 PM
> To: 'Fuller, Kevin R.'; allanpaller at sans.org; 'Stephen Northcutt';
> 'Mason Brown'
> Cc: Michelle Thompson
> Subject: RE: SANS and OWASP partnership?
>
> Aloha Michelle,
>
> In no way speaking for Alan and Mason, but from my perspective, SANS
is
> all
> about community. We have no interest or goal to take anything *away*
> from
> OWASP, but rather to look for opportunities for synergy, to take the
> strengths of both organizations and make something that benefits both
> organizations. I know Mason has had numerous conversations with
Aspect,
> so I
> doubt I am plowing new ground, but perchance if a new idea or concept
> can
> come out of this discussion, then life is very good indeed.
>
> Thank you! S.
>
> Stephen Northcutt, President
> The SANS Technology Institute (www.sans.edu)
> 808.823.1375
> Cyber Defense Initiative - Washington DC; 17 courses, Dec 11- 18
> http://www.sans.org/info/15821
>
> SANS Security 2008 - New Orleans, LA; 21 courses, Jan 11-19
> http://www.sans.org/info/15826
>
> "'No manager left behind' shows through!" Oscar Peterson, Nokia
>
>
> -----Original Message-----
> From: Fuller, Kevin R. [mailto:KFuller at DMV.CA.gov]
> Sent: Friday, November 16, 2007 1:08 PM
> To: allanpaller at sans.org; Stephen Northcutt; Mason Brown
> Subject: SANS and OWASP partnership?
>
> All,
>
> I just got back from the OWASP conference in San Jose.  I volunteered
> (The only way to go financially and socially!)and got to talk with
staff
> and board members.  In a conversation with their conference
coordinator
> (Their version of Carol Calhoun since their conference format is
similar
> to the Summit Series). I asked if they had ever considered approaching
> SANS about partnering with SANS for a conference.  I explained that
SANS
> is focusing more and more on software security.  She said that they
had
> not but that it might be a good idea since they are focused with
getting
> the word out about software security.
>
> I can see a win-win situation if you two were to partner.
>
> SANS would gain more exposure to the developer community: OWASP is a
> known entity and their audience appears to be primarily developers and
> web application security specialists.  From my experience with SANS
> their audience is a cross section of security industry primarily from
> the OS /infrastructure arena and not so much from the development
> community. It would also dovetail nicely on the current initiatives
that
> SANS is promoting in software security.
>
> OWASP would benefit from being associated with SANS and would be able
to
> reach a greater audience of security professionals beyond the
> development community. They would also expose that audience to their
> many tools and programs they have for helping improve software
security.
> One tool I found particularly interesting was their Enterprise
Security
> API.  It appeared to be useful in securing many known and unknown
> security type application functions as a transparent layer in the web
> application when used (more to come).
>
> Anyways, below is the information on their conference coordinator.  In
> her real job she works directly for two of the board members and has
> their ear on a daily basis. Or, if you would prefer to allow me to
> forward a staff email address to her she can initiate the contact and
> inquiry.
>
> Michelle Thompson
> 913-526-5254 wk
> michelle.thompson at aspectsecurity.com
>
> Kevin Fuller
> CCNP, GSNA, GCIA,GSEC, GWAS, GREM
> ISD/System Test, DMV
>
>
> _______________________________________________
> Owasp-board mailing list
> Owasp-board at lists.owasp.org
> https://lists.owasp.org/mailman/listinfo/owasp-board
>
>
>
> --
> No virus found in this incoming message.
> Checked by AVG Free Edition.
> Version: 7.5.503 / Virus Database: 269.16.15/1173 - Release Date:
5/12/2007
> 21:29
>
>
> _______________________________________________
> Owasp-board mailing list
> Owasp-board at lists.owasp.org
> https://lists.owasp.org/mailman/listinfo/owasp-board
>
>
> _______________________________________________
> Owasp-board mailing list
> Owasp-board at lists.owasp.org
> https://lists.owasp.org/mailman/listinfo/owasp-board
>
>
> _______________________________________________
> Owasp-board mailing list
> Owasp-board at lists.owasp.org
> https://lists.owasp.org/mailman/listinfo/owasp-board
>


_______________________________________________
Owasp-board mailing list
Owasp-board at lists.owasp.org
https://lists.owasp.org/mailman/listinfo/owasp-board



More information about the Owasp-board mailing list